customDomains field

Parameter NameRequiredTypeParameter Description
domainNameTrueStringDomain name, if the value is auto, the system will assign the domain name by default
protocolTrueStringProtocol, value: HTTP, HTTP,HTTPS
routeConfigsTrueList<Struct>routes
certConfigFalseStructDomain Certificate
certIdFalseNumbercert ID
tlsConfigFalseStructTLS

References:

customDomains:
  - domainName: auto
    protocol: HTTP
    routeConfigs:
      - path: /*
        serviceName: unit-deploy-service
        functionName: event-function

⚠️ Note: If the domain name is configured as auto, the system will assign a test domain name by default. This domain name is only for testing use, and its stability is not guaranteed. The Serverless Devs FC component has the right to recycle the domain name in the future. In the case of online business and production demand business, it is strongly recommended to bind your own custom domain name.

certConfig

ParameterRequiredTypeDescription
certNameFalseStringThe name of the certificate.
privateKeyFalseStringThe private key. The key must be in the PEM format.
certificateFalseStringThe certificate. The certificate must be in the PEM format.

routeConfigs

ParameterRequiredTypeDescription
pathTrueStringThe path.
serviceNameFalseStringThe name of the service.
functionNameFalseStringThe name of the function.
qualifierFalseStringThe version of the service.

Obtain the certificate content by configuring certId

If certConfig is not configured, you can use 'certId' to obtain the configuration. Will call ali cloud digital certificate management service interface access to configuration, so you need to has the authority to obtain the certificate details.

References:

customDomains:
    - domainName: test.com
      protocol: HTTP,HTTPS
      certId: 123456
      routeConfigs:
        - path: /*

Obtain the certificate by configuring certConfig

When configuring certConfig, you can obtain the certificate and privateKey in any of the following ways:

Directly fill in file content References:

customDomains:
  - domainName: test.com
    protocol: HTTP,HTTPS
    routeConfigs:
      - path: /*
    certConfig:
      certName: certName
      certificate: '-----BEGIN CERTIFICATE----\n certificate content \n----END CERTIFICATE-----'
      privateKey: '-----BEGIN RSA PRIVATE KEY----\n privateKey content \n----END RSA PRIVATE KEY-----'

Local file path References:

customDomains:
  - domainName: test.com
    protocol: HTTP,HTTPS
    routeConfigs:
      - path: /*
    certConfig:
      certName: certName
      certificate: ./localpath/certificate.pem
      privateKey: ./localpath/privateKey.pem

HTTP or HTTPS address that can be accessed directly from the public network References:

customDomains:
  - domainName: test.com
    protocol: HTTP,HTTPS
    routeConfigs:
      - path: /*
    certConfig:
      certName: certName
      certificate: https://oss.abc.com/certificate
      privateKey: http://oss.abc.com/privateKey

OSS address in the format of 'OSS ://{region}/{bucketName}/{objectName}', but the 'sub-account' must have access to the 'OSS file' References:

customDomains:
  - domainName: test.com
    protocol: HTTP,HTTPS
    routeConfigs:
      - path: /*
    certConfig:
      certName: certName
      certificate: oss://cn-hangzhou/bucketName/certificate.pem
      privateKey: oss://cn-hangzhou/bucketName/privateKey.pem

tlsConfig

ParameterRequiredTypeDescription
---------------------------------------------------------------------------------
minVersionTrueStringTLS Version, value: TLSv1.0TLSv1.1TLSv1.2
cipherSuitesTrueList<String>Cipher Suite

Permissions

Permissions required for a RAM user

Highest level of permissions

System Policy: AliyunFCFullAccess

Lowest level of permissions

Reasons for more service and function permissions: domainName is auto, you need to create an http function as an auxiliary function, which will be deleted after use

{
  'Statement':
    [
      {
        'Action': ['fc:DeleteService', 'fc:UpdateService', 'fc:CreateService'],
        'Effect': 'Allow',
        'Resource': 'acs:fc:<region>:<account-id>:services/*',
      },
      {
        'Action': ['fc:DeleteFunction', 'fc:CreateFunction', 'fc:UpdateFunction'],
        'Effect': 'Allow',
        'Resource': 'acs:fc:<region>:<account-id>:services/*/functions/*',
      },
      {
        'Action': ['fc:DeleteTrigger', 'fc:UpdateTrigger', 'fc:CreateTrigger'],
        'Effect': 'Allow',
        'Resource': 'acs:fc:<region>:<account-id>:services/*/functions/*/triggers/*',
      },
      { 'Action': 'ram:PassRole', 'Effect': 'Allow', 'Resource': '*' },
      {
        'Action': ['fc:GetCustomDomain', 'fc:UpdateCustomDomain', 'fc:CreateCustomDomain'],
        'Resource': 'acs:fc:<region>:<account-id>:custom-domains/*',
        'Effect': 'Allow',
      },
    ],
  'Version': '1',
}
Edit this page on GitHub Updated at Wed, Sep 21, 2022