Mastodon + CloudFlare + B2 Object Storage = free egress
When setting up my Mastodon instance, I jumped directly to storing all media in object storage (Backblaze B2, in my case), because I didn't want to allocate / estimate local storage requirements.
This turned out to be a great decision, as my media bucket quickly grew to over 100GB, but as a result, all of my media was served behind URLs like https://f007.backblaze.com/file/something/something-else/another-something.jpg
, and could technically be scraped without using my Mastodon URL.
Here's how to improve this, and also serve your Mastodon instance from behind a CloudFlare proxy...
How to CDN Mastodon with Cloudflare
After stumbling across some #mastoadmin posts re the "Bandwidth Alliance", I discovered that CloudFlare and Backblaze have an agreement, under which egress traffic from Backblaze B2 buckets is free, provided they're fronted by CloudFlare's CDN.
Not knowing up-front how much I'd be using the media storage, I felt that this was a sensible idea. I also wanted my media URLs to be more "branded" that the default B2 bucket URLs.
I found some instructions by the BackBlaze team on how to implement CloudFlare caching of B2 buckets using a custom domain, using CloudFlare's transform rules.
The initial config based on the transform rule linked above worked great, when my instance was not being proxied by CloudFlare. As soon as I enabled proxying for my instance, I'd get weird 404s when trying to access Mastodon.
Try not to transform non-media URLs!
It turned out (as I discovered after turning on access log debugging in Traefik) that the above transform rule was applied to all traffic hitting my DNS name, and happily transforming every URL requested from Mastodon!
I made the change illustrated below, which resolved the issue, and now permits the Mastodon web components to be proxied behind CloudFlare, but also allows me to serve my media behind the B2 bucket, with a nicely-branded FQDN:
Success, #dogstodon ๐ถ
Now I'm one step closer to a resilient Mastodon instance which can hopefully survive the occasional traffic spike / DOS when I post something really amazingly interesting, like my photo-bombing dog1...
Chef's notes ๐
-
Her name is Jessie, she's a cross Labrador / Rhodesian Ridgeback, and she was just over 1 year old at the time of this photobombing! ๐พย โฉ
Tip your waiter (sponsor) ๐
Did you receive excellent service? Want to compliment the chef? (..and support development of current and future recipes!) Sponsor me on Github / Ko-Fi / Patreon, or see the contribute page for more (free or paid) ways to say thank you! ๐
Employ your chef (engage) ๐ค
Is this too much of a geeky PITA? Do you just want results, stat? I do this for a living - I'm a full-time Kubernetes contractor, providing consulting and engineering expertise to businesses needing short-term, short-notice support in the cloud-native space, including AWS/Azure/GKE, Kubernetes, CI/CD and automation.
Learn more about working with me here.
Flirt with waiter (subscribe) ๐
Want to be alerted to new posts / recipes? Subscribe to the RSS feed, or leave your email address below, and we'll keep you updated.