Asset hosting on S3: Difference between revisions
Sournetwork (talk | contribs) (Manually copying assets to Amazon S3) |
SuperTux88 (talk | contribs) m (diaspora.toml) |
||
(6 intermediate revisions by 4 users not shown) | |||
Line 1: | Line 1: | ||
=== Diaspora Comes With Support For Amazon S3 Built In. === | === Diaspora Comes With Support For Amazon S3 Built In. === | ||
Line 6: | Line 4: | ||
=== Storing Static Assets On Amazon S3. === | === Storing Static Assets On Amazon S3. === | ||
{{Out of date|part=section}}{{Note|1=Many installation guides [[Special:WhatLinksHere/Asset_hosting_on_S3|link this page]], so it should probably be kept (in an updated version).}} | |||
Firstly, cd Into Your Diaspora Code Folder Using The Command Line. Then Run The Following Commands (For A NON Heroku Setup) Replacing 'xxxx' For The Piece Of Info From Your S3 Account: | Firstly, cd Into Your Diaspora Code Folder Using The Command Line. Then Run The Following Commands (For A NON Heroku Setup) Replacing 'xxxx' For The Piece Of Info From Your S3 Account: | ||
Line 15: | Line 14: | ||
=== Manually copying assets to Amazon S3. === | === Manually copying assets to Amazon S3. === | ||
First you need to copy your Assets folder to your S3 bucket. This can be done by copying the Assets folder from the source code to your Amazon S3 bucket. Then | First you need to copy your Assets folder to your S3 bucket. This can be done by copying the Assets folder from the source code to your Amazon S3 bucket. Then cd into your Diaspora folder and edit the config/diaspora.toml file to the preferences below: | ||
<pre>[configuration.environment.assets] | |||
## Serve static assets via the appserver (default=false). | |||
## This is highly discouraged for production use. Let your reverse | |||
## proxy/webserver do it by serving the files under public/ directly. | |||
serve = true | |||
## Upload your assets to S3 (default=false). | |||
upload = false | |||
## Specify an asset host. Ensure it does not have a trailing slash (/). | |||
host = "https://[bucket].s3.amazonaws.com"</pre> (Replace '[bucket]' with your Amazon S3 bucket) | |||
=== Storing user content on Amazon S3. === | |||
To safely allow user uploads to S3, you'll need to configure a bucket policy, as well as an IAM user and policy. For this to work with SSL/TLS, you will need to use a bucket without dots in its name. | |||
bucket policy: | |||
<pre> | |||
{ | |||
"Version": "2008-10-17", | |||
"Id": "myDiasporaBucketPolicy", | |||
"Statement": [ | |||
{ | |||
"Sid": "diaspora-user", | |||
"Effect": "Allow", | |||
"Principal": { | |||
"AWS": "arn:aws:iam::myAmazonID#:user/myIAMUser" | |||
}, | |||
"Action": [ | |||
"s3:AbortMultipartUpload", | |||
"s3:ListBucket", | |||
"s3:DeleteObject", | |||
"s3:GetObject", | |||
"s3:GetBucketLocation", | |||
"s3:PutObject" | |||
], | |||
"Resource": [ | |||
"arn:aws:s3:::myBucket", | |||
"arn:aws:s3:::myBucket/*" | |||
] | |||
}, | |||
{ | |||
"Sid": "AllGetObject", | |||
"Effect": "Allow", | |||
"Principal": { | |||
"AWS": "*" | |||
}, | |||
"Action": "s3:GetObject", | |||
"Resource": "arn:aws:s3:::myBucket/uploads/*" | |||
} | |||
] | |||
} | |||
</pre> | |||
IAM user policy: | |||
<pre> | |||
{ | |||
"Version": "2012-10-17", | |||
"Statement": [ | |||
{ | |||
"Sid": "diasporaIAM", | |||
"Effect": "Allow", | |||
"Action": [ | |||
"s3:GetBucketLocation", | |||
"s3:ListBucket", | |||
"s3:PutObjectACL", | |||
"s3:AbortMultipartUpload", | |||
"s3:PutObject", | |||
"s3:GetObject", | |||
"s3:DeleteObject" | |||
], | |||
"Resource": [ | |||
"arn:aws:s3:::myBucket", | |||
"arn:aws:s3:::myBucket/*" | |||
] | |||
} | |||
] | |||
} | |||
</pre> | |||
[[Category:Installation]] | [[Category:Installation]] | ||
[[Category:Podmin]] | [[Category:Podmin]] | ||
[[Category:Technical]] | [[Category:Technical]] |
Latest revision as of 23:16, 9 June 2024
Diaspora Comes With Support For Amazon S3 Built In.
You can use Amazon S3 (Simple Storage Service) To Host Many Parts Of Your Pod. This includes the static assets that are created using the assets:precompile rake task built into Diaspora, to do this Diaspora uses the asset-sync gem. You can also store user profile pictures on Amazon S3.
Storing Static Assets On Amazon S3.
Firstly, cd Into Your Diaspora Code Folder Using The Command Line. Then Run The Following Commands (For A NON Heroku Setup) Replacing 'xxxx' For The Piece Of Info From Your S3 Account:
export AWS_ACCESS_KEY_ID=xxxx export AWS_SECRET_ACCESS_KEY=xxxx export FOG_DIRECTORY=xxxx
Manually copying assets to Amazon S3.
First you need to copy your Assets folder to your S3 bucket. This can be done by copying the Assets folder from the source code to your Amazon S3 bucket. Then cd into your Diaspora folder and edit the config/diaspora.toml file to the preferences below:
[configuration.environment.assets] ## Serve static assets via the appserver (default=false). ## This is highly discouraged for production use. Let your reverse ## proxy/webserver do it by serving the files under public/ directly. serve = true ## Upload your assets to S3 (default=false). upload = false ## Specify an asset host. Ensure it does not have a trailing slash (/). host = "https://[bucket].s3.amazonaws.com"
(Replace '[bucket]' with your Amazon S3 bucket)
Storing user content on Amazon S3.
To safely allow user uploads to S3, you'll need to configure a bucket policy, as well as an IAM user and policy. For this to work with SSL/TLS, you will need to use a bucket without dots in its name.
bucket policy:
{ "Version": "2008-10-17", "Id": "myDiasporaBucketPolicy", "Statement": [ { "Sid": "diaspora-user", "Effect": "Allow", "Principal": { "AWS": "arn:aws:iam::myAmazonID#:user/myIAMUser" }, "Action": [ "s3:AbortMultipartUpload", "s3:ListBucket", "s3:DeleteObject", "s3:GetObject", "s3:GetBucketLocation", "s3:PutObject" ], "Resource": [ "arn:aws:s3:::myBucket", "arn:aws:s3:::myBucket/*" ] }, { "Sid": "AllGetObject", "Effect": "Allow", "Principal": { "AWS": "*" }, "Action": "s3:GetObject", "Resource": "arn:aws:s3:::myBucket/uploads/*" } ] }
IAM user policy:
{ "Version": "2012-10-17", "Statement": [ { "Sid": "diasporaIAM", "Effect": "Allow", "Action": [ "s3:GetBucketLocation", "s3:ListBucket", "s3:PutObjectACL", "s3:AbortMultipartUpload", "s3:PutObject", "s3:GetObject", "s3:DeleteObject" ], "Resource": [ "arn:aws:s3:::myBucket", "arn:aws:s3:::myBucket/*" ] } ] }