backblaze_cloudflare drawing bed configuration

summary

backblaze: also known as b2, it is a cloud storage platform that can upload its own files to the cloud and provide a url that can be accessed from the outside. Visit pictures in this article

Cloudflare: a CDN that caches web pages. Our purpose is to cache backblaze images so that users can see the traffic without backblaze and cloudflare.

Backblaze in the bandwidth alliance of cloudflare, the traffic between the two is free. Use backblaze here to make all user traffic go through the bandwidth alliance

Bandwidth Alliance: https://www.cloudflare.com/zh-cn/bandwidth-alliance/

backblaze

Register backblaze (your own test account)

B2 Cloud Storage -> Sign Up

Portal

Create bucket

My Account -> Buckets -> Create a Bucket

When creating, you need to fill in Bucket Unique Name and choose private or public

Here, in order to prevent people with ulterior motives from brushing the traffic of backblaze, a private bucket is created, so that users can not connect directly to backblaze, but only to cloudflare

Upload file

My account - > browse files or my account - > buckets - > upload / download

In the Browse Files interface, click the small "i" on the right side of each file to display the picture link

Interface calls are charged. The first 2500 calls a day are free. If the number of calls exceeds, an error will be reported unless you join the charging plan

file

# Error text
Transaction cap exceeded, see the Caps & Alerts page to increase your cap.

Add app key

MyAccount -> App Keys -> add a new application key

Set the permissions of the key to which bucket s

The key id and the key ontology only appear once. Please write them down!!!

Apply for test domain name

Tencent cloud buys a one-year root domain name for more than 30 yuan

Tencent cloud - > search for domain name registration - > buy one for one year

Tencent cloud - > console - > go to dnspod console - > configure dns

cloudflare

Register cloudflare

https://dash.cloudflare.com/

Add root domain name to cloudflare

cloud flare console - > add site - > input the root domain name just registered - > select the "free" plan - > add a cname record and put < write a name yourself > superggn. Com points to the b2 domain name (f000.backblazeb2.com)

adopt https://image.superggn.com/file// Accessing public bucket files

Add cache rule

CF -> superggn.com -> Rules -> Create Page Rule

URL: image.superggn.com/*

Cache level: standard

Configure dns at the domain name service provider

Tencent cloud - > console - > go to dnspod console - > configure dns

Modify the domain name wherever you buy it

Configure worker

summary

Functions realized by worker:

Modify in direction link

Access b2 private bucket

Specific configuration

CF -> superggn. Com - > workers - > manage workers

Create worker

Do not edit temporarily, save and deploy directly

Remember the name of the worker

CF -> superggn. Com - > workers - > Add route

Route: image superggn. com/*

That is, our test domain name obtained in the dns configuration step is bound to the newly established worker

python script update worker

Preconditions:

backblaze

b2 bucket name

b2 bucket id

Get in bucket

b2 app key id

b2 app key

app key generated in backblaze (specifies which bucket can be accessed)

cloudflare

cf worker account id

workers -> manage workers

Right column account id

cf worker name

cf worker api key

my profile -> api tokens -> create token

Select the Edit Cloudflare Workers template

Script function

Worker is essentially a script running on an ip, so worker name and script name are equivalent

Send a request to backblaze to obtain the b2 auth token (you can't access the private bucket without this token) (the maximum validity is 7 days. You can try to set maxSecondsAuthValid longer and report an error directly), and update the obtained b2 auth token to cloudflare worker script to realize access authorization

Request lifecycle

Request - cloudflare - worker - backblaze

Script body

Pay attention to replacing variables

import base64
import json

import requests

ETC_ROOT = '/etc/DiceServer'

with open('{}/cloudflare_backblaze_config.txt'.format(ETC_ROOT)) as f:
    CLOUDFLARE_BACKBLAZE_CONFIG_LIST = f.read().strip().split()
    # backblaze config
    B2_BUCKET_NAME = CLOUDFLARE_BACKBLAZE_CONFIG_LIST[1]
    BUCKET_SOURCE_ID = CLOUDFLARE_BACKBLAZE_CONFIG_LIST[3]
    # backblaze config for b64 encoding
    B2_APP_KEY_ID = CLOUDFLARE_BACKBLAZE_CONFIG_LIST[5]
    B2_APP_KEY = CLOUDFLARE_BACKBLAZE_CONFIG_LIST[7]
    B2_DOMAIN = CLOUDFLARE_BACKBLAZE_CONFIG_LIST[9]
    # cloudflare config
    CF_WORKER_ACCOUNT_ID = CLOUDFLARE_BACKBLAZE_CONFIG_LIST[11]
    CF_WORKER_API_KEY = CLOUDFLARE_BACKBLAZE_CONFIG_LIST[13]
    CF_WORKER_NAME = CLOUDFLARE_BACKBLAZE_CONFIG_LIST[15]

flagDebug = True

# An authorization token is valid for not more than 1 week
# This sets it to the maximum time value
maxSecondsAuthValid = 7 * 24 * 60 * 60  # one week in seconds

# DO NOT CHANGE ANYTHING BELOW THIS LINE ###

baseAuthorizationUrl = 'https://api.backblazeb2.com/b2api/v2/b2_authorize_account'
b2GetDownloadAuthApi = '/b2api/v2/b2_get_download_authorization'

