Jump to content

Community Guide on Setting Up Wasabi and CloudFlare

ASTRAPI
 Share

Recommended Posts

  • Replies 166
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Popular Posts

ASTRAPI
ASTRAPI

Hello (This is a community guide on how to setup Wasabi and Cloudflare, as a significantly cheaper replacement for Amazon S3 and Cloudfront.  The author has no affiliate arrangement with any of t

Joel R
Joel R

@ASTRAPI is helping me move my community over to Wasabi and Cloudflare.   For any Invision Communities who are currently using Amazon S3, then you may want to seriously investigate the pricing fo

Joel R
Joel R

One of the biggest reasons for switching from AWS S3 to Wasabi is that you can use Cloudflare.  Even if you don't have a need for third party storage like Amazon S3 or an S3 compatible storage, y

Posted Images

yevlem Rookie

yevlem

Posted
Posted

Hi there,

Many thanks for the instruction. I've followed it, made a paid account with Wasabi, registered at Cloudlfare, created  CNAME as CDN =  cdn.MYSITE.com.s3.eu-central-1.wasabisys.com , changed the nameservers to Cloudflare, created a bucket at wasabi, and changed the storage at my ACP accordingly. 

The files started to move, but now in the forum messages, instead of the images I see only the respective file names and 'broken' image placeholders.  The URI for such files are something like: http://cdn.MYSITE.com/monthly_2019_06/IMG_20190618_002554.jpg.ea838a4773e99a2e7ff2a6e62a178a5c.jpg  (Though I configured the own URL in ACP s3 service configuration as https://cdn.MYSITE.com).
What may be wrong?
Many thanks in advance!
 

Link to comment
Share on other sites
yevlem Rookie

yevlem

Posted
Posted
11 minutes ago, Martin A. said:

@yevlem Could it be that your DNS changes haven't propagated yet? It may take a while for a nameserver change to be picked up by the various DNS servers around the net. Most take up to 24 hours.

If you visit https://cdn.mysite.com, are you getting something?

Thank you for a fast reply!

When I hit that, I get something like (After Denied the code is changing every time. It happens both for https and http
AccessDeniedAccess Denied13946A62C4FCCC7ECClSDaHMK805dyaAgFQgwtBYASpftGxP4WT4aZm7567zPmb1t2s2gHNr+KFedc1oOOP7ozXTjwC4

 

Link to comment
Share on other sites
yevlem Rookie

yevlem

Posted
Posted

Dear friends,thank you!

I made a bucket public by toggling the switch.  Later I also added an explicit policy to the bucket, such as

"Version": "2012-10-17", 
"Statement": [ 

"Sid": "AllowPublicRead", 
"Effect": "Allow", 
"Principal": { 
"AWS": "*" 
}, 
"Action": "s3:GetObject", 
"Resource": "arn:aws:s3:::CDN.MYSITE.COM/*" 


}

and it worked now!   Not sure if is a coincidence or a real requirement....
SO grateful to you all!
 

Do you know if change of the STORAGE at ACP copies the files from the previous location or MOVES them?

Link to comment
Share on other sites
ASTRAPI Proficient

ASTRAPI

Posted
  • Author
Posted (edited)

My topic just updated with more details and screenshots....

I just test everything again and all working great on my test server 🙂

If you have any problems please check again my topic...

Edited by ASTRAPI
Link to comment
Share on other sites
ASTRAPI Proficient

ASTRAPI

Posted
  • Author
Posted

I just updated my topic again as i did a new test and there is no need to make your bucket public !

When you are in Trial mode Wasabi set a Private mode for files so they are not accessible at your forum.....

When you pay for a plan by adding your card at your profile page (transaction must be done 100%) then the Wasabi release the Private mode and uses the Invision file permissions that is set to read and files are working !

Using that way directory/files listing also are not working so all seems good 🙂

If i have any related info i will post here again 🙂

Thank you

Link to comment
Share on other sites
The Old Man Grand Master

The Old Man

Posted
Posted (edited)
On 6/14/2019 at 6:50 PM, Joel R said:

One of the biggest reasons for switching from AWS S3 to Wasabi is that you can use Cloudflare. 

Interesting, what type of issue did you have? I've been using AWS S3 with Cloudflare using Full Strict mode without any problems. I use it for Theme files too, taking 1000's of Requests off my server every hour and bringing the Theme files closer to my international visitors.

Re the brief discussion on Public access to files (Astrapi addressed this in his excellent guide)

In general it's a really bad idea to make your files public on S3, I'd definitely recommend keeping them private whilst permitting/restricting access via IAM permission policies and API Keys.

Amazon have really increased awareness of this when you look at the s3 bucket configuration console, but in there documentation there are still outdated references to be found stating you have to make bucket content public when actually you don't and shouldn't. It's true that 99% of your stored content is going to be everyday pictures of cute cats and hot cars etc but it makes sense to also consider the impact, cost and repercussions of someone directly accessing say, a list of passwords and authentication details shared between staff, or photos uploaded to private gallery albums containing EXIF gps coordinates identifying where a photo was taken. 

If you keep your files and bucket restricted with no public access, you help reduce and mitigate risk. Some quick examples here would be:

  • you don't have to be as concerned about potential security issues (confidential documents or images uploaded as attachments in price forums or PMs, for example),
  • you help maintain higher GDPR compliance (both with the principles of the GDPR and Data Protection legislation and in terms of complying with your site's published GDPR policy), 
  • and you help negate the risk of people or bots finding and publishing direct URLs to your content and therefore being able to bypass your CDN entirely which poses an escalated risk of higher monthly S3/CDN usage costs, potential for DDoS attacks from a financial attack vector rather than aimed at taking down your site etc.

