Instructions
In this article:
Instructions#
How to setup a custom domain for a website#
By default, a bucket running in the website mode is accessible at http://bucket-name.website.cloud.croc.ru, where bucket-name is the name of the bucket. Instead of the above domain name, you can use your own custom domain name.
Setting up your third-level domain for a website#
You can use your own domain to host a website, for example, a third-level domain img.example.com in the example.com zone.
First of all, you need to create a bucket named img.example.com, upload the website content into it, and turn on website mode.
To make the website accessible at http://img.example.com, configure the DNS server of the example.com zone.
In the example.com zone settings, create a record of the type CNAME :
img.example.com. IN CNAME img.example.com.website.cloud.croc.ru.
After making these changes, the website will be accessible at http://img.example.com, as well as (by default) at http://img.example.com.website.cloud.croc.ru.
Setting up your second-level domain for a website#
You can use your own domain to host a website, for example, a second-level example.com domain.
Create a bucket example.com, upload the website content into it, and turn on website mode.
To make the website accessible at http://example.com, configure the DNS server of the example.com zone.
Important
In this example, a second-level domain (which is also a root domain) of the example.com zone is used. The DNS specification does not allow the creation of a CNAME record for the root domain, but some DNS servers and services allow such records to be created. Make sure your DNS server or service supports this feature. Often these records are called, for example, ALIAS or ANAME instead of CNAME.
In the example.com zone settings, create a record of the type ALIAS or ANAME (depending on what your DNS provider uses):
example.com. IN ALIAS example.com.website.cloud.croc.ru.
Setting up HTTPS for a website#
By default, a bucket with the website mode enabled is accessible only over HTTP at http://bucket-name.website.cloud.croc.ru, where bucket-name is the name of the bucket.
You can enable HTTPS support, as well as configure automatic redirect from HTTP to HTTPS.
At the moment, there is no API to automatically enable HTTPS.
Important
To enable HTTPS for a specific website, submit a request via the support portal or send an email to infra-support@croc.ru. Request examples are shown below.
Configure access to the website http://bucket1.website.cloud.croc.ru over HTTPS#
To make the website http://bucket1.website.cloud.croc.ru accessible over HTTPS, create a bucket bucket1 and enable website mode.
Then submit a request via the support portal
Request example
Subject: HTTPS for bucket1.website.cloud.croc.ru
Description:
- Bucket name: *bucket1*
- Website domain: *bucket1.website.cloud.croc.ru*
- Enable forced redirect from HTTP to HTTPS: *yes/no*
where:
- *Bucket name* – your bucket in the object storage (S3), which must be available over HTTPS in the website mode.
- *Website domain name* – the website name for which a certificate will be issued to enable HTTPS.
- *Enable forced redirect from HTTP to HTTPS* – if you want users accessing the website over HTTP to be automatically redirected to its HTTPS version, select *yes*. If you want to keep them able to access the website via HTTP, select *no*.
After the request validation, a certificate will be issued for the specified domain name and HTTPS will be enabled. Let’s Encrypt will be used as a Certification Authority.
Setting up access to the website in a custom domain http://img.example.com over HTTPS#
To make the website http://img.example.com accessible over HTTPS, create a bucket img.example.com and enable website mode. Then, configure your DNS so that the website is accessible at http://img.example.com.
Then submit a request via the support portal
Request example
Subject: HTTPS for img.example.com
Description:
- Bucket name: *img.example.com*
- Website domain: *img.example.com*
- Enable forced redirect from HTTP to HTTPS: *yes/no*
- Use your own certificate: *yes/no*
where:
- *Bucket name* – your bucket in the object storage (S3), which must be available over HTTPS in the website mode.
- *Website domain name* – website name for which a certificate will be issued to enable HTTPS.
- *Enable forced redirect from HTTP to HTTPS* – if you want users accessing the website over HTTP to be automatically redirected to its HTTPS version, select *yes*. If you want to keep them able to access the website via HTTP, select *no*.
- *Use own certificate*. If you want to use your own domain for a website, you can give us your certificate. In this case, you need to select *yes* and attach a certificate for the specified domain name to the request. This may be needed for testing purposes or when you want the certificate to have special attributes. If you specify *no*, then a certificate from a Let's Encrypt CA will be issued and used for this domain.
