Jump to content

Community Guide on Setting Up Wasabi and CloudFlare

ASTRAPI
 Share

Recommended Posts

  • Replies 166
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Popular Posts

ASTRAPI
ASTRAPI

Hello (This is a community guide on how to setup Wasabi and Cloudflare, as a significantly cheaper replacement for Amazon S3 and Cloudfront.  The author has no affiliate arrangement with any of t

Joel R
Joel R

@ASTRAPI is helping me move my community over to Wasabi and Cloudflare.   For any Invision Communities who are currently using Amazon S3, then you may want to seriously investigate the pricing fo

Joel R
Joel R

One of the biggest reasons for switching from AWS S3 to Wasabi is that you can use Cloudflare.  Even if you don't have a need for third party storage like Amazon S3 or an S3 compatible storage, y

Posted Images

HDiddy Collaborator

HDiddy

Posted
Posted
On 6/10/2021 at 11:12 AM, The Old Man said:

Hi

Just a thought... Have you got your SSL/TLS encryption mode in Cloudflare on Full Strict? If so try it on Full (not Full Strict).


 

 

It was on FULL, I ultimately had to pull everything back because I could not get past the 522 issue.  Nothing I did would work. Kind of at my wits end though.

I decided to try a multiple provider approach to see if I an spread my bandwidth around.

First I tried Digital Oceans, but after some trial and error and reading up some more their API is not compatible.

Next I tried Backblaze which seemed to look promising but when I switched the storage settings over...images and thumbnails work, hower I could not upload anything to the site and trying to download files I get a

":contentdisposition is prohibited for unauthenticated requests:" error

Still brainstorming what to do next but options are getting really really limited at this point.

Link to comment
Share on other sites
  • 2 weeks later...
Circo Community Regular

Circo

Posted
Posted (edited)

Is anyone that's upgraded to 4.6 experiencing any issues with this setup?  My users can't seem to upload after the 4.6 update... Not sure if this is causing it or not.

nevermind... seems to have been a possible addon causing problems.

Edited by Circo
Link to comment
Share on other sites
Circo Community Regular

Circo

Posted
Posted (edited)
On 6/23/2021 at 3:54 PM, Circo said:

Is anyone that's upgraded to 4.6 experiencing any issues with this setup?  My users can't seem to upload after the 4.6 update... Not sure if this is causing it or not.

nevermind... seems to have been a possible addon causing problems.

Ok, so my users can no longer upload files larger than 100MB after updating to 4.6. 

I've verified with my website host, DreamHost, that my php config is fine and is setup to allow files up to 2G. Is there anything that could be on the Cloudflare or Wasabi side that I need to check that could cause this?  I have not made any changes to Cloudflare or Wasabi since setting it up and it's been working perfect.

Any suggestions?

Ahh, this appears to be chunk size related... Cloudflare limited to 100M.  I can't seem to find what controls chunk size.  Bah, just set 50M in php.ini...  Seems to be working now.

 

 

Edited by Circo
Link to comment
Share on other sites
  • 3 weeks later...
Randy Calvert Grand Master

Randy Calvert

Posted
Posted
12 hours ago, iamART said:

We need a updated version of all this. Does not work for 4.6 at least for those of us with a new installed forum.

The guide is still valid.  I'm guessing your problem is not being able to download the marketplace "S3 Compatible Downloads" plugin from the AdminCP.  That's because it has not been flagged for 4.6 yet even though it actually works.  

Just download it from:

Choose that you are installing version 4.4 which will let you download the file without being told to go through the AdminCP marketplace.  Once you have it downloaded, go to your AdminCP.  Install it by going to the Plugins section and choosing "Manual Installation".  

Outside of that, follow the guide as written.  

Link to comment
Share on other sites
  • 2 months later...
Randy Calvert Grand Master

Randy Calvert

Posted
Posted (edited)

You don't need to use Wasabi's SSL.  You don't need a custom certificate.  You should be using CLOUDFLARE to secure traffic.  it has it's own wildcard certificate that is used that will cover anything.yourdomain.com.  

The request flow should be USER -> cdn.yourdomain.com (CLOUDFLARE) -> cdn.yourdomain.com.wasabisys.com (WASABI) -> USER

Create cdn.yourdomain.com within CF's DNS interface.  It should be a CNAME pointing to cdn.youdomdomain.com.s3.wasabisys.com (or whatever CNAME you have from Wasabi).  You need to make sure the Proxied status is set to Proxy meaning the cloud is orange not grey.  

You also need to make sure your CF SSL certificate is not set to Strict mode.  Go to the SSL/TLS section.  You'll see options for "Off", "Flexible", "Full", and "Full (Strict)".  Make sure "Full" is selected and not Strict.   

Edited by Randy Calvert
Link to comment
Share on other sites
INDIG0 Enthusiast

INDIG0

Posted
Posted (edited)

@Randy Calvert 

Thanks for your reply. Apparently I didn't quite understand what the cloudflare was needed for here, I thought to protect against DDoS. 😞

The problem is that I have a Russian-language forum, and the ip addresses of the cloudflare service is being banned by a certain state structure Roskomnadzor.

