Skip to content

Latest commit

 

History

History
213 lines (175 loc) · 8.49 KB

customDomains.md

File metadata and controls

213 lines (175 loc) · 8.49 KB
Raw
title description position category
customDomains field
customDomains field
5
Yaml-Spec

customDomains field

Parameter Name Required Type Parameter Description
domainName True String Domain name, if the value is auto, the system will assign the domain name by default
protocol True String Protocol, value: HTTP, HTTP,HTTPS
routeConfigs True List<Struct> routes
certConfig False Struct Domain Certificate
certId False Number cert ID
tlsConfig False Struct TLS
wafConfig False Struct The Web Application Firewall (WAF) configuration

References:

customDomains:
  - domainName: auto
    protocol: HTTP
    wafConfig:
      enableWAF: true
    routeConfigs:
      - path: /*
        serviceName: unit-deploy-service
        functionName: event-function
        qualifier: LATEST
        rewriteConfig:
          equalRules:
            - match: /equalRules
              replacement: /xxxx
          regexRules:
            - match: ^/old/[a-z]+/
              replacement: /xxxx
          wildcardRules:
            - match: /api/*
              replacement: /$1

⚠️ Note: If the domain name is configured as auto, the system will assign a test domain name by default. This domain name is only for testing use, and its stability is not guaranteed. The Serverless Devs FC component has the right to recycle the domain name in the future. In the case of online business and production demand business, it is strongly recommended to bind your own custom domain name.

certConfig

Parameter Required Type Description
certName False String The name of the certificate.
privateKey False String The private key. The key must be in the PEM format.
certificate False String The certificate. The certificate must be in the PEM format.

routeConfigs

Parameter Required Type Description
path True String The path.
serviceName False String The name of the service.
functionName False String The name of the function.
qualifier False String The version of the service.
rewriteConfig False Struct The URI rewrite configurations

rewriteConfig

Parameter Required Type Description
equalRules False List<Struct> The exact match rules
wildcardRules False List<Struct> The wildcard match rule
regexRules False List<Struct> The regex match rule

rewriteConfigRules

Parameter Required Type Description
match True String The matching rule
replacement True String The replacement rule

Obtain the certificate content by configuring certId

If certConfig is not configured, you can use 'certId' to obtain the configuration. Will call ali cloud digital certificate management service interface access to configuration, so you need to has the authority to obtain the certificate details.

References:

customDomains:
    - domainName: test.com
      protocol: HTTP,HTTPS
      certId: 123456
      routeConfigs:
        - path: /*

Obtain the certificate by configuring certConfig

When configuring certConfig, you can obtain the certificate and privateKey in any of the following ways:

Directly fill in file content References:

customDomains:
  - domainName: test.com
    protocol: HTTP,HTTPS
    routeConfigs:
      - path: /*
    certConfig:
      certName: certName
      certificate: '-----BEGIN CERTIFICATE----\n certificate content \n----END CERTIFICATE-----'
      privateKey: '-----BEGIN RSA PRIVATE KEY----\n privateKey content \n----END RSA PRIVATE KEY-----'

Local file path References:

customDomains:
  - domainName: test.com
    protocol: HTTP,HTTPS
    routeConfigs:
      - path: /*
    certConfig:
      certName: certName
      certificate: ./localpath/certificate.pem
      privateKey: ./localpath/privateKey.pem

HTTP or HTTPS address that can be accessed directly from the public network References:

customDomains:
  - domainName: test.com
    protocol: HTTP,HTTPS
    routeConfigs:
      - path: /*
    certConfig:
      certName: certName
      certificate: https://oss.abc.com/certificate
      privateKey: http://oss.abc.com/privateKey

OSS address in the format of 'OSS ://{region}/{bucketName}/{objectName}', but the 'sub-account' must have access to the 'OSS file' References:

customDomains:
  - domainName: test.com
    protocol: HTTP,HTTPS
    routeConfigs:
      - path: /*
    certConfig:
      certName: certName
      certificate: oss://cn-hangzhou/bucketName/certificate.pem
      privateKey: oss://cn-hangzhou/bucketName/privateKey.pem

tlsConfig

Parameter Required Type Description
minVersion True String TLS Version, value: TLSv1.0TLSv1.1TLSv1.2
maxVersion False String TLS Version, value: TLSv1.0TLSv1.1TLSv1.2
cipherSuites True List<String> Cipher Suite

wafConfig

Parameter Required Type Description
enableWAF False Boolean Specifies whether to enable Web Application Firewall (WAF)

Permissions

Permissions required for a RAM user

Highest level of permissions

System Policy: AliyunFCFullAccess

Lowest level of permissions

Reasons for more service and function permissions: domainName is auto, you need to create an http function as an auxiliary function, which will be deleted after use

{
  'Statement':
    [
      {
        'Action': ['fc:DeleteService', 'fc:UpdateService', 'fc:CreateService'],
        'Effect': 'Allow',
        'Resource': 'acs:fc:<region>:<account-id>:services/*',
      },
      {
        'Action': ['fc:DeleteFunction', 'fc:CreateFunction', 'fc:UpdateFunction'],
        'Effect': 'Allow',
        'Resource': 'acs:fc:<region>:<account-id>:services/*/functions/*',
      },
      {
        'Action': ['fc:DeleteTrigger', 'fc:UpdateTrigger', 'fc:CreateTrigger'],
        'Effect': 'Allow',
        'Resource': 'acs:fc:<region>:<account-id>:services/*/functions/*/triggers/*',
      },
      { 'Action': 'ram:PassRole', 'Effect': 'Allow', 'Resource': '*' },
      {
        'Action': ['fc:GetCustomDomain', 'fc:UpdateCustomDomain', 'fc:CreateCustomDomain'],
        'Resource': 'acs:fc:<region>:<account-id>:custom-domains/*',
        'Effect': 'Allow',
      },
    ],
  'Version': '1',
}