diff --git a/POSTINSTALL.md b/POSTINSTALL.md
index f4428c7..9420ae0 100644
--- a/POSTINSTALL.md
+++ b/POSTINSTALL.md
@@ -9,6 +9,42 @@ Before using Ente, configure an S3-compatible object storage provider:
 3. Open `/app/data/config/s3.env` and provide values for **all** required keys.
 4. Save the file and restart the app from the Cloudron dashboard.
 5. (Required for cast/slideshow) Configure your S3 bucket’s CORS policy to allow the Ente domains you serve from Cloudron (e.g. `https://ente.due.ren`, `https://accounts.due.ren`, `https://cast.due.ren`, etc.). Without CORS, browsers will block the signed URLs that power the cast slideshow.
+   - **Backblaze B2 tip:** B2 ships with “native” CORS rules that block S3-style updates. Install the Backblaze CLI `pip install 'b2<4'`, then:
+     ```bash
+     # Authorise once (replace with your key ID/secret)
+     b2 authorize-account <KEY_ID> <APP_KEY>
+
+     # Clear any native rules
+     b2 bucket update --cors-rules '[]' ente-due-ren allPublic
+
+     # Apply the S3-compatible rule (adjust origins as needed)
+     cat >cors.json <<'EOF'
+     [
+       {
+         "corsRuleName": "ente-web",
+         "allowedOrigins": [
+           "https://ente.due.ren",
+           "https://accounts.due.ren",
+           "https://auth.due.ren",
+           "https://albums.due.ren",
+           "https://cast.due.ren",
+           "https://family.due.ren"
+         ],
+         "allowedHeaders": ["*"],
+         "allowedOperations": [
+           "s3_get_object",
+           "s3_head_object",
+           "b2_download_file_by_name",
+           "b2_download_file_by_id"
+         ],
+         "exposeHeaders": ["ETag","Content-Length","Content-Type"],
+         "maxAgeSeconds": 86400
+       }
+     ]
+     EOF
+     b2 bucket update --cors-rules "$(<cors.json)" ente-due-ren allPublic
+     ```
+     Verify with `curl -I -H 'Origin: https://ente.due.ren' <signed-url>`; you should see `Access-Control-Allow-Origin`.
 
 Supported variables:
 - `S3_ENDPOINT` (e.g. `https://<account>.r2.cloudflarestorage.com`)
diff --git a/start.sh b/start.sh
index f10690b..491a9dd 100755
--- a/start.sh
+++ b/start.sh
@@ -184,6 +184,21 @@ if [ ! -f "$S3_CONFIG_FILE" ]; then
 #S3_BUCKET=ente
 #S3_ACCESS_KEY=R2_ACCESS_KEY
 #S3_SECRET_KEY=R2_SECRET_KEY
+#S3_FORCE_PATH_STYLE=true
+#S3_PRIMARY_DC=b2-eu-cen
+#S3_SECONDARY_DC=b2-eu-cen
+#S3_DERIVED_DC=b2-eu-cen
+#
+# Example for Backblaze B2 (replace placeholders):
+#S3_ENDPOINT=https://s3.us-west-002.backblazeb2.com
+#S3_REGION=us-west-002
+#S3_BUCKET=ente
+#S3_ACCESS_KEY=B2_ACCESS_KEY
+#S3_SECRET_KEY=B2_SECRET_KEY
+#S3_FORCE_PATH_STYLE=true
+#S3_PRIMARY_DC=b2-eu-cen
+#S3_SECONDARY_DC=b2-eu-cen
+#S3_DERIVED_DC=b2-eu-cen
 EOF_S3
   chown cloudron:cloudron "$S3_CONFIG_FILE"
   chmod 600 "$S3_CONFIG_FILE"