S3 Configuration Problem

Hi Folks,

I finally got rid of my 503 error because I didn’t include the $S3_Endpoint variable.

Now, my next obstacle is S3_ALIAS_HOST variable. I understand conceptually how it is supposed to work, but I don’t know how to implement it exactly. I have a instance using, for example, xyz.com. I set the s3_alias_host as assets.xyz.com. Now, the instance doesn’t post correctly.

  1. Do I need to add a A record in the DNS for this subdomain? I suspect I do.
  2. Do I need a SSL certificate for the subdomain? I already have one for the 2nd level domain, but, I’m wondering if I need one for the 3rd level subdomain, which may require me to get a wildcard SSL certificate.
  3. I plan to use Digital Ocean’s CDN, which asks me about the subdomain. How does that relate to the S3_alias_host problem?

Thank you for helping this newbie out.

Dan

The specifics of S3_ALIAS_HOST setup are going to be different depending on which storage provider you’re using. The only thing mastodon does with that variable is use it to determine which URLs are generated when rendering asset URLs.

Without S3_ALIAS_HOST, generated URLs look something like this:

https://awsexamplebucket1.s3.us-west-2.amazonaws.com/photos/puppy.jpg

with S3_ALIAS_HOST, they look like this:

https://assets.mastodon.social/photos/puppy.jpg

The specifics of what each provider requires to treat request to assets.mastodon.social as requests to awsexamplebucket1.s3.us-west-2.amazonaws.com are going to change depending on how their system is set up, there’s no one-size-fits-all answer.

Yes, if you want to serve HTTPS traffic on a domain, you need a certificate for that. For example, if you want to serve traffic on https://assets.mastodon.social, you’ll need an HTTPS certificate for assets.mastodon.social or *.mastodon.social. Again, the details on how to obtain these certificates depends on what CDN and asset storage system you’re going to be dealing with. When using HTTPS with Amazon S3, you’ll need an additional CDN in front of it to handle the HTTPS traffic, since Amazon S3 only supports HTTP traffic. I don’t know about other systems.

Thank you. I’ll poke around and see if I can figure out it out. :slight_smile:

1 Like

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.