customDomains field

Parameter Name	Required	Type	Parameter Description
domainName	True	String	Domain name, if the value is auto, the system will assign the domain name by default
protocol	True	String	Protocol, value: `HTTP`, `HTTP,HTTPS`
routeConfigs	True	List<Struct>	routes
certConfig	False	Struct	Domain Certificate
certId	False	Number	cert ID
tlsConfig	False	Struct	TLS
wafConfig	False	Struct	The Web Application Firewall (WAF) configuration

References:

customDomains:
  - domainName: auto
    protocol: HTTP
    wafConfig:
      enableWAF: true
    routeConfigs:
      - path: /*
        serviceName: unit-deploy-service
        functionName: event-function
        qualifier: LATEST
        rewriteConfig:
          equalRules:
            - match: /equalRules
              replacement: /xxxx
          regexRules:
            - match: ^/old/[a-z]+/
              replacement: /xxxx
          wildcardRules:
            - match: /api/*
              replacement: /$1

⚠️ Note: If the domain name is configured as auto, the system will assign a test domain name by default. This domain name is only for testing use, and its stability is not guaranteed. The Serverless Devs FC component has the right to recycle the domain name in the future. In the case of online business and production demand business, it is strongly recommended to bind your own custom domain name.

certConfig

Parameter	Required	Type	Description
certName	False	String	The name of the certificate.
privateKey	False	String	The private key. The key must be in the PEM format.
certificate	False	String	The certificate. The certificate must be in the PEM format.

routeConfigs

Parameter	Required	Type	Description
path	True	String	The path.
serviceName	False	String	The name of the service.
functionName	False	String	The name of the function.
qualifier	False	String	The version of the service.
rewriteConfig	False	Struct	The URI rewrite configurations

rewriteConfig

Parameter	Required	Type	Description
equalRules	False	List<Struct>	The exact match rules
wildcardRules	False	List<Struct>	The wildcard match rule
regexRules	False	List<Struct>	The regex match rule

rewriteConfigRules

Parameter	Required	Type	Description
match	True	String	The matching rule
replacement	True	String	The replacement rule

Obtain the certificate content by configuring certId

If certConfig is not configured, you can use 'certId' to obtain the configuration. Will call ali cloud digital certificate management service interface access to configuration, so you need to has the authority to obtain the certificate details.

References:

customDomains:
    - domainName: test.com
      protocol: HTTP,HTTPS
      certId: 123456
      routeConfigs:
        - path: /*

Obtain the certificate by configuring certConfig

When configuring certConfig, you can obtain the certificate and privateKey in any of the following ways:

Directly fill in file content References:

customDomains:
  - domainName: test.com
    protocol: HTTP,HTTPS
    routeConfigs:
      - path: /*
    certConfig:
      certName: certName
      certificate: '-----BEGIN CERTIFICATE----\n certificate content \n----END CERTIFICATE-----'
      privateKey: '-----BEGIN RSA PRIVATE KEY----\n privateKey content \n----END RSA PRIVATE KEY-----'

Local file path References:

customDomains:
  - domainName: test.com
    protocol: HTTP,HTTPS
    routeConfigs:
      - path: /*
    certConfig:
      certName: certName
      certificate: ./localpath/certificate.pem
      privateKey: ./localpath/privateKey.pem

HTTP or HTTPS address that can be accessed directly from the public network References:

customDomains:
  - domainName: test.com
    protocol: HTTP,HTTPS
    routeConfigs:
      - path: /*
    certConfig:
      certName: certName
      certificate: https://oss.abc.com/certificate
      privateKey: http://oss.abc.com/privateKey

OSS address in the format of 'OSS ://{region}/{bucketName}/{objectName}', but the 'sub-account' must have access to the 'OSS file' References:

customDomains:
  - domainName: test.com
    protocol: HTTP,HTTPS
    routeConfigs:
      - path: /*
    certConfig:
      certName: certName
      certificate: oss://cn-hangzhou/bucketName/certificate.pem
      privateKey: oss://cn-hangzhou/bucketName/privateKey.pem

tlsConfig

Parameter	Required	Type	Description
minVersion	True	String	TLS Version, value: `TLSv1.0`、`TLSv1.1`、`TLSv1.2`
maxVersion	False	String	TLS Version, value: `TLSv1.0`、`TLSv1.1`、`TLSv1.2`
cipherSuites	True	List<String>	Cipher Suite

wafConfig

Parameter	Required	Type	Description
enableWAF	False	Boolean	Specifies whether to enable Web Application Firewall (WAF)

Permissions

Permissions required for a RAM user

Highest level of permissions

System Policy: AliyunFCFullAccess

Lowest level of permissions

Reasons for more service and function permissions: domainName is auto, you need to create an http function as an auxiliary function, which will be deleted after use

{
  'Statement':
    [
      {
        'Action': ['fc:DeleteService', 'fc:UpdateService', 'fc:CreateService'],
        'Effect': 'Allow',
        'Resource': 'acs:fc:<region>:<account-id>:services/*',
      },
      {
        'Action': ['fc:DeleteFunction', 'fc:CreateFunction', 'fc:UpdateFunction'],
        'Effect': 'Allow',
        'Resource': 'acs:fc:<region>:<account-id>:services/*/functions/*',
      },
      {
        'Action': ['fc:DeleteTrigger', 'fc:UpdateTrigger', 'fc:CreateTrigger'],
        'Effect': 'Allow',
        'Resource': 'acs:fc:<region>:<account-id>:services/*/functions/*/triggers/*',
      },
      { 'Action': 'ram:PassRole', 'Effect': 'Allow', 'Resource': '*' },
      {
        'Action': ['fc:GetCustomDomain', 'fc:UpdateCustomDomain', 'fc:CreateCustomDomain'],
        'Resource': 'acs:fc:<region>:<account-id>:custom-domains/*',
        'Effect': 'Allow',
      },
    ],
  'Version': '1',
}