Self hosting

This guide explains how to self-host MediaLit with an S3-compatible storage provider.

Requirements

Two buckets: one dedicated to private files and one to public files.
Private bucket access settings: public access disabled.
Public bucket access settings: public access enabled.

Configuring storage

AWS S3

1. Configure the private bucket AWS Private bucket private access

2. Configure the public bucket

2.1 Allow public access AWS Public bucket public access

2.2 Configure bucket policy

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "PublicReadAccess",
            "Effect": "Allow",
            "Principal": "*",
            "Action": "s3:GetObject",
            "Resource": "arn:aws:s3:::<bucket>/<path-prefix>/*"
        }
    ]
}

3. Set environment variables

CLOUD_KEY=your_aws_access_key
CLOUD_SECRET=your_aws_secret_key
CLOUD_BUCKET_NAME=your_bucket_name
CLOUD_PUBLIC_BUCKET_NAME=your_public_bucket_name
CLOUD_REGION=ap-southeast-1
CDN_ENDPOINT=https://<bucket-name>.s3.<region>.amazonaws.com

Add CloudFront CDN

1. CloudFront distribution configuration

Add the public bucket to CloudFront as an origin.

2. Set environment variables

CDN_ENDPOINT=https://your-cloudfront-endpoint.example.com

In this setup, private URLs are served directly from S3. To serve private bucket content via CloudFront as well, keep reading.

3. Put the private bucket behind CloudFront

3.1. Add the private bucket to CloudFront

Add the private bucket to CloudFront as an origin.

Put both buckets behind CloudFront

3.2. Set environment variables

ACCESS_PRIVATE_BUCKET_VIA_CLOUDFRONT=true # Enables URL signing for CloudFront
CLOUDFRONT_PRIVATE_KEY="-----BEGIN PRIVATE KEY-----\nYOUR_PRIVATE_KEY_CONTENTS\n-----END PRIVATE KEY-----"
CLOUDFRONT_KEY_PAIR_ID=YOUR_KEY_PAIR_ID

Cloudflare R2

1. Configure the private bucket Cloudflare R2 private bucket config

2. Configure the public bucket Cloudflare R2 public bucket config