How to setup custom domain for Linode object storage

·

3 min read

Object storage, also known as object-based storage, is a modern data storage architecture designed for handling large volumes of unstructured data efficiently.

Unlike traditional storage systems, object storage organizes data into individual objects, each with its own metadata and unique identifier for easy retrieval.

With its scalability and cost-effectiveness, object storage has become increasingly popular for storing diverse types of data, such as emails, media files, web pages, and sensor data. It is commonly used for creating data archives, managing backups, and storing static content due to its efficient and affordable nature.

Accessing Object Storage with Custom Domains

Most cloud object storage service providers offer both shared and custom domain names for accessing uploaded files. For example, Linode provides secure (HTTPS) URLs within the shared domain "example.ap-south-1.linodeobjects.com" by default. Alternatively, users can opt for a custom subdomain of their object storage, such as "assets.example.com", to access their stored files.

Below, we present a guide on setting up a custom domain on Linode Object Storage, using assets.example.com and the ap-south-1 cluster as examples.

Step 1: Creating a Bucket

Create a bucket labelled assets.example.com and set the Access Control List (ACL) to Private.

Step 2: Configuring DNS Settings

Navigate to the Domains DNS settings and create a CNAME record.

Hostname: [subdomain]
Alias To: [bucket-label].[cluster-id].linodeobjects.com

For example:

Hostname: assets 
Alias To: assets.example.com.ap-south-1.linodeobjects.com

Step 3: Setting up Let's Encrypt Certificate

Follow the instructions outlined in dcoles/acme-linode-objectstorage to set up a Let's Encrypt certificate for assets.example.com.

Step 4: Prerequisites

Ensure that Python 3.8+ is installed, along with the Cryptography and Requests libraries.

pip install cryptography requests

Step 5: Installing the Package

Use pip to install the package:

pip install --user git+https://github.com/dcoles/acme-linode-objectstorage.git

Step 6: Generating Let's Encrypt Account Key

Before proceeding, navigate to the desired directory, such as the user's home directory with cd ~, or any preferred location for storing the .pem file.

Then, generate the Let's Encrypt account key using the command:

openssl genrsa 4096 > account_key.pem

Step 7: Create Linode API Personal Access Token

Create a Linode API Personal Access Token with Read/Write permission to Object Storage.

Step 8: Provision a certificate for this bucket:

Execute the following code, make sure to replace Your Personal Access Token with your actual Linode Personal Access Token, assets.example.com with your desired domain name, and ap-south-1 with your Linode Object Storage cluster region before executing the following command.

The recent update removed the -C / --cluster argument. The package will now find all the matching buckets across all clusters automatically.

export LINODE_TOKEN=Your Personal Access Token
# python3 -m acme_linode_objectstorage -k account_key.pem -C ap-south-1 assets.example.com --agree-to-terms-of-service
python3 -m acme_linode_objectstorage -k account_key.pem assets.example.com --agree-to-terms-of-service

# Output:
# INFO:root:Generating 2048-bit RSA private key
# INFO:root:Creating CSR for assets.example.com
# INFO:root:Registering account
# INFO:root:Creating new order for assets.example.com
# INFO:root:Performing authorizations
# INFO:root:Finalizing order
# INFO:root:Updating certs

Step 9: Setting up Automatic SSL Renewal

Set up a cron job to run the renewal script periodically.

Open the crontab editor by running the following command:

crontab -e

Add a new line to the crontab file to schedule the SSL renewal script to run. For example, to run the renewal script at midnight on the 1st day of every second month.


0 0 1 */2 * python3 -m acme_linode_objectstorage -k /path/to/account_key.pem assets.example.com

Save and exit the crontab editor. The cron job is now set up to automatically renew your SSL certificate at the specified intervals.

Reference

Configure a Custom Domain (with a TLS/SSL Certificate) | Linode Docs
dcoles/acme-linode-objectstorage: ACME ("Let's Encrypt") client for Linode Object Storage (github.com)

Did you find this article valuable?

Support Chaiwei's Coding Journey by becoming a sponsor. Any amount is appreciated!