thetrials Posted December 24, 2017 Posted December 24, 2017 Just set it up for my server. I have files going to s3 with the cloud front URL. I still have cloudflare up and running too. Trying to decide if that’s even necessary. I still have my cname records pointing at cloudflare, and the custom url setting for the storage files pointing to cloud front. Just hate how the url isn’t my site and is a cloudfront url. Seems like I’d need to point my cname to cloudfront to adjust the url? Looking for feedback and thought. Happy holidays!
thetrials Posted December 25, 2017 Posted December 25, 2017 So an update. Figured out how to do a cname for my site so now url shows as files.xxxx.com. Looks like all is good to go now and still have cloudflare in the mix as well.
ProSkill Posted January 2, 2018 Posted January 2, 2018 (edited) On 12/24/2017 at 9:10 PM, thetrials said: So an update. Figured out how to do a cname for my site so now url shows as files.xxxx.com. Looks like all is good to go now and still have cloudflare in the mix as well. Did you find a guide for this? I setup S3 for images and it was costing me between $400 - $500 per month (My VPS is only $250 per month) and it was slower than having them hosted locally. I use CloudFlare as well but i couldn't figure out how to use CloudFront for S3 files only. Edited January 2, 2018 by ProSkill
AlexWright Posted January 2, 2018 Author Posted January 2, 2018 Just now, ProSkill said: Did you find a guide for this? I setup S3 for my images and was costing me between $400 - $500 per month and it was slower than having them hosted locally. I use CloudFlare as well but i couldn't figure out how to use CloudFront for S3 files only. From what I remember, you need to use "create new distribution" on CloudFlare. Link that to your S3 bucket using the built in methods (I remember it being fairly easy), I left most other things default. Create the distribution and it gives you a Url (you can cname a subdomain to this, but I can't get this to display as SSL yet), plug that URL into your S3 storage method on your IPS site, and done. I'm mobile and in vacation, all I can offer at the moment.
ASTRAPI Posted January 2, 2018 Posted January 2, 2018 You may need to check this: https://aws.amazon.com/getting-started/tutorials/deliver-content-faster/ AlexWright 1
thetrials Posted January 5, 2018 Posted January 5, 2018 On 1/1/2018 at 10:50 PM, Lord Nowe said: From what I remember, you need to use "create new distribution" on CloudFlare. Link that to your S3 bucket using the built in methods (I remember it being fairly easy), I left most other things default. Create the distribution and it gives you a Url (you can cname a subdomain to this, but I can't get this to display as SSL yet), plug that URL into your S3 storage method on your IPS site, and done. I'm mobile and in vacation, all I can offer at the moment. Yup that's similar to what I did. You set up a distribution on CloudFront pointed to S3. I then added a DNS entry for images.xxxx.com. In IPS, my endpoint still is s3.amazon.com, but at the bottom I enabled Custom URL and have the images.xxxx.com entered. Now all my images are served off of CloudFront as opposed to S3. In terms of SSL the Custom URL I'm using is https and I also set up a Custom SSL certificate in my CloudFront distribution. Once all this was set everything is now being served via CloudFront. It works pretty well. Hope this helps, I know it's simplistic, but once I understood it conceptually it was fairly easy to implement. AlexWright 1
AlexWright Posted January 6, 2018 Author Posted January 6, 2018 4 hours ago, thetrials said: Yup that's similar to what I did. You set up a distribution on CloudFront pointed to S3. I then added a DNS entry for images.xxxx.com. In IPS, my endpoint still is s3.amazon.com, but at the bottom I enabled Custom URL and have the images.xxxx.com entered. Now all my images are served off of CloudFront as opposed to S3. In terms of SSL the Custom URL I'm using is https and I also set up a Custom SSL certificate in my CloudFront distribution. Once all this was set everything is now being served via CloudFront. It works pretty well. Hope this helps, I know it's simplistic, but once I understood it conceptually it was fairly easy to implement. Yep, definitely helped. Needed the custom Certificate. thetrials 1
David.. Posted January 6, 2018 Posted January 6, 2018 I'm waiting for that video tutorial! Been wanting to give S3 & CloudFront a try!
