docs: add backblaze cors guidance
This commit is contained in:
Andreas Dueren
@@ -9,6 +9,42 @@ Before using Ente, configure an S3-compatible object storage provider:
|
|||||||
3. Open `/app/data/config/s3.env` and provide values for **all** required keys.
|
3. Open `/app/data/config/s3.env` and provide values for **all** required keys.
|
||||||
4. Save the file and restart the app from the Cloudron dashboard.
|
4. Save the file and restart the app from the Cloudron dashboard.
|
||||||
5. (Required for cast/slideshow) Configure your S3 bucket’s CORS policy to allow the Ente domains you serve from Cloudron (e.g. `https://ente.due.ren`, `https://accounts.due.ren`, `https://cast.due.ren`, etc.). Without CORS, browsers will block the signed URLs that power the cast slideshow.
|
5. (Required for cast/slideshow) Configure your S3 bucket’s CORS policy to allow the Ente domains you serve from Cloudron (e.g. `https://ente.due.ren`, `https://accounts.due.ren`, `https://cast.due.ren`, etc.). Without CORS, browsers will block the signed URLs that power the cast slideshow.
|
||||||
|
- **Backblaze B2 tip:** B2 ships with “native” CORS rules that block S3-style updates. Install the Backblaze CLI `pip install 'b2<4'`, then:
|
||||||
|
```bash
|
||||||
|
# Authorise once (replace with your key ID/secret)
|
||||||
|
b2 authorize-account <KEY_ID> <APP_KEY>
|
||||||
|
|
||||||
|
# Clear any native rules
|
||||||
|
b2 bucket update --cors-rules '[]' ente-due-ren allPublic
|
||||||
|
|
||||||
|
# Apply the S3-compatible rule (adjust origins as needed)
|
||||||
|
cat >cors.json <<'EOF'
|
||||||
|
[
|
||||||
|
{
|
||||||
|
"corsRuleName": "ente-web",
|
||||||
|
"allowedOrigins": [
|
||||||
|
"https://ente.due.ren",
|
||||||
|
"https://accounts.due.ren",
|
||||||
|
"https://auth.due.ren",
|
||||||
|
"https://albums.due.ren",
|
||||||
|
"https://cast.due.ren",
|
||||||
|
"https://family.due.ren"
|
||||||
|
],
|
||||||
|
"allowedHeaders": ["*"],
|
||||||
|
"allowedOperations": [
|
||||||
|
"s3_get_object",
|
||||||
|
"s3_head_object",
|
||||||
|
"b2_download_file_by_name",
|
||||||
|
"b2_download_file_by_id"
|
||||||
|
],
|
||||||
|
"exposeHeaders": ["ETag","Content-Length","Content-Type"],
|
||||||
|
"maxAgeSeconds": 86400
|
||||||
|
}
|
||||||
|
]
|
||||||
|
EOF
|
||||||
|
b2 bucket update --cors-rules "$(<cors.json)" ente-due-ren allPublic
|
||||||
|
```
|
||||||
|
Verify with `curl -I -H 'Origin: https://ente.due.ren' <signed-url>`; you should see `Access-Control-Allow-Origin`.
|
||||||
|
|
||||||
Supported variables:
|
Supported variables:
|
||||||
- `S3_ENDPOINT` (e.g. `https://<account>.r2.cloudflarestorage.com`)
|
- `S3_ENDPOINT` (e.g. `https://<account>.r2.cloudflarestorage.com`)
|
||||||
|
|||||||
15
start.sh
15
start.sh
@@ -184,6 +184,21 @@ if [ ! -f "$S3_CONFIG_FILE" ]; then
|
|||||||
#S3_BUCKET=ente
|
#S3_BUCKET=ente
|
||||||
#S3_ACCESS_KEY=R2_ACCESS_KEY
|
#S3_ACCESS_KEY=R2_ACCESS_KEY
|
||||||
#S3_SECRET_KEY=R2_SECRET_KEY
|
#S3_SECRET_KEY=R2_SECRET_KEY
|
||||||
|
#S3_FORCE_PATH_STYLE=true
|
||||||
|
#S3_PRIMARY_DC=b2-eu-cen
|
||||||
|
#S3_SECONDARY_DC=b2-eu-cen
|
||||||
|
#S3_DERIVED_DC=b2-eu-cen
|
||||||
|
#
|
||||||
|
# Example for Backblaze B2 (replace placeholders):
|
||||||
|
#S3_ENDPOINT=https://s3.us-west-002.backblazeb2.com
|
||||||
|
#S3_REGION=us-west-002
|
||||||
|
#S3_BUCKET=ente
|
||||||
|
#S3_ACCESS_KEY=B2_ACCESS_KEY
|
||||||
|
#S3_SECRET_KEY=B2_SECRET_KEY
|
||||||
|
#S3_FORCE_PATH_STYLE=true
|
||||||
|
#S3_PRIMARY_DC=b2-eu-cen
|
||||||
|
#S3_SECONDARY_DC=b2-eu-cen
|
||||||
|
#S3_DERIVED_DC=b2-eu-cen
|
||||||
EOF_S3
|
EOF_S3
|
||||||
chown cloudron:cloudron "$S3_CONFIG_FILE"
|
chown cloudron:cloudron "$S3_CONFIG_FILE"
|
||||||
chmod 600 "$S3_CONFIG_FILE"
|
chmod 600 "$S3_CONFIG_FILE"
|
||||||
|
|||||||
Reference in New Issue
Block a user