public/geek-cookbook
1
0
Fork 0
mirror of https://github.com/funkypenguin/geek-cookbook/ synced 2025-12-13 01:36:23 +00:00
Code Issues Releases Wiki Activity
Files
a85a567afce78c270fc8f685c168983a3891420e
geek-cookbook/docs/blog/posts/notes/run-mastodon-and-media-behind-cdn.md
David Young a85a567afc Add post on Mastodon CDN 
Signed-off-by: David Young <davidy@funkypenguin.co.nz>
2023-02-09 21:51:37 +13:00

3.3 KiB
Raw Blame History

date, categories, tags, title, description
date categories tags title description
2023-02-09
note
mastodon
Leveraging Cloudflare for your Mastdon instance, including media in B2 object storage Want to run your Mastodon instance behind Cloudflare, but put your media in B2 object storage with free egress? Here's how!

Mastodon + CloudFlare + B2 Object Storage = free egress

When setting up my Mastodon instance, I jumped directly to storing all media in object storage (Backblaze B2, in my case), because I didn't want to allocate / estimate local storage requirements.

This turned out to be a great decision, as my media bucket quickly grew to over 100GB, but as a result, all of my media was served behind URLs like https://f007.backblaze.com/file/something/something-else/another-something.jpg, and could technically be scraped without using my Mastodon URL.

Here's how to improve this, and also serve your Mastodon instance from behind a CloudFlare proxy...

How to CDN Mastodon with Cloudflare

After stumbling across some #mastoadmin posts re the "Bandwidth Alliance", I discovered that CloudFlare and Backblaze have an agreement, under which egress traffic from Backblaze B2 buckets is free, provided they're fronted by CloudFlare's CDN.

Not knowing up-front how much I'd be using the media storage, I felt that this was a sensible idea. I also wanted my media URLs to be more "branded" that the default B2 bucket URLs.

I found some instructions by the BackBlaze team on how to implement CloudFlare caching of B2 buckets using a custom domain, using CloudFlare's transform rules.

The initial config based on the transform rule linked above worked great, when my instance was not being proxied by CloudFlare. As soon as I enabled proxying for my instance, I'd get weird 404s when trying to access Mastodon.

Try not to transform non-media URLs!

It turned out (as I discovered after turning on access log debugging in Traefik) that the above transform rule was applied to all traffic hitting my DNS name, and happily transforming every URL requested from Mastodon!

I made the change illustrated below, which resolved the issue, and now permits the Mastodon web components to be proxied behind CloudFlare, but also allows me to serve my media behind the B2 bucket, with a nicely-branded FQDN:

Screenshot of transform rule for Mastodon B2 image hosting

Success, #dogstodon 🐶

Now I'm one step closer to a resilient Mastodon instance which can hopefully survive the occasional traffic spike / DOS when I post something really amazingly interesting, like my photo-bombing dog1 ...

<script src="https://so.fnky.nz/embed.js" async="async"></script>

--8<-- "blog-footer.md"

  1. Her name is Jessie, she's a cross Labrador / Rhodesian Ridgeback, and she was just over 1 year old at the time of this photobombing! 🐾 ↩︎

Reference in New Issue View Git Blame Copy Permalink