LogoMediaLit Docs

Self hosting

Learn how to host MediaLit API

This guide explains how to self-host MediaLit with an S3-compatible storage provider.

Requirements

  1. Two buckets: one dedicated to private files and one to public files.
  2. Private bucket access settings: public access disabled.
  3. Public bucket access settings: public access enabled.

Configuring storage

AWS S3

1. Configure the private bucket AWS Private bucket private access

2. Configure the public bucket

2.1 Allow public access AWS Public bucket public access

2.2 Configure bucket policy

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "PublicReadAccess",
            "Effect": "Allow",
            "Principal": "*",
            "Action": "s3:GetObject",
            "Resource": "arn:aws:s3:::<bucket>/<path-prefix>/*"
        }
    ]
}

3. Set environment variables

CLOUD_KEY=your_aws_access_key
CLOUD_SECRET=your_aws_secret_key
CLOUD_BUCKET_NAME=your_bucket_name
CLOUD_PUBLIC_BUCKET_NAME=your_public_bucket_name
CLOUD_REGION=ap-southeast-1
CDN_ENDPOINT=https://<bucket-name>.s3.<region>.amazonaws.com

Add CloudFront CDN

1. CloudFront distribution configuration

Add the public bucket to CloudFront as an origin.

2. Set environment variables

CDN_ENDPOINT=https://your-cloudfront-endpoint.example.com

In this setup, private URLs are served directly from S3. To serve private bucket content via CloudFront as well, keep reading.

3. Put the private bucket behind CloudFront

3.1. Add the private bucket to CloudFront

Add the private bucket to CloudFront as an origin.

Put both buckets behind CloudFront

3.2. Set environment variables

ACCESS_PRIVATE_BUCKET_VIA_CLOUDFRONT=true # Enables URL signing for CloudFront
CLOUDFRONT_PRIVATE_KEY="-----BEGIN PRIVATE KEY-----\nYOUR_PRIVATE_KEY_CONTENTS\n-----END PRIVATE KEY-----"
CLOUDFRONT_KEY_PAIR_ID=YOUR_KEY_PAIR_ID

Cloudflare R2

1. Configure the private bucket Cloudflare R2 private bucket config

2. Configure the public bucket Cloudflare R2 public bucket config

3. Set environment variables

CLOUD_KEY=your_cloudflare_r2_access_key
CLOUD_SECRET=your_cloudflare_r2_secret_key
CLOUD_BUCKET_NAME=your_private_bucket_name
CLOUD_PUBLIC_BUCKET_NAME=your_public_bucket_name
CLOUD_REGION=auto
CLOUD_ENDPOINT=https://<your-account-id>.r2.cloudflarestorage.com
CLOUD_ENDPOINT_PUBLIC=https://<your-account-id>.r2.cloudflarestorage.com # Same URL as CLOUD_ENDPOINT
CDN_ENDPOINT=https://<your-cdn-endpoint>.r2.dev # For accessing public bucket content

In the Cloudflare setup, you cannot serve private bucket content through the CDN.

Upload Media POST

Upload a new media file. Use API key auth from Authorize (`x-medialit-apikey`) or pass `x-medialit-signature` for this endpoint only.

Migrate to dual bucket architecture

Learn how to migrate from single bucket to dual bucket architecture

On this page

RequirementsConfiguring storageAWS S3Add CloudFront CDNCloudflare R2