Hi team,
We just finished installing Mastodon on an EC2 instance with an S3 bucket as the backend for file storage. We have the S3 bucket name is same as a subdomain which is behind Cloudflare for caching files.domain.com, and the same is configured as S3_ALIAS_HOST and S3_BUCKET.
One question we had was when files are uploaded in this bucket, all the objects seem to be with public ACL. That makes sense for public posts/emojis etc. But if two users have shared a file on a direct message (which should be private), that file link is also public. Is there a way to proxy these with the user session? Did we configure this wrongly?