Asset hosting on S3: Difference between revisions
(Created page with "=== Diaspora Comes With Support For Amazon S3 Built In. === You can use Amazon S3 (Simple Storage Service) To Host Many Parts Of Your Pod. This includes the static assets tha...") |
SuperTux88 (talk | contribs) m (diaspora.toml) |
||
(9 intermediate revisions by 5 users not shown) | |||
Line 4: | Line 4: | ||
=== Storing Static Assets On Amazon S3. === | === Storing Static Assets On Amazon S3. === | ||
{{Out of date|part=section}}{{Note|1=Many installation guides [[Special:WhatLinksHere/Asset_hosting_on_S3|link this page]], so it should probably be kept (in an updated version).}} | |||
Firstly, cd Into Your Diaspora Code Folder Using The Command Line. Then Run The Following Commands (For A NON Heroku Setup) Replacing 'xxxx' For The Piece Of Info From Your S3 Account: | Firstly, cd Into Your Diaspora Code Folder Using The Command Line. Then Run The Following Commands (For A NON Heroku Setup) Replacing 'xxxx' For The Piece Of Info From Your S3 Account: | ||
Line 10: | Line 11: | ||
export AWS_SECRET_ACCESS_KEY=xxxx | export AWS_SECRET_ACCESS_KEY=xxxx | ||
export FOG_DIRECTORY=xxxx </pre> | export FOG_DIRECTORY=xxxx </pre> | ||
=== Manually copying assets to Amazon S3. === | |||
First you need to copy your Assets folder to your S3 bucket. This can be done by copying the Assets folder from the source code to your Amazon S3 bucket. Then cd into your Diaspora folder and edit the config/diaspora.toml file to the preferences below: | |||
<pre>[configuration.environment.assets] | |||
## Serve static assets via the appserver (default=false). | |||
## This is highly discouraged for production use. Let your reverse | |||
## proxy/webserver do it by serving the files under public/ directly. | |||
serve = true | |||
## Upload your assets to S3 (default=false). | |||
upload = false | |||
## Specify an asset host. Ensure it does not have a trailing slash (/). | |||
host = "https://[bucket].s3.amazonaws.com"</pre> (Replace '[bucket]' with your Amazon S3 bucket) | |||
=== Storing user content on Amazon S3. === | |||
To safely allow user uploads to S3, you'll need to configure a bucket policy, as well as an IAM user and policy. For this to work with SSL/TLS, you will need to use a bucket without dots in its name. | |||
bucket policy: | |||
<pre> | |||
{ | |||
"Version": "2008-10-17", | |||
"Id": "myDiasporaBucketPolicy", | |||
"Statement": [ | |||
{ | |||
"Sid": "diaspora-user", | |||
"Effect": "Allow", | |||
"Principal": { | |||
"AWS": "arn:aws:iam::myAmazonID#:user/myIAMUser" | |||
}, | |||
"Action": [ | |||
"s3:AbortMultipartUpload", | |||
"s3:ListBucket", | |||
"s3:DeleteObject", | |||
"s3:GetObject", | |||
"s3:GetBucketLocation", | |||
"s3:PutObject" | |||
], | |||
"Resource": [ | |||
"arn:aws:s3:::myBucket", | |||
"arn:aws:s3:::myBucket/*" | |||
] | |||
}, | |||
{ | |||
"Sid": "AllGetObject", | |||
"Effect": "Allow", | |||
"Principal": { | |||
"AWS": "*" | |||
}, | |||
"Action": "s3:GetObject", | |||
"Resource": "arn:aws:s3:::myBucket/uploads/*" | |||
} | |||
] | |||
} | |||
</pre> | |||
IAM user policy: | |||
<pre> | |||
{ | |||
"Version": "2012-10-17", | |||
"Statement": [ | |||
{ | |||
"Sid": "diasporaIAM", | |||
"Effect": "Allow", | |||
"Action": [ | |||
"s3:GetBucketLocation", | |||
"s3:ListBucket", | |||
"s3:PutObjectACL", | |||
"s3:AbortMultipartUpload", | |||
"s3:PutObject", | |||
"s3:GetObject", | |||
"s3:DeleteObject" | |||
], | |||
"Resource": [ | |||
"arn:aws:s3:::myBucket", | |||
"arn:aws:s3:::myBucket/*" | |||
] | |||
} | |||
] | |||
} | |||
</pre> | |||
[[Category:Installation]] | |||
[[Category:Podmin]] | |||
[[Category:Technical]] |
Latest revision as of 23:16, 9 June 2024
Diaspora Comes With Support For Amazon S3 Built In.
You can use Amazon S3 (Simple Storage Service) To Host Many Parts Of Your Pod. This includes the static assets that are created using the assets:precompile rake task built into Diaspora, to do this Diaspora uses the asset-sync gem. You can also store user profile pictures on Amazon S3.
Storing Static Assets On Amazon S3.
Firstly, cd Into Your Diaspora Code Folder Using The Command Line. Then Run The Following Commands (For A NON Heroku Setup) Replacing 'xxxx' For The Piece Of Info From Your S3 Account:
export AWS_ACCESS_KEY_ID=xxxx export AWS_SECRET_ACCESS_KEY=xxxx export FOG_DIRECTORY=xxxx
Manually copying assets to Amazon S3.
First you need to copy your Assets folder to your S3 bucket. This can be done by copying the Assets folder from the source code to your Amazon S3 bucket. Then cd into your Diaspora folder and edit the config/diaspora.toml file to the preferences below:
[configuration.environment.assets] ## Serve static assets via the appserver (default=false). ## This is highly discouraged for production use. Let your reverse ## proxy/webserver do it by serving the files under public/ directly. serve = true ## Upload your assets to S3 (default=false). upload = false ## Specify an asset host. Ensure it does not have a trailing slash (/). host = "https://[bucket].s3.amazonaws.com"
(Replace '[bucket]' with your Amazon S3 bucket)
Storing user content on Amazon S3.
To safely allow user uploads to S3, you'll need to configure a bucket policy, as well as an IAM user and policy. For this to work with SSL/TLS, you will need to use a bucket without dots in its name.
bucket policy:
{ "Version": "2008-10-17", "Id": "myDiasporaBucketPolicy", "Statement": [ { "Sid": "diaspora-user", "Effect": "Allow", "Principal": { "AWS": "arn:aws:iam::myAmazonID#:user/myIAMUser" }, "Action": [ "s3:AbortMultipartUpload", "s3:ListBucket", "s3:DeleteObject", "s3:GetObject", "s3:GetBucketLocation", "s3:PutObject" ], "Resource": [ "arn:aws:s3:::myBucket", "arn:aws:s3:::myBucket/*" ] }, { "Sid": "AllGetObject", "Effect": "Allow", "Principal": { "AWS": "*" }, "Action": "s3:GetObject", "Resource": "arn:aws:s3:::myBucket/uploads/*" } ] }
IAM user policy:
{ "Version": "2012-10-17", "Statement": [ { "Sid": "diasporaIAM", "Effect": "Allow", "Action": [ "s3:GetBucketLocation", "s3:ListBucket", "s3:PutObjectACL", "s3:AbortMultipartUpload", "s3:PutObject", "s3:GetObject", "s3:DeleteObject" ], "Resource": [ "arn:aws:s3:::myBucket", "arn:aws:s3:::myBucket/*" ] } ] }