Asset hosting on S3: Difference between revisions

From diaspora* project wiki
(Manually copying assets to Amazon S3)
m (diaspora.toml)
 
(6 intermediate revisions by 4 users not shown)
Line 1: Line 1:
{{Out of date}}
=== Diaspora Comes With Support For Amazon S3 Built In. ===
=== Diaspora Comes With Support For Amazon S3 Built In. ===


Line 6: Line 4:


=== Storing Static Assets On Amazon S3. ===
=== Storing Static Assets On Amazon S3. ===
{{Out of date|part=section}}{{Note|1=Many installation guides [[Special:WhatLinksHere/Asset_hosting_on_S3|link this page]], so it should probably be kept (in an updated version).}}


Firstly, cd Into Your Diaspora Code Folder Using The Command Line. Then Run The Following Commands (For A NON Heroku Setup) Replacing 'xxxx' For The Piece Of Info From Your S3 Account:
Firstly, cd Into Your Diaspora Code Folder Using The Command Line. Then Run The Following Commands (For A NON Heroku Setup) Replacing 'xxxx' For The Piece Of Info From Your S3 Account:
Line 15: Line 14:
=== Manually copying assets to Amazon S3. ===
=== Manually copying assets to Amazon S3. ===


First you need to copy your Assets folder to your S3 bucket. This can be done by copying the Assets folder from the source code to your Amazon S3 bucket. Then <pre>cd</pre> into your Diaspora folder and edit the <pre>config/diaspora.yml</pre> file to the preferences below:
First you need to copy your Assets folder to your S3 bucket. This can be done by copying the Assets folder from the source code to your Amazon S3 bucket. Then cd into your Diaspora folder and edit the config/diaspora.toml file to the preferences below:
 
<pre>[configuration.environment.assets]
 
## Serve static assets via the appserver (default=false).
## This is highly discouraged for production use. Let your reverse
## proxy/webserver do it by serving the files under public/ directly.
serve = true
 
## Upload your assets to S3 (default=false).
upload = false
 
## Specify an asset host. Ensure it does not have a trailing slash (/).
host = "https://[bucket].s3.amazonaws.com"</pre> (Replace '[bucket]' with your Amazon S3 bucket)


<pre>  assets: ## Section
=== Storing user content on Amazon S3. ===
      ## Serve static assets via the appserver.
      ## This is highly discouraged for production use,
      ## let your reverse proxy/webserver do it by serving the files
      ## under public/ directly.
      serve: true


      ## Upload your assets to S3
To safely allow user uploads to S3, you'll need to configure a bucket policy, as well as an IAM user and policy. For this to work with SSL/TLS, you will need to use a bucket without dots in its name.
      upload: false


      ## Specify an asset host. Ensure it does not have a trailing slash (/).
bucket policy:
      host: https://[bucket].s3.amazonaws.com/</pre> (Replace '[bucket]' with your Amazon S3 bucket.
<pre>
{
    "Version": "2008-10-17",
    "Id": "myDiasporaBucketPolicy",
    "Statement": [
        {
            "Sid": "diaspora-user",
            "Effect": "Allow",
            "Principal": {
                "AWS": "arn:aws:iam::myAmazonID#:user/myIAMUser"
            },
            "Action": [
                "s3:AbortMultipartUpload",
                "s3:ListBucket",
                "s3:DeleteObject",
                "s3:GetObject",
                "s3:GetBucketLocation",
                "s3:PutObject"
            ],
            "Resource": [
                "arn:aws:s3:::myBucket",
                "arn:aws:s3:::myBucket/*"
            ]
        },
        {
            "Sid": "AllGetObject",
            "Effect": "Allow",
            "Principal": {
                "AWS": "*"
            },
            "Action": "s3:GetObject",
            "Resource": "arn:aws:s3:::myBucket/uploads/*"
        }
    ]
}
</pre>


