Object storage, also known as object-based storage, is a modern data storage architecture designed for handling large volumes of unstructured data efficiently.
Unlike traditional storage systems, object storage organizes data into individual objects, each with its own metadata and unique identifier for easy retrieval.
With its scalability and cost-effectiveness, object storage has become increasingly popular for storing diverse types of data, such as emails, media files, web pages, and sensor data. It is commonly used for creating data archives, managing backups, and storing static content due to its efficient and affordable nature.
Accessing Object Storage with Custom Domains
Most cloud object storage service providers offer both shared and custom domain names for accessing uploaded files. For example, Linode provides secure (HTTPS) URLs within the shared domain "example.ap-south-1.linodeobjects.com
" by default. Alternatively, users can opt for a custom subdomain of their object storage, such as "assets.example.com
", to access their stored files.
Below, we present a guide on setting up a custom domain on Linode Object Storage, using assets.example.com
and the ap-south-1
cluster as examples.
Step 1: Creating a Bucket
Create a bucket labelled assets.example.com
and set the Access Control List (ACL) to Private
.
Step 2: Configuring DNS Settings
Navigate to the Domains DNS settings and create a CNAME record.
Hostname: [subdomain]
Alias To: [bucket-label].[cluster-id].linodeobjects.com
For example:
Hostname: assets
Alias To: assets.example.com.ap-south-1.linodeobjects.com
Step 3: Setting up Let's Encrypt Certificate
Follow the instructions outlined in dcoles/acme-linode-objectstorage to set up a Let's Encrypt certificate for assets.example.com
.
Step 4: Prerequisites
Ensure that Python 3.8+ is installed, along with the Cryptography and Requests libraries.
pip install cryptography requests
Step 5: Installing the Package
Use pip to install the package:
pip install --user git+https://github.com/dcoles/acme-linode-objectstorage.git
Step 6: Generating Let's Encrypt Account Key
Before proceeding, navigate to the desired directory, such as the user's home directory with cd ~
, or any preferred location for storing the .pem
file.
Then, generate the Let's Encrypt account key using the command:
openssl genrsa 4096 > account_key.pem
Step 7: Create Linode API Personal Access Token
Create a Linode API Personal Access Token with Read/Write permission
to Object Storage.
Step 8: Provision a certificate for this bucket:
Execute the following code, make sure to replace Your Personal Access Token
with your actual Linode Personal Access Token, assets.example.com
with your desired domain name, and ap-south-1
with your Linode Object Storage cluster region before executing the following command.
The recent update removed the -C / --cluster argument. The package will now find all the matching buckets across all clusters automatically.
export LINODE_TOKEN=Your Personal Access Token
# python3 -m acme_linode_objectstorage -k account_key.pem -C ap-south-1 assets.example.com --agree-to-terms-of-service
python3 -m acme_linode_objectstorage -k account_key.pem assets.example.com --agree-to-terms-of-service
# Output:
# INFO:root:Generating 2048-bit RSA private key
# INFO:root:Creating CSR for assets.example.com
# INFO:root:Registering account
# INFO:root:Creating new order for assets.example.com
# INFO:root:Performing authorizations
# INFO:root:Finalizing order
# INFO:root:Updating certs
Step 9: Setting up Automatic SSL Renewal
Set up a cron job to run the renewal script periodically.
Open the crontab editor by running the following command:
crontab -e
Add a new line to the crontab file to schedule the SSL renewal script to run. For example, to run the renewal script at midnight on the 1st day of every second month.
0 0 1 */2 * python3 -m acme_linode_objectstorage -k /path/to/account_key.pem assets.example.com
Save and exit the crontab editor. The cron job is now set up to automatically renew your SSL certificate at the specified intervals.
Reference
Configure a Custom Domain (with a TLS/SSL Certificate) | Linode Docs
dcoles/acme-linode-objectstorage: ACME ("Let's Encrypt") client for Linode Object Storage (github.com)