Asset hosting on S3

From diaspora* project wiki
Revision as of 03:31, 2 December 2015 by Nplamondon (talk | contribs) (Added instructions for user uploads to S3.)

Diaspora Comes With Support For Amazon S3 Built In.

You can use Amazon S3 (Simple Storage Service) To Host Many Parts Of Your Pod. This includes the static assets that are created using the assets:precompile rake task built into Diaspora, to do this Diaspora uses the asset-sync gem. You can also store user profile pictures on Amazon S3.

Storing Static Assets On Amazon S3.

Out of dateOut of date:This section's accuracy may be compromised due to out-of-date information. Please help improve the page by updating it. There may be additional information on the talk page.

Firstly, cd Into Your Diaspora Code Folder Using The Command Line. Then Run The Following Commands (For A NON Heroku Setup) Replacing 'xxxx' For The Piece Of Info From Your S3 Account:

export AWS_ACCESS_KEY_ID=xxxx   
export AWS_SECRET_ACCESS_KEY=xxxx
export FOG_DIRECTORY=xxxx 

Manually copying assets to Amazon S3.

First you need to copy your Assets folder to your S3 bucket. This can be done by copying the Assets folder from the source code to your Amazon S3 bucket. Then cd into your Diaspora folder and edit the config/diaspora.yml file to the preferences below:

   assets: ## Section
      ## Serve static assets via the appserver.
      ## This is highly discouraged for production use,
      ## let your reverse proxy/webserver do it by serving the files
      ## under public/ directly.
      serve: true

      ## Upload your assets to S3
      upload: false

      ## Specify an asset host. Ensure it does not have a trailing slash (/).
      host: https://[bucket].s3.amazonaws.com

(Replace '[bucket]' with your Amazon S3 bucket)

Storing user content on Amazon S3.

To safely allow user uploads to S3, you'll need to configure a bucket policy, as well as an IAM user and policy. For this to work with SSL/TLS, you will need to use a bucket without dots in its name.

bucket policy:

{
    "Version": "2008-10-17",
    "Id": "myDiasporaBucketPolicy",
    "Statement": [
        {
            "Sid": "diaspora-user",
            "Effect": "Allow",
            "Principal": {
                "AWS": "arn:aws:iam::myAmazonID#:user/myIAMUser"
            },
            "Action": [
                "s3:AbortMultipartUpload",
                "s3:ListBucket",
                "s3:DeleteObject",
                "s3:GetObject",
                "s3:GetBucketLocation",
                "s3:PutObject"
            ],
            "Resource": [
                "arn:aws:s3:::myBucket",
                "arn:aws:s3:::myBucket/*"
            ]
        },
        {
            "Sid": "AllGetObject",
            "Effect": "Allow",
            "Principal": {
                "AWS": "*"
            },
            "Action": "s3:GetObject",
            "Resource": "arn:aws:s3:::myBucket/uploads/*"
        }
    ]
}

IAM user policy:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "diasporaIAM",
            "Effect": "Allow",
            "Action": [
                "s3:GetBucketLocation",
                "s3:ListBucket",
                "s3:PutObjectACL",
                "s3:AbortMultipartUpload",
                "s3:PutObject",
                "s3:GetObject",
                "s3:DeleteObject"
            ],
            "Resource": [
                "arn:aws:s3:::myBucket",
                "arn:aws:s3:::myBucket/*"
            ]
        }
    ]
}