DigitalOcean

Report this

What is the reason for this report?
Question

How to combine SecureLink with CDN (Spaces) assets

Posted on January 5, 2021
Nginx
DigitalOcean Spaces
grover66

By grover66

Is there a way to leverage the CDN service as an optimized content delivery/cache/edge service, but limit the access to those assets by only authenticated users on my nginx site? I assume I need to implement a reverse proxy in my nginx to inspect the url prior to serving it up, but that will defeat the benefit of the CDN service (because I would have to block the access from the CDN and require my nginx to serve up the asset). Is there a document that may explain an approach that I can possibly implement?

Thanks in advance.



This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
0
alexdo
alexdo
July 19, 2023

Heya,

Just came across this answer and decided to write some general guidelines for anyone who comes across this in the future despite the old question.

One common way to accomplish this is by using CDN-signed URLs. These are specialized URLs that grant access to the file for a limited time. When your authenticated user requests a file, your server can generate a temporary signed URL and return that to the user. This could involve modifying your app code to generate these temporary URLs when needed.

Please note, however, that as of now, DigitalOcean Spaces, which serves as the CDN, does not natively support signed URLs or token authentication out of the box. You may need to consider third-party CDN solutions that offer this feature.

I suggest implementing an access control mechanism at the application level, where the application validates whether a user is authenticated and authorized to view the content prior to generating the Spaces object URL.

To understand more about controlling access to Spaces, please visit this DigitalOcean document link.

Remember, it’s a good practice to regularly review security measures for any hosted content, and always implement the principle of least privilege where possible.

Hope that this helps!

Become a contributor for community

Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.

Sign Up

DigitalOcean Documentation

Full documentation for every DigitalOcean product.

Learn more

Resources for startups and SMBs

The Wave has everything you need to know about building a business, from raising funding to marketing your product.

Learn more

Get our newsletter

Stay up to date by signing up for DigitalOcean’s Infrastructure as a Newsletter.

New accounts only. By submitting your email you agree to our Privacy Policy

The developer cloud

Scale up as you grow — whether you're running one virtual machine or ten thousand.

Get started for free

Sign up and get $200 in credit for your first 60 days with DigitalOcean.*

*This promotional offer applies to new accounts only.

© 2025 DigitalOcean, LLC.Sitemap.