ProSkill Posted January 8, 2018 Posted January 8, 2018 (edited) Just a forewarning, S3 can be insanely expensive depending on how much media you have. I switched over to S3 and it was costing me $400 - $500 per month in bandwidth fees alone, for comparison my VPS is only $250 per month. I've heard that CloudFront can reduce the charges, but Cloudfront has it's own fees as well. Also, it was significantly slower for me. Currently, I host everything on a dedicated server and use cloudflare and it works great. Edited January 8, 2018 by ProSkill ASTRAPI and Steph40 2
AlexWright Posted January 8, 2018 Author Posted January 8, 2018 1 hour ago, ProSkill said: Just a forewarning, S3 can be insanely expensive depending on how much media you have. I switched over to S3 and it was costing me $400 - $500 per month in bandwidth fees alone, for comparison my VPS is only $250 per month. I've heard that CloudFront can reduce the charges, but Cloudfront has it's own fees as well. Also, it was significantly slower for me. Currently, I host everything on a dedicated server and use cloudflare and it works great. Yeah, that'll probably be true. However, I personally don't allow users to upload Videos. And the images are all compressed through Kraken. My costs last month were $1.20.
ASTRAPI Posted January 8, 2018 Posted January 8, 2018 (edited) Quote Just a forewarning, S3 can be insanely expensive depending on how much media you have. True. It is expensive !!! Quote my VPS is only $250 per month $250 for a VPS? For 250$ i can get this dedicated server: 2x Intel® Xeon® E5 2640 v4 192 GB DDR4 ECC 5x 500 GB SSD - Hardware Raid Edited January 8, 2018 by ASTRAPI prupdated and sobrenome 2
AlexWright Posted January 8, 2018 Author Posted January 8, 2018 11 minutes ago, ASTRAPI said: True. It is expensive !!! $250 for a VPS? For 250$ i can get this dedicated server: 2x Intel® Xeon® E5 2640 v4 192 GB DDR4 ECC 5x 500 GB SSD - Hardware Raid Can I ask from where, for future expansions? PM is fine.
RevengeFNF Posted January 8, 2018 Posted January 8, 2018 2 hours ago, ASTRAPI said: True. It is expensive !!! $250 for a VPS? For 250$ i can get this dedicated server: 2x Intel® Xeon® E5 2640 v4 192 GB DDR4 ECC 5x 500 GB SSD - Hardware Raid That is from Online correct? Personally, i don't like their services, and i believe there is a reason for them to be so cheap(even cheaper than OVH). prupdated 1
ASTRAPI Posted January 8, 2018 Posted January 8, 2018 As it is not allowed to post here any providers i can't point to any of them but the general point is 250$ are by far a lot for a vps.... Vps for me is maximum 20Euro and then i am going with dedicated servers.... Also there are a ton of providers Europe or US based that can provide a super dedicated server for 250$ !
ProSkill Posted January 8, 2018 Posted January 8, 2018 3 hours ago, ASTRAPI said: True. It is expensive !!! $250 for a VPS? For 250$ i can get this dedicated server: 2x Intel® Xeon® E5 2640 v4 192 GB DDR4 ECC 5x 500 GB SSD - Hardware Raid I meant dedicated server. 16 hours ago, Lord Nowe said: Yeah, that'll probably be true. However, I personally don't allow users to upload Videos. And the images are all compressed through Kraken. My costs last month were $1.20. I have about 400GB of pictures and videos. It's essentially an image based forum.
ASTRAPI Posted January 8, 2018 Posted January 8, 2018 Quote I meant dedicated server. Ok then all good
AlexWright Posted January 9, 2018 Author Posted January 9, 2018 7 hours ago, ProSkill said: I have about 400GB of pictures and videos. It's essentially an image based forum. Yeah, we don't have nearly that much yet. Probably around 50GB all said and told at the moment.