# Get fundamental authorization code
idAndKey = B2_APP_KEY_ID.encode() + b':' + B2_APP_KEY.encode()
b2AuthKeyAndId = base64.b64encode(idAndKey)
basicAuthString = 'Basic ' + b2AuthKeyAndId.decode('UTF-8')
authorizationHeaders = {'Authorization': basicAuthString}
resp = requests.get(baseAuthorizationUrl, headers=authorizationHeaders)

if flagDebug:
    print("resp.status_code", resp.status_code)
    print("resp.headers", resp.headers)
    print("resp.content", resp.content.decode())
    print("_____________")

respData = json.loads(resp.content.decode("UTF-8"))

bAuToken = respData["authorizationToken"]
bFileDownloadUrl = respData["downloadUrl"]
bPartSize = respData["recommendedPartSize"]
bApiUrl = respData["apiUrl"]

# Get specific download authorization

getDownloadAuthorizationUrl = bApiUrl + b2GetDownloadAuthApi
downloadAuthorizationHeaders = {'Authorization': bAuToken}

resp2 = requests.post(getDownloadAuthorizationUrl,
                      json={'bucketId': BUCKET_SOURCE_ID,
                            'fileNamePrefix': "",
                            'validDurationInSeconds': maxSecondsAuthValid},
                      headers=downloadAuthorizationHeaders)

resp2Content = resp2.content.decode("UTF-8")
resp2Data = json.loads(resp2Content)

bDownAuToken = resp2Data["authorizationToken"]

if flagDebug:
    print("authorizationToken: " + bDownAuToken)
    print("downloadUrl: " + bFileDownloadUrl)
    print("recommendedPartSize: " + str(bPartSize))
    print("apiUrl: " + bApiUrl)

workerTemplate = """
addEventListener('fetch', event => {
    event.respondWith(handleRequest(event.request))
})

async function handleRequest(request) {
    let authToken = '<B2_DOWNLOAD_TOKEN>'
    const b2Domain = '<B2_DOMAIN>'
    const b2UrlPath = '/file/<B2_BUCKET_NAME>/'
    let b2Headers = new Headers(request.headers)
    const url = new URL(request.url)
    if (url.host === b2Domain && !url.pathname.startsWith(b2UrlPath)) {
        url.pathname = b2UrlPath + url.pathname;
    }
    b2Headers.append("Authorization", authToken)
    modRequest = new Request(url, {
        method: request.method,
        headers: b2Headers
    })

    const response = await fetch(modRequest)
    return response
}
"""

workerCode = workerTemplate.replace('<B2_DOWNLOAD_TOKEN>', bDownAuToken)
workerCode = workerCode.replace('<B2_BUCKET_NAME>', B2_BUCKET_NAME)
workerCode = workerCode.replace('<B2_DOMAIN>', B2_DOMAIN)

cfHeaders = {'Authorization': "Bearer " + CF_WORKER_API_KEY,
             'Content-Type': 'application/javascript'}

cfUrl = 'https://api.cloudflare.com/client/v4/accounts/' + CF_WORKER_ACCOUNT_ID + "/workers/scripts/" + CF_WORKER_NAME

resp = requests.put(cfUrl, headers=cfHeaders, data=workerCode)

if flagDebug:
    print(resp)
    print(resp.headers)
    print(resp.content)
"""

workerCode = workerTemplate.replace('<B2_DOWNLOAD_TOKEN>', bDownAuToken)
workerCode = workerCode.replace('<B2_BUCKET_NAME>', b2BucketName)

cfHeaders = {'Authorization': "Bearer " + cfWorkerApiKey,
             'Content-Type': 'application/javascript'}

cfUrl = 'https://api.cloudflare.com/client/v4/accounts/' + cfWorkerAccountId + "/workers/scripts/" + cfWorkerName

resp = requests.put(cfUrl, headers=cfHeaders, data=workerCode)

if flagDebug:
    print(resp)
    print(resp.headers)
    print(resp.content)

print("_______________")

Set sensitive variables

Set the script to execute regularly through crontab

Update script file_ cloudflare_ worker. Py (whatever name you choose) is placed in the cron script directory of the test server (you can directly see where other scripts are placed through crontab -l)

cd /home/ubuntu/test_crontab
vim update_cloudflare_worker.py
# Paste the script in, save and exit
crontab -l
crontab -e
# Add a row below
* * * * *	python3 /home/ubuntu/test_crontab/update_cloudflare_worker.py
# Save exit

test

function

Reference link

public bucket

https://help.backblaze.com/hc/en-us/articles/217666928-Using-Backblaze-B2-with-the-Cloudflare-CDN

private bucket

https://help.backblaze.com/hc/en-us/articles/360010017893-How-to-allow-Cloudflare-to-fetch-content-from-a-Backblaze-B2-private-bucket

Remove / file in the middle of the link//

https://www.reddit.com/r/backblaze/comments/i3t104/using_cloudflarebackblaze_b2_can_i_remove/

https://jross.me/free-personal-image-hosting-with-backblaze-b2-and-cloudflare-workers/

Domestic course

https://dukeluo.me/2020/02/12/blog-clean-plan-1.html

https://www.wangfuchao.com/1290/

Keywords: cdn

Added by ozman26 on Sun, 30 Jan 2022 19:19:07 +0200