Alibaba Cloud — full stack for China compliance
Required for China compliance — run Chatwoot + Dify on Aliyun with ICP filing, RDS, SLB and monitoring.
Alibaba Cloud ECS / ACK 240 min
When to choose this#
- Users primarily in mainland China — latency matters
- ICP filing required
- Already in the Aliyun ecosystem
- Data must stay on-shore
Architecture#
Sizing (mid prod)#
| Resource | Spec | Monthly (annual) |
|---|---|---|
| ECS × 3 | ecs.c7.xlarge (4C8G) | ¥350 × 3 |
| RDS PG | 2C4G HA | ¥600 |
| Redis | HA 1G | ¥120 |
| SLB | on-demand | ~¥120 |
| OSS | 100GB + traffic | ~¥50 |
| Total | ~¥1990/mo |
Step 1 — ICP filing#
If you use a China ECS + public domain, ICP filing is mandatory:
- Aliyun Console → Beian → New filing
- Upload business license / ID, domain info, formal site name like “Customer Support System”
- Approval takes 15-30 days
Step 2 — networking#
aliyun vpc CreateVpc --VpcName ai-support --CidrBlock 10.0.0.0/16
aliyun ecs CreateSecurityGroup --SecurityGroupName ai-sg
# Restrict RDS to internal VPC ingress onlyStep 3 — deploy#
# On each ECS
curl -fsSL https://get.docker.com | sh
git clone https://github.com/chatwoot/chatwoot
# Edit .env, DATABASE_URL → RDS internal endpoint
docker compose -f docker-compose.production.yaml up -dStep 4 — HTTPS#
- Free DV cert via Aliyun Certificate Service
- Configure on SLB: Listener → HTTPS → select cert
- Force 80 → 443 redirect
Step 5 — monitoring#
- CloudMonitor collects ECS / RDS / Redis metrics automatically
- Alerts: CPU > 80%, memory > 85%, RDS connections > 70%
- Notify via DingTalk or SMS
Gotchas#
- ICP number must appear in site footer (linked to beian.miit.gov.cn)
- Email deliverability — Postmark / SES often spam-filter into China; prefer Aliyun DirectMail or Tencent Mail
- OSS CORS — Chatwoot attachment uploads to OSS need correct CORS config
- RDS charset must be utf8mb4 or Chinese emojis break