We just finished installing Mastodon on an EC2 instance with an S3 bucket as the backend for file storage. We have the S3 bucket name is same as a subdomain which is behind Cloudflare for caching
files.domain.com, and the same is configured as
One question we had was when files are uploaded in this bucket, all the objects seem to be with public ACL. That makes sense for public posts/emojis etc. But if two users have shared a file on a direct message (which should be private), that file link is also public. Is there a way to proxy these with the user session? Did we configure this wrongly?