如何通过CloudFlare从S3提供文件 [英] How to serve files from S3 via CloudFlare

问题描述

假设用户的头像已上传并存储在Amazon S3上，我们有一个名为mywebsite.com的域，我想使用CloudFlare来缓存S3存储桶中的文件.我该怎么办?

Let's say that users' avatars are uploaded and stored on the Amazon S3 and we have a domain called mywebsite.com and I want to use CloudFlare in order to cache the files from the S3 bucket. How would I do that?

推荐答案

我们在cloudflare网站上可以找到的文档是相当隐含的，我必须在Google上进行大量搜索才能使其正常工作.因此，这是我的解决方案，虽然可能不全面，但可能足以入门.

The docs that we can find on the cloudflare site are rather implicit and I had to google quite a lot to make it work. So here's my solution that may not be comprehensive but it may be good enough to get started.

1)创建一个名为avatars.mywebsite.com

2)向其中添加以下策略.政策，而不是CORS.

2) Add the following policy to it. Policy, not CORS.

{
    "Version": "2012-10-17",
    "Id": "http referer policy",
    "Statement": [
        {
            "Sid": "CloudFlare Requests",
            "Effect": "Allow",
            "Principal": "*",
            "Action": "s3:GetObject",
            "Resource": "arn:aws:s3:::avatars.mywebsite.com/*",
            "Condition": {
                "IpAddress": {
                    "aws:SourceIp": [
                        "103.21.244.0/22",
                        "103.22.200.0/22",
                        "103.31.4.0/22",
                        "104.16.0.0/12",
                        "108.162.192.0/18",
                        "131.0.72.0/22",
                        "141.101.64.0/18",
                        "162.158.0.0/15",
                        "172.64.0.0/13",
                        "173.245.48.0/20",
                        "188.114.96.0/20",
                        "190.93.240.0/20",
                        "197.234.240.0/22",
                        "198.41.128.0/17"
                    ]
                }
            }
        }
    ]
}

我认为它的作用是限制对存储桶的访问，因此只能使用属于CloudFlare且可以在其网站上的某些IP对其进行访问.另外，我相信Id和Sid可以包含适合您情况的任何信息.

What I believe it does is that it restricts the access to the bucket so that it could only be accessed with those IPs, which belong to CloudFlare and may be found somewhere on their website. Also I believe Id and Sid can contain any information that makes sense in your case.

3)在CloudFlare DNS管理器中添加一个CNAME记录.名称应为avatars，值应为avatars.mywebsite.com.s3.amazonaws.com

3) Add a CNAME record in the CloudFlare DNS manager. Name should be avatars and value avatars.mywebsite.com.s3.amazonaws.com

4)现在，如果您要从网站中访问路径为user/1/avatar.jpg的存储桶中的文件，请使用以下src:

4) Now, if you want to access a file in the bucket with a path like user/1/avatar.jpg from your website, use the following src:

https://avatars.mywebsite.com/user/1/avatar.jpg

5)值得指出的是，如果使用HTTPS，可能需要在CloudFlare仪表板中将SSL级别从Full(Strict)更改为Full.

5) It's worth pointing out that it may be required to change the SSL level from Full(Strict) to Full in the CloudFlare dashboard if HTTPS is used.

这篇关于如何通过CloudFlare从S3提供文件的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！