I’m wondering if it is possible to use spaces behind the cloudflare proxy for cost and security reasons. As far as I understood, this would involve the following:
- Set up something to deny all requests to xxx.digitaloceanspaces.com from non-cloudflare IPs
- Set up a custom subdomain on cloudflare that points to the space
Can spaces be used this way?
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
I think Zeblote’s comments describes very well the thing that he wants to do, I’m looking myself for the same thing and really haven’t found any real answer.
Basically the thing is:
1.- Store web application on droplet, using a cdn like cloudflare point to the application by the domain ‘stuff.com’ and enjoy benefits from using cdn.
2.- Store all static files (.jpeg, .png, .css, .js, .mp4, etc.) on spaces. However by doing this anyone could access directly the files, consuming bandwith and resources of the spaces bucket, or simply perform malicious actions directly on the bucket itself.
3.- By hiding the bucket behind a cloudflare cdn I think he means (at least from my understanding), is that he wants to create a cname for ‘stuff.com’ alias ‘static.stuff.com’ wich points to the spaces bucket therefore the files stored at the bucket. So instead of accessing the files by ‘stuff.nyc3.digitaloceanspaces.com/img-example.jpeg’ we can access them simply like ‘static.stuff.com/img-example.jpeg’, wich is easy to remember and better brand representing than the first one, and enjoy benefits from using a cdn.
Nevertheless using a cdn brings a lot of benefits to the table, like security, file caching, etc…
In summary:
‘stuff.com’ in cloudflare points to web application ip in droplet.
‘static.stuff.com’ in cloudflare points to ‘stuff.nyc3.digitaloceanspaces.com’ in spaces.
Is there an actual way of doing this?
johngannon please give real answers.
What you could do today is setup a reverse proxy using Nginx (or any other frontend server), rewriting the requests from something like assets.example.com to yourspace.region.digitaloceanspaces.com and put cloudflare in front of assets.example.com, so you should never pay for exceding transfer usage (as included one should be more than enough)
The issue is that Cloudflare requires the bucket name to be the exact domain you are hosting and DigitalOcean has prevented bucket names with dots.
You can recreate this on s3, create a bucket www-example-com, enable html hosting and get the url for the html files (not the s3 bucket url). Create the cname in Cloudflare for www.example.com, and you will get the same error from s3: NoSuchBucket
Go back to s3 and create a bucket www.example.com, enable html hosting and get the html hosting url, and update the cname, the site will work.
This is the exact same issue with DO Spaces, however because Digital Ocean prevented bucket names with dots, using Cloudflare in front of a Spaces bucket will not work.
It would be as simple as Digital Ocean allowing bucket names with dots to fix this.
Become a contributor for community
Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.
DigitalOcean Documentation
Full documentation for every DigitalOcean product.
Resources for startups and SMBs
The Wave has everything you need to know about building a business, from raising funding to marketing your product.
The developer cloud
Scale up as you grow — whether you're running one virtual machine or ten thousand.
Get started for free
Sign up and get $200 in credit for your first 60 days with DigitalOcean.*
*This promotional offer applies to new accounts only.