I’m trying to setup a subdomain (m.example.com) that points to my OVH S3 bucket (mybucket.s3.ovh)
I set a cloudflare CNAME entry where m points to mybucket.s3.ovh and proxy is enabled.
the problem is that when I try to access an object from my subdomain, I get the following error :
but the same file can be accessed directly from the bucket url
I don’t understand why this doesn’t work.
I checked ovh and my files are accessible, I even set the CORS so that my files can be referenced from m.example.com
when I disable the proxy, I get an ssl error, because the ssl cert is to ovh and not to m.example.com (obviously), and I NEED the cache to work …
Did you follow the procedure to add a custom domain to the S3 bucket?
You need to have a signed certificate that covers the hostname you are using in your browser (obviously). Everything else is as good as having no certificate at all. You should make sure that you are using Full (strict) as your SSL setting in Cloudflare.
thanks.
But I thought that Cloudflare would handle the certificate for the m subdomain.
where am I supposed to store and handle the certificate ?
I want all requests to m to go through CF->OVH S3, and never hit my own server for the www site.
I don’t want an OVH custom domain, since I’ll have to pay for all the cached data.
I want CF to handle it
You can get a certificate from Cloudflare, but you will still need to install it on the bucket. It will also only work with the proxy enabled.
I’m not sure what you mean by this. If you want to use your domain to access your bucket, you need to configure it as a custom domain for the bucket and install an SSL certificate for you name.
But from the documentation, I don’t think a custom domain is how the bucket is meant to be used.
Well, I was using an R2 bucket from Cloudflare, and the setup was very easy. CF was handling the cert for the bucket, and proxying data from the custom domain to the actual bucket.
I thought that cloutflare could do that for a bucket on another site ?
I know but I thought that cloudflare was proxying, therefore an https request for file1 was going to cloudflare proxy, which would make the request to the s3 bucket, then return the data from the proxy (and from the subdomain).
Isn’t it the way it’s working ?
the S3 provider has certificates for the endpoint, all I would need would be for CF to handle the subdomain cert
The problem is this: Usually, multiple websites are hosted on the same IP address.
To figure out which website the user wants to see, the server looks at the Host header. The Host header contains the domain that you entered into your browser.
Now, when you try to open m.example.com, Cloudflare’s proxy will keep the same host header for the request to the bucket. But the bucket doesn’t know what to do when m.example.com is requested from it, so you get the Invalid Request error you are seeing.
…