IAM user policy:
<pre>
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "diasporaIAM",
            "Effect": "Allow",
            "Action": [
                "s3:GetBucketLocation",
                "s3:ListBucket",
                "s3:PutObjectACL",
                "s3:AbortMultipartUpload",
                "s3:PutObject",
                "s3:GetObject",
                "s3:DeleteObject"
            ],
            "Resource": [
                "arn:aws:s3:::myBucket",
                "arn:aws:s3:::myBucket/*"
            ]
        }
    ]
}
</pre>


[[Category:Github transfer done]]
[[Category:Installation]]
[[Category:Installation]]
[[Category:Podmin]]
[[Category:Podmin]]
[[Category:Technical]]
[[Category:Technical]]

Latest revision as of 23:16, 9 June 2024

Diaspora Comes With Support For Amazon S3 Built In.

You can use Amazon S3 (Simple Storage Service) To Host Many Parts Of Your Pod. This includes the static assets that are created using the assets:precompile rake task built into Diaspora, to do this Diaspora uses the asset-sync gem. You can also store user profile pictures on Amazon S3.

Storing Static Assets On Amazon S3.

Out of dateOut of date:This section's accuracy may be compromised due to out-of-date information. Please help improve the page by updating it. There may be additional information on the talk page.
NoteNote:Many installation guides link this page, so it should probably be kept (in an updated version).

Firstly, cd Into Your Diaspora Code Folder Using The Command Line. Then Run The Following Commands (For A NON Heroku Setup) Replacing 'xxxx' For The Piece Of Info From Your S3 Account:

export AWS_ACCESS_KEY_ID=xxxx   
export AWS_SECRET_ACCESS_KEY=xxxx
export FOG_DIRECTORY=xxxx 

Manually copying assets to Amazon S3.

First you need to copy your Assets folder to your S3 bucket. This can be done by copying the Assets folder from the source code to your Amazon S3 bucket. Then cd into your Diaspora folder and edit the config/diaspora.toml file to the preferences below:

[configuration.environment.assets]

## Serve static assets via the appserver (default=false).
## This is highly discouraged for production use. Let your reverse
## proxy/webserver do it by serving the files under public/ directly.
serve = true

## Upload your assets to S3 (default=false).
upload = false

## Specify an asset host. Ensure it does not have a trailing slash (/).
host = "https://[bucket].s3.amazonaws.com"

(Replace '[bucket]' with your Amazon S3 bucket)

Storing user content on Amazon S3.

To safely allow user uploads to S3, you'll need to configure a bucket policy, as well as an IAM user and policy. For this to work with SSL/TLS, you will need to use a bucket without dots in its name.

bucket policy:

{
    "Version": "2008-10-17",
    "Id": "myDiasporaBucketPolicy",
    "Statement": [
        {
            "Sid": "diaspora-user",
            "Effect": "Allow",
            "Principal": {
                "AWS": "arn:aws:iam::myAmazonID#:user/myIAMUser"
            },
            "Action": [
                "s3:AbortMultipartUpload",
                "s3:ListBucket",
                "s3:DeleteObject",
                "s3:GetObject",
                "s3:GetBucketLocation",
                "s3:PutObject"
            ],
            "Resource": [
                "arn:aws:s3:::myBucket",
                "arn:aws:s3:::myBucket/*"
            ]
        },
        {
            "Sid": "AllGetObject",
            "Effect": "Allow",
            "Principal": {
                "AWS": "*"
            },
            "Action": "s3:GetObject",
            "Resource": "arn:aws:s3:::myBucket/uploads/*"
        }
    ]
}

IAM user policy:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "diasporaIAM",
            "Effect": "Allow",
            "Action": [
                "s3:GetBucketLocation",
                "s3:ListBucket",
                "s3:PutObjectACL",
                "s3:AbortMultipartUpload",
                "s3:PutObject",
                "s3:GetObject",
                "s3:DeleteObject"
            ],
            "Resource": [
                "arn:aws:s3:::myBucket",
                "arn:aws:s3:::myBucket/*"
            ]
        }
    ]
}