https://discord.cloudflare.com logo
Join Discord
Powered by
# r2
  • a
    default files were private, and suddently when i connect a domian, it all got public.
  • a
    and the signed urls make no sense.
  • k
    Signed URLs are the exact same as S3
  • e
    custom domains are documented as part of Public Buckets, which explains how to restrict access https://developers.cloudflare.com/r2/data-access/public-buckets
  • a
    yes, but they work only on r2 links, not on custom domains
  • a
    but the bucket was not made public intentionaly,
  • a
    sorry, now i see to make bucket public, just add a custom domain .. but this is not how it should have happend, adding custom domains to any other s3 capatble .. dont make bucket public.
  • a
    atleast show a warning? or add the documentation link properly to that page.. when adding custom domain to r2.
  • e
    The documentation is linked twice on that page, maybe it should be explicitly mentioned instead
  • a
    https://developers.cloudflare.com/r2/data-access/public-buckets/#enable-managed-public-access-for-your-bucket #enable-managed-public-access-for-your-bucket in this particular section, its not mentioned that the bucket will get public.
  • a
    thank you
  • z
    a while back, people were asking for these two sections to be combined since it causes lots of confusion, but nothing happened
  • z
    nothing on this page implies that the custom domain will make it public or that you don't need to enable "allow access" for the public bucket to work
  • h
    It does say “can use the Public Bucket URL”
  • z
    not in the custom domain section
  • z
    which really should be part of the public access section
  • s
    Do you have any updates for the problem? If not, should I contact Cloudflare support?
  • e
    I'll raise it to the relevant team, but if you want to make a ticket thats great because we can track the issue easier
  • b
    But having a domain connected to it doesn't mean you are making it public if I understand correctly? It's just so you have a different domain then the normal s3 domain. But don't quote me on that.
  • z
    the custom domain is always public, it is part of the public bucket feature
  • z
    you getting it wrong just proves the point here that the ui is bad lol
  • b
    Oke I understood it wrong then. Then your point has been proven.
  • z
    I think on the actual s3 you can have a private bucket at a custom domain
  • e
    You cannot. You have to use CloudFront. CloudFront can access a private bucket, if you grant it rights, but the content is public by default unless you require signed requests/cookies in CloudFront itself: https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-overview.html
  • e
    There isn’t a default “custom domain on S3 that is default private” unless you turn on specific CloudFront features
  • e
    (This is separate from the fact that we can probably make the custom domain == default public distinction clearer for R2!)
  • z
    hmm I have not used it myself, but this part of the docs seems to imply otherwise:
  • e
    That’s an option, but excluded it as I wouldn’t consider it the same as a custom domain on R2: the bucket name defines the hostname you can use (must strictly match; can’t rename!) and there’s no caching at all. Just raw S3 egress.
  • e
    > The bucket name must exactly match the hostname.
  • e
    (Having dealt with S3 “custom” domains, CloudFront, etc - it’s complex)
1...884885886...1050Latest