![首頁 Logo Keith ]p !!](/themes/mytheme/logo.png){kind=logo}
最後更新: 2024-08-07
目錄
常用 Service
Web Application Firewall (WAF)
CDN # 相當於 AWS 的 Cloudfront
Server Load Balancer (SLB) # 相當於 AWS 的 ALB
Elastic Compute Service (ECS) # 相當於 AWS 的 EC2
Object Storage Service (OSS) # 相當於 AWS 的 S3
SSL Certificates Service # 相當於 AWS 的 AWS Certificate Manager (ACM)
RDS DB
- ApsaraDB (有分 MySQL, PostgreSQL 及 SQL Server 版)
- PolarDB (有分 MySQL, PostgreSQL 及 PolarDB 版)
EIP
# 2024-08@HK
Line types
- BGP (Multi-ISP) EIPs
-
BGP (Multi-ISP) Pro EIPs
optimize data transmission to mainland China (lower latency)
Billable items
-
Internet data transfer fees
- Bandwidth fee + Data transfer fee(USD$0.153/GB)
Bandwidth: 1 Mbit/s ≤ Maximum bandwidth value ≤ 5 Mbit/s
Unit price X Usage duration X Maximum bandwidth
Unit price = USD$0.14 (USD/day per Mbit/s)
Maximum bandwidth value > 5 Mbit/s
...
HK: USD$0.5
EIP configuration fee
- USD$0.009/hr
EIP association fee
- 每次計 USD $0.149
Server Load Balancer (SLB)
收費
不足1小時,按1小時收費
- 基礎版 USD$ 0.007
- 標準版 USD$ 0.021
- WAF增強版 USD$ 0.035
Serverless
收費計算單位: RCUs (RDS Capacity Units)
1 RCU = 1C,2G
The number of RCUs ranges from 0.5 to 32 and can be adjusted in increments of 0.5.
The minimum storage capacity of a serverless RDS instance is 20 GB.
ApsaraDB for MySQL
AliSQL是RDS MySQL的内核 (開源版已經沒有維護了)
MySQL 8.0 不再支援 MyISAM
收費方式
- Pay-as-you-go
- Subscription
- Serverless
There are three RDS editions:
- Basic (Instance 1)
- High-availability (Instance 2) [different zones]
- Cluster (Instance 3) [Readable secondary instances]
High-availability vs Cluster Edition
- Cluster Edition: 有 3 instance
- HA: The secondary instance cannot be connected
- HA Edition 比 Cluster Edition 貴許多 !!
* Primary/secondary architecture
- Local disaster recovery: different zones
-
Remote disaster recovery: real-time data synchronization by DTS
(DTS = Alibaba Cloud Data Transmission Service)
* Automatic scaling
- memory
- storage capacity
Storage types
- Enterprise SSD (ESSD) # PL1, PL2, PL3
- General ESSD # 支援 I/O burst & Data archiving(OSS) (它們要額外收費)
- Local SSD
ESSD 好處
- Separate computing from storage
- Provides snapshot backups
開機後使用量 Storage Capacity
- 2.28G Used (10G in Total)
Backup
- Free of Backup Usage: 20 G
下載備份
- 下載的備份資料無法直接用於恢復到RDS實例
- 外網下載:免費額度為500 GB/月/實例
Update Engine Version(AliSQL)
- 要 5 分鐘
Public Access(Endpoint)
Apply for a public endpoint
Basic Information > Network Type > VPC View Details
Endpoint 支有 url, 可以修改 (?..mysql.rds.aliyuncs.com)
- Internal Endpoint
- Public Endpoint
Whitelist
- whitelist requires about 1 minute to take effect.
If you add the entry 127.0.0.1 to the whitelist,
no IP addresses are allowed to access the instance.
YiTian(倚天版)
ARM 架構
暫停
操作列 > 更多 > 暫停待用
實例的儲存空間,備份等資源仍然正常收費 (計算資源將被釋放)
原有內外網連接地址將會保留, 當再次啟動實例時, 仍可使用
實例暫停時長上限為15天,如果15天後您仍未啟動實例,實例將自動啟動,以便進行必要的維護。
如需長期暫停,可使用Serverless實例,設定自動暫停功能,暫停後無連接可長期暫停。
要求
- 實例為主實例,且實例下沒有唯讀實例。
- 實例沒有開啟資料庫代理。
限制
- 不支援在控制台手動暫停或呼叫API介面暫停Serverless實例。
備份
- 暫停期間不會備份, 最新的一個全量備份不過期,
- 但其他備份資料(包含全量及增量備份)超過保留天數後仍會過期。
DB Settings
sync_binlog=1000, innodb_flush_log_at_trx_commit=2, async
sync_binlog=1, innodb_flush_log_at_trx_commit=1, semi-sync
RDS Serverless
按秒計費的資源彈性能力
RDS MySQL Serverless 實例不採用固定規格,
實例的計算資源會在您指定的範圍內根據業務負載自動彈性伸縮,
儲存資源也根據資料量自動擴容
RCU: 0.5 ~ 32
1個RCU約等於2GB記憶體及對應CPU(當前為1核2GB記憶體)
自動啟停
如果實例在10分鐘內無連接,實例自動暫停。
有任何連接請求時,實例自動啟動。(啟動過程約6~40秒)
實例停止期間僅收取儲存費用,不收取計算費用。
RCU升降要多久?
RCU升降通常即時完成, 少數情況下需要跨機遷移(2~5分鐘)
升降觸發條件是什麼?
CPU / RAM Usage (觸發條件: 60%~80%)
強制執行 ?
