Jump to content

Recommended Posts

Posted
On 6/10/2021 at 11:12 AM, The Old Man said:

Hi

Just a thought... Have you got your SSL/TLS encryption mode in Cloudflare on Full Strict? If so try it on Full (not Full Strict).


 

 

It was on FULL, I ultimately had to pull everything back because I could not get past the 522 issue.  Nothing I did would work. Kind of at my wits end though.

I decided to try a multiple provider approach to see if I an spread my bandwidth around.

First I tried Digital Oceans, but after some trial and error and reading up some more their API is not compatible.

Next I tried Backblaze which seemed to look promising but when I switched the storage settings over...images and thumbnails work, hower I could not upload anything to the site and trying to download files I get a

":contentdisposition is prohibited for unauthenticated requests:" error

Still brainstorming what to do next but options are getting really really limited at this point.

  • 2 weeks later...
Posted (edited)

Is anyone that's upgraded to 4.6 experiencing any issues with this setup?  My users can't seem to upload after the 4.6 update... Not sure if this is causing it or not.

nevermind... seems to have been a possible addon causing problems.

Edited by Circo
Posted (edited)
On 6/23/2021 at 3:54 PM, Circo said:

Is anyone that's upgraded to 4.6 experiencing any issues with this setup?  My users can't seem to upload after the 4.6 update... Not sure if this is causing it or not.

nevermind... seems to have been a possible addon causing problems.

Ok, so my users can no longer upload files larger than 100MB after updating to 4.6. 

I've verified with my website host, DreamHost, that my php config is fine and is setup to allow files up to 2G. Is there anything that could be on the Cloudflare or Wasabi side that I need to check that could cause this?  I have not made any changes to Cloudflare or Wasabi since setting it up and it's been working perfect.

Any suggestions?

Ahh, this appears to be chunk size related... Cloudflare limited to 100M.  I can't seem to find what controls chunk size.  Bah, just set 50M in php.ini...  Seems to be working now.

 

 

Edited by Circo
Posted
Cloudflare limits upload size (HTTP POST request size) per plan type:
  1. 100MB Free and Pro.
  2. 200MB Business.
  3. 500MB Enterprise by default (contact Customer Support to request a limit increase)
  • 3 weeks later...
Posted
12 hours ago, iamART said:

We need a updated version of all this. Does not work for 4.6 at least for those of us with a new installed forum.

The guide is still valid.  I'm guessing your problem is not being able to download the marketplace "S3 Compatible Downloads" plugin from the AdminCP.  That's because it has not been flagged for 4.6 yet even though it actually works.  

Just download it from:

Choose that you are installing version 4.4 which will let you download the file without being told to go through the AdminCP marketplace.  Once you have it downloaded, go to your AdminCP.  Install it by going to the Plugins section and choosing "Manual Installation".  

Outside of that, follow the guide as written.  

  • 2 months later...
Posted (edited)

You don't need to use Wasabi's SSL.  You don't need a custom certificate.  You should be using CLOUDFLARE to secure traffic.  it has it's own wildcard certificate that is used that will cover anything.yourdomain.com.  

The request flow should be USER -> cdn.yourdomain.com (CLOUDFLARE) -> cdn.yourdomain.com.wasabisys.com (WASABI) -> USER

Create cdn.yourdomain.com within CF's DNS interface.  It should be a CNAME pointing to cdn.youdomdomain.com.s3.wasabisys.com (or whatever CNAME you have from Wasabi).  You need to make sure the Proxied status is set to Proxy meaning the cloud is orange not grey.  

You also need to make sure your CF SSL certificate is not set to Strict mode.  Go to the SSL/TLS section.  You'll see options for "Off", "Flexible", "Full", and "Full (Strict)".  Make sure "Full" is selected and not Strict.   

Edited by Randy Calvert
Posted (edited)

@Randy Calvert 

Thanks for your reply. Apparently I didn't quite understand what the cloudflare was needed for here, I thought to protect against DDoS. 😞

The problem is that I have a Russian-language forum, and the ip addresses of the cloudflare service is being banned by a certain state structure Roskomnadzor.

Is there any other solution at the server level? Maybe another certificate like Wildcard SSL?

Edited by AlphaStar
Posted (edited)

Technically you can use any other Russian CDN in front of Wasabi and do the same thing.  It would be on that CDN provider if they're providing a SSL cert or allowing you to use Lets Encrypt, etc.  

CF was suggested and defaulted here because it's free for both the CDN as well as the certificate.  You could use any other provider you like however we obviously cannot comment on costs, availability, etc.  