Is there any other solution at the server level? Maybe another certificate like Wildcard SSL?

Edited by AlphaStar
Link to comment
Share on other sites
Randy Calvert Grand Master

Randy Calvert

Posted
Posted (edited)

Technically you can use any other Russian CDN in front of Wasabi and do the same thing.  It would be on that CDN provider if they're providing a SSL cert or allowing you to use Lets Encrypt, etc.  

CF was suggested and defaulted here because it's free for both the CDN as well as the certificate.  You could use any other provider you like however we obviously cannot comment on costs, availability, etc.  

Edited by Randy Calvert
Link to comment
Share on other sites
flashpoint Enthusiast

flashpoint

Posted
Posted

Bucket policy to only allow cloudflare IPs if anyone is interested:

  

{
  "Id": "S3PolicyId1",
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "AllowRead",
      "Effect": "Allow",
      "Principal": {
        "AWS": "*"
      },
      "Action": "s3:GetObject",
      "Resource": [
        "arn:aws:s3:::bucket-name",
        "arn:aws:s3:::bucket-name/*"
      ]
    },
    {
      "Sid": "IPBasedNarrowFurther",
      "Effect": "Deny",
      "Principal": {
        "AWS": "*"
      },
      "Action": "s3:GetObject",
      "Resource": [
        "arn:aws:s3:::bucket-name",
        "arn:aws:s3:::bucket-name/*"
      ],
      "Condition": {
        "NotIpAddress": {
          "aws:SourceIp": [
            "173.245.48.0/20",
            "103.21.244.0/22",
            "103.22.200.0/22",
            "103.31.4.0/22",
            "141.101.64.0/18",
            "108.162.192.0/18",
            "190.93.240.0/20",
            "188.114.96.0/20",
            "197.234.240.0/22",
            "198.41.128.0/17",
            "162.158.0.0/15",
            "104.16.0.0/13",
            "104.24.0.0/14",
            "172.64.0.0/13",
            "131.0.72.0/22",
            "2400:cb00::/32",
            "2606:4700::/32",
            "2803:f800::/32",
            "2405:b500::/32",
            "2405:8100::/32",
            "2a06:98c0::/29",
            "2c0f:f248::/32"
          ]
        }
      }
    }
  ]
}

 

Link to comment
Share on other sites
  • 2 months later...
INDIG0 Enthusiast

INDIG0

Posted
Posted

Who has a problem after the update?
Instead of files, docs downloads xml with an error:


<Error>
<Code> SignatureDoesNotMatch </Code>
<Message>
The request signature we calculated does not match the signature you provided. Check your key and signing method.
</Message> 

🙏

Link to comment
Share on other sites
Randy Calvert Grand Master

Randy Calvert

Posted
Posted

No problems for me. It looks like a bucket permission or credential problem from Google searching. 

Have you checked your config to make sure your credentials did not get goofed in your upgrade?  You might just make a new Wasabi API credential and use it to make sure it’s not a problem with the account itself. 

Link to comment
Share on other sites
  • 11 months later...
SUBRTX Collaborator

SUBRTX

Posted
Posted
On 12/28/2021 at 7:18 PM, Randy Calvert said:

Yes. I’m using the latest stable version.  No problems on 4.6.9. So it’s not that. 

There would be a lot more people posting in this thread if it was a version compatibility issue. 🙂

Hey Randy, does this guide still works well with latest IPS and php 8?! Thanks!!!!!!

Link to comment
Share on other sites
  • 2 weeks later...
  • 4 weeks later...
Sirmadsen Community Regular

Sirmadsen

Posted
Posted (edited)

Followed the tutorial exactly and get: 

There appears to be a problem with your Amazon (cdn.throneofgeeks.com) file storage settings which can cause problems with uploads.
A connection could not be established to the Amazon S3 server. Update your settings and then check and see if the problem has been resolved

Do I require to add a credit card and pay just to see if it works?

I also have my DNS through cloudflare and not my web host.

Edited by Sirmadsen
Link to comment
Share on other sites
Randy Calvert Grand Master

Randy Calvert

Posted
Posted (edited)

Per the first post...

Quote

GUIDE:

BEFORE PROCEEDING, PLEASE BACKUP YOUR DATA FIRST! 

YOUR FILES WILL BE IN PRIVATE MODE AND WILL NOT BE ACCESSIBLE ON YOUR FORUM !

YOU MUST GET A PAID PLAN TO BE ABLE TO ACTIVATE THE INVISION FILE PERMISSIONS AND GET YOUR FILES ACCESSIBLE AT YOUR FORUMS.

JUST ADD YOUR CREDIT CARD NOW (AT YOUR PROFILE PAGE) AND THEY WILL CHARGE YOU 5,99$ FOR A MONTH FOR 1TB STORAGE AND UNLIMITED BANDWIDTH.

THE FREE TRIAL WILL NOT WORK FOR INVISION !

Once you have a paid account, you'll have to wait a short while for it to sync and realize your account is paid.  I would suggest waiting an hour after you activate it at least.  

Edited by Randy Calvert
Link to comment
Share on other sites
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Invision Community © 2024 IPS, Inc.
×
×
  • Create New...