Asset hosting on S3: Difference between revisions
No edit summary |
Nplamondon (talk | contribs) (Added instructions for user uploads to S3.) |
||
Line 29: | Line 29: | ||
host: https://[bucket].s3.amazonaws.com</pre> (Replace '[bucket]' with your Amazon S3 bucket) | host: https://[bucket].s3.amazonaws.com</pre> (Replace '[bucket]' with your Amazon S3 bucket) | ||
=== Storing user content on Amazon S3. === | |||
To safely allow user uploads to S3, you'll need to configure a bucket policy, as well as an IAM user and policy. For this to work with SSL/TLS, you will need to use a bucket without dots in its name. | |||
bucket policy: | |||
<pre> | |||
{ | |||
"Version": "2008-10-17", | |||
"Id": "myDiasporaBucketPolicy", | |||
"Statement": [ | |||
{ | |||
"Sid": "diaspora-user", | |||
"Effect": "Allow", | |||
"Principal": { | |||
"AWS": "arn:aws:iam::myAmazonID#:user/myIAMUser" | |||
}, | |||
"Action": [ | |||
"s3:AbortMultipartUpload", | |||
"s3:ListBucket", | |||
"s3:DeleteObject", | |||
"s3:GetObject", | |||
"s3:GetBucketLocation", | |||
"s3:PutObject" | |||
], | |||
"Resource": [ | |||
"arn:aws:s3:::myBucket", | |||
"arn:aws:s3:::myBucket/*" | |||
] | |||
}, | |||
{ | |||
"Sid": "AllGetObject", | |||
"Effect": "Allow", | |||
"Principal": { | |||
"AWS": "*" | |||
}, | |||
"Action": "s3:GetObject", | |||
"Resource": "arn:aws:s3:::myBucket/uploads/*" | |||
} | |||
] | |||
} | |||
</pre> | |||
IAM user policy: | |||
<pre> | |||
{ | |||
"Version": "2012-10-17", | |||
"Statement": [ | |||
{ | |||
"Sid": "diasporaIAM", | |||
"Effect": "Allow", | |||
"Action": [ | |||
"s3:GetBucketLocation", | |||
"s3:ListBucket", | |||
"s3:PutObjectACL", | |||
"s3:AbortMultipartUpload", | |||
"s3:PutObject", | |||
"s3:GetObject", | |||
"s3:DeleteObject" | |||
], | |||
"Resource": [ | |||
"arn:aws:s3:::myBucket", | |||
"arn:aws:s3:::myBucket/*" | |||
] | |||
} | |||
] | |||
} | |||
</pre> | |||
[[Category:Github transfer done]] | [[Category:Github transfer done]] |
Revision as of 03:31, 2 December 2015
Diaspora Comes With Support For Amazon S3 Built In.
You can use Amazon S3 (Simple Storage Service) To Host Many Parts Of Your Pod. This includes the static assets that are created using the assets:precompile rake task built into Diaspora, to do this Diaspora uses the asset-sync gem. You can also store user profile pictures on Amazon S3.
Storing Static Assets On Amazon S3.
Firstly, cd Into Your Diaspora Code Folder Using The Command Line. Then Run The Following Commands (For A NON Heroku Setup) Replacing 'xxxx' For The Piece Of Info From Your S3 Account:
export AWS_ACCESS_KEY_ID=xxxx export AWS_SECRET_ACCESS_KEY=xxxx export FOG_DIRECTORY=xxxx
Manually copying assets to Amazon S3.
First you need to copy your Assets folder to your S3 bucket. This can be done by copying the Assets folder from the source code to your Amazon S3 bucket. Then cd into your Diaspora folder and edit the config/diaspora.yml file to the preferences below:
assets: ## Section ## Serve static assets via the appserver. ## This is highly discouraged for production use, ## let your reverse proxy/webserver do it by serving the files ## under public/ directly. serve: true ## Upload your assets to S3 upload: false ## Specify an asset host. Ensure it does not have a trailing slash (/). host: https://[bucket].s3.amazonaws.com
(Replace '[bucket]' with your Amazon S3 bucket)
Storing user content on Amazon S3.
To safely allow user uploads to S3, you'll need to configure a bucket policy, as well as an IAM user and policy. For this to work with SSL/TLS, you will need to use a bucket without dots in its name.
bucket policy:
{ "Version": "2008-10-17", "Id": "myDiasporaBucketPolicy", "Statement": [ { "Sid": "diaspora-user", "Effect": "Allow", "Principal": { "AWS": "arn:aws:iam::myAmazonID#:user/myIAMUser" }, "Action": [ "s3:AbortMultipartUpload", "s3:ListBucket", "s3:DeleteObject", "s3:GetObject", "s3:GetBucketLocation", "s3:PutObject" ], "Resource": [ "arn:aws:s3:::myBucket", "arn:aws:s3:::myBucket/*" ] }, { "Sid": "AllGetObject", "Effect": "Allow", "Principal": { "AWS": "*" }, "Action": "s3:GetObject", "Resource": "arn:aws:s3:::myBucket/uploads/*" } ] }
IAM user policy:
{ "Version": "2012-10-17", "Statement": [ { "Sid": "diasporaIAM", "Effect": "Allow", "Action": [ "s3:GetBucketLocation", "s3:ListBucket", "s3:PutObjectACL", "s3:AbortMultipartUpload", "s3:PutObject", "s3:GetObject", "s3:DeleteObject" ], "Resource": [ "arn:aws:s3:::myBucket", "arn:aws:s3:::myBucket/*" ] } ] }