The Old Man Posted January 22, 2018 Posted January 22, 2018 Hi, I've recently set up S3 and Cloudfront. I followed the Amazon guidance recommendation and console warnings about only granting CDN access to the S3 bucket and removing the Everyone Read permission to ensure the file cant be accessed directly. I've got the CDN path in the file settings and once I got the full path correct, all works as it should. However, looking at the files that IPS moved over to the CDN, it appears every file transferred is accessible via the s3 bucket direct URL, because the Everyone grantee permission for Read is enabled. What permissions do you have enabled for your IPS buckets when using a CDN? If you're only using US and Europe endpoints, and S3 bucket direct access is disabled, does that mean visitors from say China can't view the images? Thank you. P.S. The guidance in the Help section really needs updating, best practice examples if using a CDN with S3 would be nice, and the video although out of date, is so hard to make out, even in HD quality, although listening to Charles is strangely very relaxing! He should do the shipping forecast of voice overs on History and Discovery documentaries! sobrenome 1
sobrenome Posted November 21, 2020 Posted November 21, 2020 On 1/22/2018 at 9:18 PM, The Old Man said: What permissions do you have enabled for your IPS buckets when using a CDN? Just the same permissions: I am using Cloudflare, so I set a subdomain for the bucket on Cloudflare: CNAME record name: cdn destination: cdn.YOURDOMAIN.COM.s3.sa-east-1.amazonaws.com On AWS: bucket name: cdn.YOURDOMAIN.COM On IPS: bucket: cdn.YOURDOMAIN.COM endpoint: s3.sa-east-1.amazonaws.com custom URL: //cdn.YOURDOMAIN.COM Remember to use the proper region of your bucket. I would like to know how are you dealing with data security. S3 is very reliable and do not need a backup as long there is an auto AWS replication of the data. But what if someone hacks the community AdminCP account and delete all files? Everything will be delete on S3. Anyone is using S3 replication to another AWS account to secure the data? Is there any better solution?
Stuart Silvester Posted November 21, 2020 Posted November 21, 2020 3 hours ago, sobrenome said: bucket name: cdn.YOURDOMAIN.COM You should always avoid using dots in your bucket name - https://docs.aws.amazon.com/AmazonS3/latest/dev/BucketRestrictions.html It can cause SSL certificate issues in some situations. sobrenome and The Old Man 1 1
sobrenome Posted November 21, 2020 Posted November 21, 2020 21 minutes ago, Stuart Silvester said: You should always avoid using dots in your bucket name - https://docs.aws.amazon.com/AmazonS3/latest/dev/BucketRestrictions.html It can cause SSL certificate issues in some situations. So far o good. If I do not use dots in bucket name, how could I use Cloudflare and S3?
sobrenome Posted November 21, 2020 Posted November 21, 2020 Quote For best compatibility, we recommend that you avoid using dots (.) in bucket names, except for buckets that are used only for static website hosting. If you include dots in a bucket's name, you can't use virtual-host-style addressing over HTTPS, unless you perform your own certificate validation. This is because the security certificates used for virtual hosting of buckets don't work for buckets with dots in their names. Cloudflare does the https certificate validation in the case described, right? The user’s browser will get the file from http://cdn.YOURDOMAIN.com and the ssl translation will be made by Cloudflare right? The files are pushed from s3 to cloudflare’s pops and the user will get the file from cloudflare, not from s3, right?
The Old Man Posted November 21, 2020 Posted November 21, 2020 Hi Sobrenome, My post you quoted was a few years ago. My cdn.example.com CNAME points to my Cloudfront domain, which in turn Cloudfront uses an OAI and an IAM user permission to connect back to the S3 bucket so there are no public permissions. I use the cross origin policy on the bucket so that cross origin webfonts and images work. Yes, on my main site I use the S3 Replication option to auto update a bucket in the UK, my main one being in the US. I also use Cloudflare with a Page Rule for the CDN CNAME. FYIW, I was going to add S3 Acceleration to my Afterburner plugin, but I found with IPS improving the connection with signed urls, it now works fine out the box, you just use the endpoint it tells you to use. My IPS uploads usually upload to S3 around 2.5Mbps, but with the S3 acceleration option it's around double. I have found since upgrading to 4.5 that I can't move items back to my IPS web server from S3, it goes completely boobs up. True story. sobrenome 1
sobrenome Posted November 21, 2020 Posted November 21, 2020 1 hour ago, The Old Man said: Yes, on my main site I use the S3 Replication option to auto update a bucket in the UK, my main one being in the US. And the replication bucket has a copy only rule or a sync rule? If it is sync, if a file is deleted from the main bucket it will also be deleted from the replica. I was searching for the s3 versioning behavior and I have seen that when a file is deleted with versioning turned on, the file is not actually deleted from s3, there is a "version delete note" that can be deleted to restore the file. I still have to check, in real life, what happens when an admin or member IPS account deletes a file. If it will be retain as described above or if it will be actually deleted. If the file is not actually deleted, there is already a security layer against abusive deletion by adminCP account on IPS, and the files can be restored. No need for replication, as long as S3 has multiple files along AZs. Am I right?
Recommended Posts