強制執行RCU彈性擴縮容,保障資料庫性能.
實例可能發生切換,請確保客戶端應用具備重連機制
* 實例是叢集系列,高可用系列時,會發生主備切換,導致不超過30秒的服務不可用
* 當實例發生故障時, 切換時間可能會延長
PolarDB for MySQL
Summary
* 佢最小行2 Instance
Edition
- Cluster Edition (0 to 15 read-only nodes)
- Multi-master Cluster
Cluster Edition
ECS ECS
| |
PolarProxy(R/W Splitter)
| |
DB(RW) / DB(R)
| |
RDMA
|
PolarStore(Parallel-Raft protocol)特性
* fully compatible with MySQL and PostgreSQL
* maximum of 16 nodes to each PolarDB cluster
- 1 primary node and 1 to 15 read-only nodes
* All compute nodes share the same physical storage
- read-only nodes 不用額外的 Storage 收費
- active-active failover(fault recovery within seconds)
- automatically scaled based on the data volume
* Read/write splitting is a transparent.
CDN
https://cdn.console.aliyun.com/
Pricing
0GB - 50TB (inclusive) # per GB
- CN: $0.04
- Asia 1: $0.081
Asia-Pacific 1:
- China(Hong Kong),
- Japan,
- China (Taiwan),
- China(Macau),
- Southeast Asia Countries (excluding Vietnam and Indonesia)
Asia-Pacific 2:
- India
- Indonesia
- Korea
- Vietnam
Billing Cycle
Pay by traffic will be charged hourly ( 2-3 hours delay ).
Note:
To avoid causing a loss to users due to abnormal and malicious traffic,
the upper bandwidth limit for Pay-By-Traffic is set to 10 Gbps by default.
HTTPS requests
0.008 Price (USD/10 thousand times)
ICP number
當 Region 是 "Chinese Mainland Only" 時係要申請 ICP
Global 是不用 ICP 登記
SSL Certificate Algorithm
- Internationally Accepted Algorithm
- SM2 Algorithm <- 国密(SM2)标准. 2016年,成为中国国家密码标准
QUIC
- Static QUIC requests # for static content are made
- Dynamic QUIC requests # for dynamic content are made
* 它們有額外收費
http redirect to https
Alibaba Cloud CDN console > Domain Names > Actions(Manage)
> HTTPS > URL Redirection(Modify) > HTTP - > HTTPS
> Cache > Cache Expiration tab, click Create Rule
Caching
Specify a TTL of 0 seconds to disable caching for dynamic files, such as PHP, JSP, and ASP files.
Configure access to private OSS buckets
The first time you use this feature, you need to grant Alibaba Cloud CDN read-only permissions on all OSS buckets in your account.
By default, this feature uses temporary Security Token Service (STS) tokens to access OSS buckets.
You cannot use this feature to write or delete objects in OSS buckets by using PUT requests.
Domain Names > Origin Fetch > Alibaba Cloud OSS Private Bucket Access > Bucket in the Same Account
CDN access OSS
由 CDM 連到 OSS 會有 header
Authorization: OSS STS.XXXXXX
默認回源 HOST
- 加速域名(Default)
- 源站域名
- 自訂域名
加速域名:
會到 source.example.com 源站上的 image.example.com 的虛擬站
源站域名:
source.example.com
當源站類型為OSS域名
會到 example.oss-cn-hangzhou.aliyuncs.comOSS 域名上的 example.com 站點
如何隱藏OSS報錯資訊中的Bucket域名
默認組態下,CDN在回源請求OSS內容時,請求Header中的Host值是OSS Bucket域名
OSS在收到錯誤的請求並返回錯誤資訊時,會返回請求Header中的Host資訊。
方法: 在 OSS 配置 Domain
OSS
URL
Object Storage Service (OSS) > Buckets > YOUR_BUCKET > Overview
Access Over Internet
YOUR_BUCKET.oss-cn-hongkong.aliyuncs.com
RAM
https://ram.console.aliyun.com/overview
Full Access for a Bucket
{
"Version": "1",
"Statement": [
{
"Effect": "Allow",
"Action": "oss:*",
"Resource": [
"acs:oss:*:*:YOUR-BUCKET",
"acs:oss:*:*:YOUR-BUCKET/*"
]
}
]
}
CDN WAF(邊緣WAF)
CDN WAF 不同於 WAF, 它在 CDN 上直接執行 WAF 功能
* "基礎版"僅支援中國內地
版本
- 基礎版
- 高級版
- 企業版
WAF
WAF 3.0
https://yundun.console.aliyun.com/
mode
- cloud native mode (駁 Aliyun 的 VPC(ECS, SLB))
- CNAME record mode (駁 Public IP (SLB, ECS))
Bills
- The bills are generated on a daily basis.
- The request processing fee and the feature fee
網路架構
CDN -> WAF -> ECS、SLB、VPC、IDC
設定: "WAF前是否有七层代理(高防/CDN等)" 選 "是"
流量計費保護閾值
如果一小時內的峰值QPS小於等於流量計費保護閾值,實例不會進入沙箱,且正常出賬
測試
https://URL/alert(xss) # 返回 405
ESA(Edge Security Acceleration)
它的舊名: 全站加速(DCDN)
Dynamic Content Delivery Network
https://dcdn.console.aliyun.com/
版本
- 基础版($9.9/月)
- 标准版($375/月)
- 高级版($3600/月)
- 企业版(要問價)
基礎版
- 50GB流量/月(赠)
- 61条规则数
- 5条WAF规则
接入方式
- CNAME
- NS
