search

scripting / a8c-FeedLand-Support

A public repo for discussing FeedLand at A8C.
1 stars 0 forks source link

Static Storage debugging #42

Closed cagrimmett closed 7 months ago

cagrimmett commented 8 months ago

See: https://github.com/scripting/feedlandInstall/issues/43

@fmfernandes started on this work. Can you provide an update and outline where we are?

fmfernandes commented 8 months ago

Currently on our bucket we have the DeleteObject permission added. Also, at some point, we added support for user defined ACL, but, when we enabled that:

  1. It's possible that there are some objects in the bucket that we as the owner will not be able to access.
  2. Public access was enabled, because we're using (public-read as the ACL).
  3. s3:PutObjectACL was added to the bucket policy.

Since we have public access, I did some tests using the AWS CLI to generate a presigned URL to access my own feed.

I think what we need now is to create a new DNS entry on feedland.org to point to our bucket (maybe data.a8c.feedland.org).

I'm assuming that the above URL wouldn't work without public access.

scripting commented 8 months ago

We're going to hit another problem with HTTPS -- I asked ChatGPT to outline the issues with mapping a CNAME to an S3 bucket.

https://chat.openai.com/share/7ff15eed-db11-4ab1-95d2-1b009d8dd157

fmfernandes commented 8 months ago

Hey @scripting, so we currently have:

on our bucket root. The only thing that shouldn't have public-read access is the /storage/privateFiles folder, is that correct?

We're going to hit another problem with HTTPS -- I asked ChatGPT to outline the issues with mapping a CNAME to an S3 bucket.

Interesting... ChatGPT mentions that the CNAME should match the bucket name but we'll need to enable CloudFront as well.

cagrimmett commented 8 months ago

ChatGPT on setting up private folders in otherwise public buckets: https://chat.openai.com/share/967bb74e-fc88-4dc4-8cbe-69e4ca9d0ecc

scripting commented 8 months ago

The only thing that shouldn't have public-read access is the /storage/privateFiles folder, is that correct?

Yes.

fmfernandes commented 8 months ago

I'm going to check what we need for the CNAME to work, if we can choose any CNAME, what would that be @scripting? data.a8c.feedland.org?

scripting commented 8 months ago

It doesn’t matter what we choose now, we’ll be changing it next week. Let’s use data.feedland.dev for now, Tell me what I should map it to and I’ll do it.

fmfernandes commented 8 months ago

Noting here that files like appPrefs.json etc are no longer accessible.

fmfernandes commented 8 months ago

It doesn’t matter what we choose now, we’ll be changing it next week.

Let's wait for it then and make all the changes at once 🙂

fmfernandes commented 7 months ago

We have setup data.feedland.com. Closing this issue for now.