-
-
Notifications
You must be signed in to change notification settings - Fork 352
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[feature] Add CDN acceleration domain for S3 storage #2549
Comments
I always thought that if GoToSocial uses AWS S3 as the backend storage, GoToSocial would somehow obtain the CDN domain returned by AWS S3 and replace the domain of the image URL link with the domain returned by AWS S3. If using Alibaba Cloud OSS because it is compatible with the AWS S3 protocol, it will not return an accelerated domain to GoToSocial. Today, I created a GoToSocial test site and tested it with AWS S3 as the storage backend, and it turns out it's not like that. Of course, it's also possible that I haven't found the configuration document I need. Configuration of GoToSocial using AWS S3 as storageThe storage bucket name created in AWS S3 cannot be in domain form, for example, GTS_STORAGE_BACKEND: s3
GTS_STORAGE_S3_ENDPOINT: s3-us-west-2.amazonaws.com
GTS_STORAGE_S3_ACCESS_KEY: 1111
GTS_STORAGE_S3_SECRET_KEY: 222
GTS_STORAGE_S3_BUCKET: gotosocial-ceshi Testing
For AWS S3, add AWS CloudFront as a front proxy and modify S3 bucket permissions according to AWS CloudFront. AWS CloudFront domain is: ceshi.xxxx.xxxx.org
ConclusionEven if GoToSocial uses AWS S3 as storage, image 302 redirects will not use the domain in AWS CloudFront. OtherWhat if AWS S3 uses a domain as the storage bucket name?GoToSocial Configuration GTS_STORAGE_BACKEND: s3
GTS_STORAGE_S3_ENDPOINT: s3-us-west-2.amazonaws.com
GTS_STORAGE_S3_ACCESS_KEY: 1111
GTS_STORAGE_S3_SECRET_KEY: 222
GTS_STORAGE_S3_BUCKET: ceshi.xxxx.xxxx.org Corresponding links become SummaryCurrently, when configuring GoToSocial to use S3 as image storage, there are 2 ways:
|
The S3 object store has no way of knowing that your content can be served and accessed through some other domain entirely, so GtS has no way of knowing about it either. I imagine this problem would also hold for anyone using an AWS Cloudfront distribution for example, since you'd want to return a different URL than that of the S3 bucket in the redirect. I think all we need here is to add something like |
I'm going to close this in favour of #2574 where we've got the generic solution and different use cases documented. If you're still interested in this feature, feel free to subscribe to that issue. |
Is your feature request related to a problem ?
Refer to the issue #2155
I have stored GoToSocial's images on Alibaba Cloud OSS using the S3 protocol. I have already bound an acceleration domain on Alibaba Cloud OSS. However, I couldn't find a method in the GoToSocial documentation to set up an acceleration domain for S3 storage. Additionally, I didn't find an answer to the problem in the Alibaba Cloud documentation. I tried configuring Nginx to rewrite GoToSocial's image 302 redirection but failed. I tested accessing the OSS storage using the acceleration domain and found that I need to modify GoToSocial's 302 redirection rules.
Describe the solution you'd like.
The configuration of storing images on Alibaba Cloud OSS using the S3 protocol in GoToSocial:
At present, GoToSocial has disabled S3 proxy access to image streams.
The process of using Alibaba Cloud OSS with GoToSocial when closing the S3 proxy (
GTS_STORAGE_S3_PROXY = "false"
):When a browser or app accesses the image at
https://me.12.11/fileserver/01RMN5FC48PQ2J8YP43XJGSSTF/attachment/small/01XT7W8XBGG52S6ETD5ZXJBRMK.jpg
, this image link will undergo a302 Found
redirect tohttps://gotosocial-image.oss-ap-northeast-1.aliyuncs.com/01RMN5FC48PQ2J8YP43XJGSSTF/attachment/small/01XT7W8XBGG52S6ETD5ZXJBRMK.jpg?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=LTAI5tSBDopiwWGmFqcSR6vN%2F20240120%2Foss-ap-northeast-1%2Fs3%2Faws4_request&X-Amz-Date=20240120T112909Z&X-Amz-Expires=86400&X-Amz-SignedHeaders=host&response-content-type=image%2Fjpeg&X-Amz-Signature=dc86138779847b2259a70a9d8dbf513ad16bbe97d62ae81fbb6ccee649c3a672
. At this point, the browser or app will correctly display the image.The expected use of GoToSocial S3 involves storing data on Alibaba Cloud OSS.
GoToSocial needs to add a environment variable for setting the S3 acceleration domain, for example,
GTS_STORAGE_S3_CDN = "cf-gotosocial.111111.xyz"
.Currently, when accessing the image
https://me.12.11/fileserver/01RMN5FC48PQ2J8YP43XJGSSTF/attachment/small/01XT7W8XBGG52S6ETD5ZXJBRMK.jpg
, a302 Found
redirect occurs tohttps://gotosocial-image.oss-ap-northeast-1.aliyuncs.com/01RMN5FC48PQ2J8YP43XJGSSTF/attachment/small/01XT7W8XBGG52S6ETD5ZXJBRMK.jpg?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=LTAI5tSBDopiwWGmFqcSR6vN%2F20240120%2Foss-ap-northeast-1%2Fs3%2Faws4_request&X-Amz-Date=20240120T112909Z&X-Amz-Expires=86400&X-Amz-SignedHeaders=host&response-content-type=image%2Fjpeg&X-Amz-Signature=dc86138779847b2259a70a9d8dbf513ad16bbe97d62ae81fbb6ccee649c3a672
. This should be changed to a302 Found
redirect tohttps://cf-gotosocial.111111.xyz/01RMN5FC48PQ2J8YP43XJGSSTF/attachment/small/01XT7W8XBGG52S6ETD5ZXJBRMK.jpg
, allowing the use of CDN to accelerate the image.Describe alternatives you've considered.
Alibaba Cloud OSS can be configured to allow direct access to OSS storage from specific IPs when the storage bucket is set to private, without the need for access verification. Therefore, GoToSocial needs to make the following changes:
?X-Amz-Algorithm=……649c3a672
).Additional context.
1.Configure an IP blacklist or whitelist
2.OSS+CloudFlare CDN 免费加速
When adding a domain to OSS according to reference 2, the image can be accessed using the following URLs:
https://cf-gotosocial.111111.xyz/01H7Y0CN8998G6784W57BX0BCC/attachment/original/01HM6RNHSJXH9RHVA0GK5GEAFP.jpg?Expires=1705813161&OSSAccessKeyId=TMP.3KeESS3qFNGoSYvopKkF9nmsnkex8cFn8yeSgMVV42s3NLDherFn8Zdc2VVskpSYFoSjG2whNGDEekdEF9EcCsRUD9jCmC&Signature=hVv5xMsUzKprgsCipHEHIdDCFso%3D
https://cf-gotosocial.111111.xyz/01H7Y0CN8998G6784W57BX0BCC/attachment/original/01HM6RNHSJXH9RHVA0GK5GEAFP.jpg
Both URLs can be used to access the image.
The text was updated successfully, but these errors were encountered: