From 23cc57db012d6051eec27cd36b858c3346c8babb Mon Sep 17 00:00:00 2001 From: Nic <123965403+ngayerie@users.noreply.github.com> Date: Thu, 17 Oct 2024 18:53:40 +0200 Subject: [PATCH 1/4] Delete src/content/docs/support/third-party-software/others/configuring-an-amazon-web-services-static-site-to-use-cloudflare.mdx SPM-2581 --- ...services-static-site-to-use-cloudflare.mdx | 144 ------------------ 1 file changed, 144 deletions(-) delete mode 100644 src/content/docs/support/third-party-software/others/configuring-an-amazon-web-services-static-site-to-use-cloudflare.mdx diff --git a/src/content/docs/support/third-party-software/others/configuring-an-amazon-web-services-static-site-to-use-cloudflare.mdx b/src/content/docs/support/third-party-software/others/configuring-an-amazon-web-services-static-site-to-use-cloudflare.mdx deleted file mode 100644 index 4eeac2e707a343e..000000000000000 --- a/src/content/docs/support/third-party-software/others/configuring-an-amazon-web-services-static-site-to-use-cloudflare.mdx +++ /dev/null @@ -1,144 +0,0 @@ ---- -pcx_content_type: troubleshooting -source: https://support.cloudflare.com/hc/en-us/articles/360037983412-Configuring-an-Amazon-Web-Services-static-site-to-use-Cloudflare -title: Configuring an Amazon Web Services static site to use Cloudflare - ---- - -## Overview - -You can use Cloudflare to proxy sites that rely on Amazon Web Services (AWS) to store static content using Amazon's Simple Storage Service (S3). - -This article assumes that: - -* your site is associated with a registered domain, and -* you have static content, such as images or HTML pages, to add to your S3 bucket. - -To get started, follow the instructions below. - -*** - -## Configure your AWS S3 buckets - -An AWS S3 bucket is a public cloud storage resource. These buckets are similar to file folders, and store objects containing data and descriptive metadata. Learn more about [](https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingBucket.html)[Working with Amazon S3 Buckets](https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingBucket.html). - -In this guide, let's assume that you'd like your site to be available via both: - -* A subdomain URL, such as `https://www.example.com`, and -* the apex domain (also known as "root domain") URL, such as `https://example.com`. - -To accomplish this, you will need to configure two S3 buckets by completing the tasks below. - -### Task 1 - Set up an S3 bucket for a subdomain - -To create and configure your subdomain S3 bucket, follow these instructions from Amazon: - -1. Use the AWS management console to [Create an S3 Bucket](https://docs.aws.amazon.com/AmazonS3/latest/user-guide/create-bucket.html). For the **Bucket name**, use the subdomain URL without the `https://` part; for example, `www.example.com`. -2. Then, [Configure an S3 Bucket for Static Website Hosting](https://docs.aws.amazon.com/AmazonS3/latest/user-guide/static-website-hosting.html). After you save the static website hosting configuration, you can skip disabling public access for your bucket. - -### Task 2 - Set up an S3 bucket for a apex domain - -After you've set up your subdomain bucket, you can create and configure your apex domain bucket. Follow these instructions from Amazon: - -1. Use the AWS management console to [Create an S3 Bucket](https://docs.aws.amazon.com/AmazonS3/latest/user-guide/create-bucket.html). For the **Bucket name**, use the domain URL without the `https://` part; for example, `example.com`. -2. Next, you need to redirect requests from this bucket's URL to the subdomain bucket URL you created. Follow the steps in [](https://docs.aws.amazon.com/AmazonS3/latest/user-guide/static-website-hosting.html)[](https://docs.aws.amazon.com/AmazonS3/latest/user-guide/redirect-website-requests.html)[Redirect Requests to an S3 Bucket Hosted Website to Another Host](https://docs.aws.amazon.com/AmazonS3/latest/user-guide/redirect-website-requests.html). For **Target Bucket or Domain**, enter the same bucket name that you used for the subdomain bucket in Task 1; for example, `www.example.com`. - -*** - -## Configure bucket policies to allow Cloudflare IP addresses - -Now that you've created your buckets and enabled hosting for static content, you can set up permissions to allow Cloudflare to access your bucket. This ensures that your site only responds to requests coming from the Cloudflare proxy. This is the [current list of IP address ranges](https://www.cloudflare.com/ips/) used by the Cloudflare proxy. - -To set up your policy: - -1. Follow these instructions from Amazon to [Add an S3 Bucket Policy](https://docs.aws.amazon.com/AmazonS3/latest/user-guide/add-bucket-policy.html). -2. For the step where you enter the policy in the **Bucket policy editor**, use this sample to fill out the needed JSON code, making sure to replace: - * `www.example.com` (appearing in `"Resource": "arn:aws:s3:www.example.com/*"`) with the S3 bucket name for your subdomain URL. - * The placeholder IP addresses with the current list of [Cloudflare IP addresses](https://www.cloudflare.com/ips) - -```json -{ - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "PublicReadGetObject", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:GetObject", - "Resource": "arn:aws:s3:::www.example.com/*", - "Condition": { - "NotIpAddress": { - "aws:SourceIp": [ - "192.2.0.1" (example IP address), - "192.2.0.2" (example IP address), - (add all IPs listed at https://www.cloudflare.com/ips) - ] - } - } - } - ] -} -``` - -*** - -## Upload static content to your S3 bucket - -To add static content to your S3 bucket, follow Amazon's instructions for [Uploading Files and Folders to an S3 Bucket](https://docs.aws.amazon.com/AmazonS3/latest/user-guide/upload-objects.html). - -:::caution - -When uploading static content, you must select the correct properties -and permissions. Also for each uploaded resource, enter the most -appropriate value for the *Content-Type* header as this affects the way -your content displays. -::: - -*** - -## Set up your site on Cloudflare - -:::note - -Consider creating a [Cloud Connector](/rules/cloud-connector/) rule for this step to automatically set all the Cloudflare settings required to route traffic to your bucket. - -::: - -Before setting up your site on Cloudflare, ensure you have the URLs or endpoints for both your subdomain and root buckets. For each bucket, you can find the URL in the AWS S3 console under **Properties** > **Static website hosting** > **Endpoint**. - -To get started: - -1. Follow the instructions to [Create a Cloudflare account and add a website](https://support.cloudflare.com/hc/articles/201720164). If you already have an account, you can go directly to **Add a domain to Cloudflare**. -2. When you get to the step to verify your DNS records in the **DNS query results** screen, you will need to create two new CNAME records for the subdomain and apex domain URLs, respectively. -3. Click **Add Record** to create the subdomain DNS record (e.g., `www.example.com`). Follow instructions for adding a *CNAME* record in [Managing DNS records in Cloudflare](https://support.cloudflare.com/hc/articles/360019093151). - * In the **Name** field, enter the subdomain name; for example, *www*. - * In the **Value** field, enter the subdomain bucket endpoint. Do not include the `https://` part. - * Click **Save**. -4. Next for the apex domain (e.g. `example.com`), click **Add Record.** Follow instructions for adding a *CNAME* record in [Managing DNS records in Cloudflare](https://support.cloudflare.com/hc/articles/360019093151). - * In the **Name** field, enter the apex domain name; for example, *example.com*. - * In the **Value** field, the apex domain bucket endpoint. Do not include the `https://` part. - * Click **Save**. -5. Since S3 static sites do not support HTTPS by default, use a [Configuration Rule](/rules/configuration-rules/settings/#ssl) to set the **SSL Mode** to [Flexible](/ssl/origin-configuration/ssl-modes/). -6. To finish, [Change your domain nameservers to Cloudflare](https://support.cloudflare.com/hc/articles/205195708). - -Once your site is fully configured in Cloudflare, your visitors can access your AWS S3 hosted content using either the subdomain or apex domain endpoint you set up. - -*** - -## Troubleshooting - -*I keep getting “Invalid hostname: Use ‘@’ to represent the root domain.” when creating DNS records in Cloudflare.*  - -* Make sure you are creating CNAME records and not another record type. - -*** - -*Cloudflare is my domain name registrar and I don’t know how to change my nameservers.* - -* You don’t need to change the nameservers if you are already using Cloudflare as a domain name registrar. - -*** - -*My static HTML pages show up as HTML code without any formatting on my domain.* - -* Ensure that you have selected the correct metadata options in **Set Properties** > **Metadata** > **Header:** *Content-Type*, **Value:** *text/html*. From 9db916bac42243e7670ff8113712ccf827749e25 Mon Sep 17 00:00:00 2001 From: Nic <123965403+ngayerie@users.noreply.github.com> Date: Thu, 17 Oct 2024 18:54:58 +0200 Subject: [PATCH 2/4] Delete src/content/docs/support/third-party-software/others/enabling-cloudflare-ssl-on-azure-storage-static-web-hosting-applications.mdx SPM-2581 --- ...torage-static-web-hosting-applications.mdx | 89 ------------------- 1 file changed, 89 deletions(-) delete mode 100644 src/content/docs/support/third-party-software/others/enabling-cloudflare-ssl-on-azure-storage-static-web-hosting-applications.mdx diff --git a/src/content/docs/support/third-party-software/others/enabling-cloudflare-ssl-on-azure-storage-static-web-hosting-applications.mdx b/src/content/docs/support/third-party-software/others/enabling-cloudflare-ssl-on-azure-storage-static-web-hosting-applications.mdx deleted file mode 100644 index 81c9339dc036999..000000000000000 --- a/src/content/docs/support/third-party-software/others/enabling-cloudflare-ssl-on-azure-storage-static-web-hosting-applications.mdx +++ /dev/null @@ -1,89 +0,0 @@ ---- -pcx_content_type: troubleshooting -source: https://support.cloudflare.com/hc/en-us/articles/360021902391-Enabling-Cloudflare-SSL-on-Azure-Storage-Static-Web-Hosting-Applications -title: Enabling Cloudflare SSL on Azure Storage Static Web Hosting Applications - ---- - -## Overview - -Static Web Hosting allows an Azure storage container to directly serve static content.  However, the current [Azure Static Web Hosting](https://docs.microsoft.com/en-us/azure/storage/blobs/storage-blob-static-website) technology stack does not support SSL for certain URLs. For example, if *foo.com* were the domain using Static Web Hosting, traffic destined for *[https://www.foo.com](https://www.foo.com)* and *[https://foo.com](https://foo.com)* could not use SSL.  However, proxying Static Web Hosting Applications through Cloudflare allows SSL to be enabled for these URLs. - -Static Web Hosting enables https with the following URLs, for example, if *foo.com* is the domain: - -``` -https://<>.blob.core.windows.net/ -https://<>.<>.web.core.windows.net -``` - -A Static Web Hosting custom domain, *foo.com*, uses a *CNAME* to point to another *CNAME* which utilizes the **\*.blob, \*.web** URLs.  That *CNAME* then resolves to another *CNAME* which is the *A record* of the FE pool for the Azure storage account.  To clarify this configuration, refer to the following example: - -``` -storage.foo.com CNAME foo.blob.core.windows.net -foo.blob.core.windows.net CNAME blob.exampleprdstr01.store.core.windows.net -blob.exampleprdstr01.store.core.windows.net A 13.78.152.64 -``` - -:::note - -Currently, one IP address is returned for the *A record* except in the -case of ZRS (zone redundant storage) which will return the IP addresses -of all FE pools (one in each availability zone). -::: - -Route traffic from the Static Web Hosting application to Cloudflare in order to enable Cloudflare SSL: - -`Browser <—SSL—> Cloudflare Proxy <—SSL—> Static Web Hosting` - -[Setup a Cloudflare Account](https://support.cloudflare.com/hc/en-us/articles/360021902391#h_21187007881548695540718) to get started. - -*** - -## Create a Cloudflare Account - -To receive SSL on a custom domain: - -1\. Create a new Cloudflare account or use an existing account.  - -2\. Enter the name of your custom domain under **Add Your Site**. - -3\. Cloudflare queries authoritative DNS servers for the DNS records registered for the domain. - -*** - -## Choose a plan - -Select the Free, Pro, or Business plan for the domain. If you choose Free or Pro, Cloudflare will generate an SSL certificate for communications between browsers and the Cloudflare proxy. If you prefer to upload your own SSL certificate to Cloudflare, choose the Business plan. - -*** - -## Select a DNS Method - -If you want Cloudflare to provide authoritative DNS, use the Cloudflare nameservers provided for your domain and place them in the DNS manager of your domain registrar. - -If you want to [use the CNAME method](https://support.cloudflare.com/hc/articles/360020348832), you’ll need to follow additional steps. - -*** - -## Select an SSL Method - -When logged into your Cloudflare account, select the **Overview** tab **SSL/TLS** app.  The default **SSL** setting is Flexible SSL; however, there are [other SSL options](https://support.cloudflare.com/hc/articles/200170416).  - -:::note - -For domains activated on Free or Pro plans, it may take up to 24 hours -for new SSL certificates to issue. -::: - -Because DNS settings are cached in various locations throughout the Internet, including on a client's browser, changes to SSL settings may take time to propagate and start functioning as expected. - -If you want an HTTPS connection between CF and Azure, a valid SSL certificate must be installed on the blob itself. Since this is enabled in Azure by default, you may immediately change your SSL settings to *Full* or *Full (strict)* to ensure encryption between the client, Cloudflare, and Azure. - -*** - -## Related resources - -* [Create a Cloudflare account and add a domain](https://support.cloudflare.com/hc/articles/201720164) -* [Understanding a CNAME setup](https://support.cloudflare.com/hc/articles/360020348832) -* [What SSL certificates are available through Cloudflare?](https://support.cloudflare.com/hc/articles/203295200) -* [What are the SSL configuration options?](https://support.cloudflare.com/hc/articles/200170416) From c6de7bbba8c798e1df39abacf7bc4e4a635b1124 Mon Sep 17 00:00:00 2001 From: Nic <123965403+ngayerie@users.noreply.github.com> Date: Thu, 17 Oct 2024 18:56:45 +0200 Subject: [PATCH 3/4] Update providers.mdx SPM-2581 --- src/content/docs/rules/cloud-connector/providers.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/content/docs/rules/cloud-connector/providers.mdx b/src/content/docs/rules/cloud-connector/providers.mdx index 83903d1d0242a13..8d22a6c822e3da4 100644 --- a/src/content/docs/rules/cloud-connector/providers.mdx +++ b/src/content/docs/rules/cloud-connector/providers.mdx @@ -36,7 +36,7 @@ Cloud Connector supports both subdomain and URI path-style URLs: 3. Go to the **Properties** tab. 4. Select the **Static Website Hosting** card. The **Endpoint** field shows your bucket URL. -For more information, refer to the [Configuring an Amazon Web Services static site to use Cloudflare](/support/third-party-software/others/configuring-an-amazon-web-services-static-site-to-use-cloudflare/#set-up-your-site-on-cloudflare) tutorial and [Amazon S3 documentation](https://docs.aws.amazon.com/AmazonS3/latest/userguide/EnableWebsiteHosting.html). +For more information, refer to the [Amazon S3 documentation](https://docs.aws.amazon.com/AmazonS3/latest/userguide/EnableWebsiteHosting.html). ## Google Cloud Platform - Cloud Storage From 984cc8be4d216a6600be04502ab669fe5483fbaa Mon Sep 17 00:00:00 2001 From: Nic <123965403+ngayerie@users.noreply.github.com> Date: Thu, 17 Oct 2024 19:01:16 +0200 Subject: [PATCH 4/4] Update _redirects SPM-2581 --- public/_redirects | 3 +++ 1 file changed, 3 insertions(+) diff --git a/public/_redirects b/public/_redirects index 0ae2f87e89930ea..db8e1f2144dfb13 100644 --- a/public/_redirects +++ b/public/_redirects @@ -1124,6 +1124,9 @@ /support/account-management-billing/account-privacy-and-security/ /support/account-management-billing/ 301 /support/troubleshooting/general-troubleshooting/troubleshooting-surges-or-spikes-in-web-traffic/ /fundamentals/basic-tasks/preparing-for-surges-or-spikes-in-web-traffic/ 301 /support/troubleshooting/general-troubleshooting/preparing-for-surges-or-spikes-in-web-traffic/ /fundamentals/basic-tasks/preparing-for-surges-or-spikes-in-web-traffic/ 301 +/support/third-party-software/others/configuring-an-amazon-web-services-static-site-to-use-cloudflare/ /rules/cloud-connector/providers/ 301 +/support/third-party-software/others/enabling-cloudflare-ssl-on-azure-storage-static-web-hosting-applications/ /rules/cloud-connector/providers/ 301 + # r2 /r2/platform/s3-compatibility/api/ /r2/api/s3/api/ 301