Setting up website redirect rules#
A bucket in website mode can be configured to redirect all or some incoming requests to other buckets or external resources.
The documentation contains the list of commands supported in the CROC Cloud S3 API and setup instructions AWS CLI.
To receive the current configuration of the website in a specific bucket, you can use the aws s3api get-bucket-website command.
aws --profile croc --endpoint-url https://storage.cloud.croc.ru s3api get-bucket-website --bucket bucket1
{
"IndexDocument": {
"Suffix": "index.html"
}
}
To configure the bucket website, use the s3api put-bucket-website command.
There are several redirect options:
Supported redirect rule parameters#
Condition is a container for describing a condition that must be met for the specified redirect to be applied.
Redirect is a container for information redirection. You can redirect requests to a different host, a different page, or via a different protocol. In case of an error, you can specify another error code for the return.
Block |
Parameter |
Description |
|---|---|---|
|
|
The HTTP error code when to apply a redirect. If an error code is equal to this value, then the specified redirect is applied. Required if the |
|
|
The object key name prefix when to apply a redirect. For example, to redirect requests to ExamplePage.html, the key prefix will be |
|
|
The hostname in a redirect request |
|
|
HTTP code in the response to a redirect request. |
|
|
The protocol to be used to redirect requests. By default, the protocol of the original request is used. |
|
|
The object key prefix to be used in a redirect request. For example, to redirect requests for all pages with |
|
|
The specific object key prefix is to be used in a redirect request, such as a redirect request to error.html. It can only be used if |
Redirect all requests to another resource#
If you want to redirect all requests to another resource, prepare a JSON file with the following bucket parameters bucket1.json.
File bucket1.json
{
"RedirectAllRequestsTo": {
"HostName": "new-site.com",
"Protocol": "http"
}
}
In this example, the bucket bucket1.website.cloud.croc.ru is configured as a website. However, the configuration specifies that all GET requests for the bucket1.website.cloud.croc.ru website endpoint will be redirected to the new-site.com host. Such a redirect can be useful when you have two websites – an old one old-site.com (bucket1.website.cloud.croc.ru in our example) and a new one new-site.com – and wish to redirect all incoming requests from the old website to the new one.
aws --profile croc --endpoint-url https://storage.cloud.croc.ru s3api put-bucket-website --bucket old-site.com --website-configuration file://bucket1.json
Note
If you specify the RedirectAllRequestTo parameter in the configuration, you will not specify another parameter.
Configuring multiple redirect rules to another resource#
If you want to flexibly configure redirect rules to one or more objects, add routing rules.
Suppose your bucket2 contains the following objects:
index.html
docs/site1.html
docs/site2.html
If you want to rename the docs/ folder to documents/, you need to redirect requests to the docs/ prefix to documents/. For example, if a request for docs/site1.html should be redirected to documents/ site1.html, you need to update the website configuration and add a routing rule as shown in the following JSON file bucket2.json:
File bucket2.json
{
"IndexDocument": {
"Suffix": "index.html"
}
"ErrorDocument": {
"Key": "Error.html"
}
"RoutingRules": [
{
"Condition": {
"KeyPrefixEquals": "docs/"
}
"Redirect": {
"ReplaceKeyPrefixWith": "documents/"
}
}
]
}
aws --profile croc --endpoint-url https://storage.cloud.croc.ru s3api put-bucket-website --bucket bucket2 --website-configuration file://bucket2.json
Configuring multiple redirect rules to another resource#
If you want to use multiple redirect rules at the same time, provision an appropriate JSON file. For example, to configure different redirect rules for the Russian and English website versions, you need to provision a JSON file bucket3.json:
File bucket3.json
{
"IndexDocument": {
"Suffix": "index.html"
},
"ErrorDocument": {
"Key": "error.html"
},
"RoutingRules": [
{
"Redirect": {
"ReplaceKeyWith": "ru/data.html",
"HostName": "new-site.com",
"Protocol": "https",
"HttpRedirectCode": "302"
},
"Condition": {
"KeyPrefixEquals": "ru/manual/data.html"
}
},
{
"Redirect": {
"ReplaceKeyWith": "en/data.html",
"HostName": "new-site.com",
"Protocol": "https",
"HttpRedirectCode": "302"
},
"Condition": {
"KeyPrefixEquals": "en/manual/data.html"
}
}
]
}
aws --profile croc --endpoint-url https://storage.cloud.croc.ru s3api put-bucket-website --bucket old-site --website-configuration file://bucket3.json
How to configure the lifecycle of objects in a bucket#
To make storing objects in a bucket cost-effective, you can customize their lifecycle. If you use a bucket to store log files or regular reports, then at some point, there may be too many files. In this case, you can reduce the storage time and the time you spent manually deleting objects by configuring object auto-deletion from the bucket using BucketLifecycle.
To setup the regular object deletion from the bucket, you must describe the lifecycle rules in a JSON file. Here is an example of a rule in the lifecycle.json file, according to which objects will be automatically deleted from the bucket_with_logs bucket 30 days after download.
Example of a rule from the file lifecycle.json
{
"Rules": [
{
"ID": "Expire old logs",
"Filter": {
"Prefix": "logs/"
},
"Status": "Enabled",
"Expiration": {
"Days": 30
}
}
]
}
aws --profile croc --endpoint-url https://storage.cloud.croc.ru s3api put-bucket-lifecycle-configuration --bucket bucket_with_logs --lifecycle-configuration file://lifecycle.json
Read more about the object storage.
How to install s3cmd to use advanced object storage management features#
The s3cmd utility provides advanced features. Follow the steps below to install and set it up.
Before installing, you need to get API access settings. You can do this in the cloud management console. Click on the user login in the upper right corner and select Profile Get API access settings.
By default, S3cmd utility is included in Ubuntu, Debian, Fedora, CentOS, and RHEL Linux repositories, and can be installed, using the following commands.
# yum install epel-release -y # yum install s3cmd -y
# sudo apt-get install s3cmd
Then you have to configure s3cmd (acess and secret keys can be found in API access settings):
S3cmd settings
# s3cmd --configure Enter new values or accept defaults in brackets with Enter. Refer to user manual for detailed description of all options. Access key and Secret key are your identifiers for Amazon S3. Leave them empty for using the env variables. Access Key: <Project ID in CROC Cloud>:<Your login to CROC Cloud> Secret Key: XXXXXXXXXXXXXXXXXXXXXX Default Region [US]: Use "s3.amazonaws.com" for S3 Endpoint and not modify it to the target Amazon S3. S3 Endpoint [s3.amazonaws.com]: storage.cloud.croc.ru Use "%(bucket)s.s3.amazonaws.com" to the target Amazon S3. "%(bucket)s" and "%(location)s" vars can be used if the target S3 system supports dns based buckets. DNS-style bucket+hostname:port template for accessing a bucket [%(bucket)s.s3.amazonaws.com]: %(bucket)s.storage.cloud.croc.ru Encryption password is used to protect your files from reading by unauthorized persons while in transfer to S3 Encryption password: Path to GPG program [/usr/bin/gpg]: When using secure HTTPS protocol all communication with Amazon S3 servers is protected from 3rd party eavesdropping. This method is slower than plain HTTP, and can only be proxied with Python 2.7 or newer Use HTTPS protocol [No]: yes On some networks all internet access must go through a HTTP proxy. Try setting it here if you can't connect to S3 directly HTTP Proxy server name: New settings: Access Key: <Project ID in CROC Cloud>:<Your login to CROC Cloud> Secret Key: XXXXXXXXXXXXXXXXXXXXXX Default Region: US S3 Endpoint: storage.cloud.croc.ru DNS-style bucket+hostname:port template for accessing a bucket: %(bucket)s.storage.cloud.croc.ru Encryption password: Path to GPG program: /usr/bin/gpg Use HTTPS protocol: True HTTP Proxy server name: HTTP Proxy server port: 0 Test access with supplied credentials? [Y/n] y Save settings? [y/N] y
Now you can use S3cmd utility. To learn more about working with the utility, run s3cmd --help.