Wasabi, don't get me wrong and I have nothing against it and haven't yet used it myself, is attractive price-wise, but its cost saving is relevant to your individual usage case. S3 is already very low cost, especially if you front it with a CDN like Cloudfront, Cloudflare or both, so 80% of little becomes quite little. Unless you are storing and accessing massive amounts of data, the difference in cost against AWS S3 could be almost negligible for the average IPS community, a few cents or maybe a dollar or two. 

Plus when you start looking at Wasabi's documentation, it becomes apparent that there are some services and functionality that they don't provide or that are planned for a future date. If you a bit of a performance nut enthusiast like me and want to attain increased or 100% Pagespeed ratings, some of those services may become more relevant and necessary to you. For example, if you are going to self host webfonts like Google Fonts, Icomoon and Font Awesome to get to that 100% rating, or you (hopefully) have a good Content Security Policy set up, your are definitely going to need CORS headers.

https://wasabi-support.zendesk.com/hc/en-us/articles/360006985652-How-do-I-use-CORS-and-custom-domains-with-Wasabi-

Again, I'm not intending to distract or diminish Wasabi, just highlighting that there are possibly additional considerations for some IPS communities more than others and that AWS have lots of extra tools, bells and whistles.

Edited by The Old Man
Link to comment
Share on other sites
Joy Rex Rising Star

Joy Rex

Posted
Posted
On 6/14/2019 at 12:50 PM, Joel R said:

One of the biggest reasons for switching from AWS S3 to Wasabi is that you can use Cloudflare. 

Even if you don't have a need for third party storage like Amazon S3 or an S3 compatible storage, you should be investigating Cloudflare anyways with your server admin.  

Are you using the Free tier of CloudFlare, or are you on one of their paid plans? I guess they wouldn't consider a website that brings in money to support itself as a "personal" website...

Link to comment
Share on other sites
Joel R Mentor

Joel R

Posted
Posted
3 hours ago, Joy Rex said:

Are you using the Free tier of CloudFlare, or are you on one of their paid plans? I guess they wouldn't consider a website that brings in money to support itself as a "personal" website...

I'm staying with free tier right now until I can verify the ongoing pricing of Wasabi + Cloudflare for a month.  

I'm definitely considering the Cloudflare business plan though with their additional features.  

Link to comment
Share on other sites
Morgin Rising Star

Morgin

Posted
Posted
On 6/20/2019 at 12:44 PM, Joel R said:

I'm staying with free tier right now until I can verify the ongoing pricing of Wasabi + Cloudflare for a month.  

I'm definitely considering the Cloudflare business plan though with their additional features.  

I can +1 the cloudflare business. They seem like a really positive company too. 

Link to comment
Share on other sites
Joel R Mentor

Joel R

Posted
Posted

As an update to this topic:

  • If you are changing your CDN URL (and you most likely are, since one of the biggest benefits is to switch away from a paid service like Amazon Cloudfront and move to free Cloudflare), you may need to revert "attachImages" template.  Mine contained the prior CDN URL hardcoded into the template; reverting it will update the URL.  
  • I still haven't passed one full billing cycle, but I'm projected to lower my storage + cdn costs from $92/ mo to $6 / mo.  For reference purposes, my community contains 400 GB of storage and 1400 GB / mo of bandwidth.  

   

Link to comment
Share on other sites
Joy Rex Rising Star

Joy Rex

Posted
Posted
On 6/20/2019 at 1:44 PM, Joel R said:

I'm staying with free tier right now until I can verify the ongoing pricing of Wasabi + Cloudflare for a month.  

I'm definitely considering the Cloudflare business plan though with their additional features.  

I'm on CloudFlare Free now - I don't see anywhere in IPS to change my CDN info as to where the files should be served from, and do you have to load up the files to CloudFlare for it to work?

Specifically I am talking about the CSS/JS includes, not media files like in Downloads

Link to comment
Share on other sites
Joel R Mentor

Joel R

Posted
Posted
5 minutes ago, Joy Rex said:

I'm on CloudFlare Free now - I don't see anywhere in IPS to change my CDN info as to where the files should be served from, and do you have to load up the files to CloudFlare for it to work?

You just need to activate Cloudflare for your website.  

Link to comment
Share on other sites
ASTRAPI Proficient

ASTRAPI

Posted
  • Author
Posted (edited)

Please check my topic Post #1 as all info are there...

If you are checking just Cloudflare then yes the Cloudflare when is active it will check the requests by the users and will cache your static files like images.

Then it will push the images on there huge network around the world and when another user will request an image that is already on Cloudflare he will take it super fast from the closet to him datacenter and not from your server....

 

Edited by ASTRAPI
Link to comment
Share on other sites
Joy Rex Rising Star

Joy Rex

Posted
Posted
20 hours ago, ASTRAPI said:

Please check my topic Post #1 as all info are there...

If you are checking just Cloudflare then yes the Cloudflare when is active it will check the requests by the users and will cache your static files like images.

Then it will push the images on there huge network around the world and when another user will request an image that is already on Cloudflare he will take it super fast from the closet to him database and not from your server....

 

Makes sense - thank you for clarifying!

Link to comment
Share on other sites
  • 1 month later...
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.

  • Upcoming Events

    No upcoming events found
Invision Community © 2024 IPS, Inc.
×
×
  • Create New...