Edited by Randy Calvert
Posted (edited)

Anyone know how long it takes for Wasabi to covert trail accounts to non trail. Paid for an account but still getting the "Public use of objects is not allowed by default for trial accounts" message. 

 

Edit: approx an hour 🙂

Edited by flashpoint
Posted

Bucket policy to only allow cloudflare IPs if anyone is interested:

 

{
  "Id": "S3PolicyId1",
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "AllowRead",
      "Effect": "Allow",
      "Principal": {
        "AWS": "*"
      },
      "Action": "s3:GetObject",
      "Resource": [
        "arn:aws:s3:::bucket-name",
        "arn:aws:s3:::bucket-name/*"
      ]
    },
    {
      "Sid": "IPBasedNarrowFurther",
      "Effect": "Deny",
      "Principal": {
        "AWS": "*"
      },
      "Action": "s3:GetObject",
      "Resource": [
        "arn:aws:s3:::bucket-name",
        "arn:aws:s3:::bucket-name/*"
      ],
      "Condition": {
        "NotIpAddress": {
          "aws:SourceIp": [
            "173.245.48.0/20",
            "103.21.244.0/22",
            "103.22.200.0/22",
            "103.31.4.0/22",
            "141.101.64.0/18",
            "108.162.192.0/18",
            "190.93.240.0/20",
            "188.114.96.0/20",
            "197.234.240.0/22",
            "198.41.128.0/17",
            "162.158.0.0/15",
            "104.16.0.0/13",
            "104.24.0.0/14",
            "172.64.0.0/13",
            "131.0.72.0/22",
            "2400:cb00::/32",
            "2606:4700::/32",
            "2803:f800::/32",
            "2405:b500::/32",
            "2405:8100::/32",
            "2a06:98c0::/29",
            "2c0f:f248::/32"
          ]
        }
      }
    }
  ]
}

 

  • 2 months later...
Posted

Who has a problem after the update?
Instead of files, docs downloads xml with an error:


<Error>
<Code> SignatureDoesNotMatch </Code>
<Message>
The request signature we calculated does not match the signature you provided. Check your key and signing method.
</Message> 

🙏

Posted

No problems for me. It looks like a bucket permission or credential problem from Google searching. 

Have you checked your config to make sure your credentials did not get goofed in your upgrade?  You might just make a new Wasabi API credential and use it to make sure it’s not a problem with the account itself. 

Posted

@Randy Calvert

Yes, I checked the settings, everything is the same as it was.

I don’t understand, but what does Google have to do with it? 🙃

Maybe this plugin is not compatible with version 4.6.9? Or do you also have the latest version of IPS and everything is ok?

 

Posted (edited)

Yes. I’m using the latest stable version.  No problems on 4.6.9. So it’s not that. 

There would be a lot more people posting in this thread if it was a version compatibility issue. 🙂

Edited by Randy Calvert
  • 11 months later...
Posted
On 12/28/2021 at 7:18 PM, Randy Calvert said:

Yes. I’m using the latest stable version.  No problems on 4.6.9. So it’s not that. 

There would be a lot more people posting in this thread if it was a version compatibility issue. 🙂

Hey Randy, does this guide still works well with latest IPS and php 8?! Thanks!!!!!!

  • 2 weeks later...
  • 4 weeks later...
Posted (edited)

Followed the tutorial exactly and get:

There appears to be a problem with your Amazon (cdn.throneofgeeks.com) file storage settings which can cause problems with uploads.
A connection could not be established to the Amazon S3 server. Update your settings and then check and see if the problem has been resolved

Do I require to add a credit card and pay just to see if it works?

I also have my DNS through cloudflare and not my web host.

Edited by Sirmadsen
Posted (edited)

Per the first post...

Quote

GUIDE:

BEFORE PROCEEDING, PLEASE BACKUP YOUR DATA FIRST! 

YOUR FILES WILL BE IN PRIVATE MODE AND WILL NOT BE ACCESSIBLE ON YOUR FORUM !

YOU MUST GET A PAID PLAN TO BE ABLE TO ACTIVATE THE INVISION FILE PERMISSIONS AND GET YOUR FILES ACCESSIBLE AT YOUR FORUMS.

JUST ADD YOUR CREDIT CARD NOW (AT YOUR PROFILE PAGE) AND THEY WILL CHARGE YOU 5,99$ FOR A MONTH FOR 1TB STORAGE AND UNLIMITED BANDWIDTH.

THE FREE TRIAL WILL NOT WORK FOR INVISION !

Once you have a paid account, you'll have to wait a short while for it to sync and realize your account is paid.  I would suggest waiting an hour after you activate it at least.  

Edited by Randy Calvert
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...