I set up a DreamObjects test bucket awhile ago. My plan is to set it up with a site that has a lot of people uploading products for sale and these products are designed to be publicly displayed.
When a user uploads a photo, I have this script set up:
define('AWS_KEY', '********************'); define('AWS_SECRET_KEY', '******************************'); define('HOST', 'https://objects-us-west-1.dream.io'); // require the AWS SDK for PHP library require('aws/aws-autoloader.php'); use Aws\S3\S3Client; // Establish connection with DreamObjects with an S3 client. $client = S3Client::factory(array( 'base_url' => HOST, 'key' => AWS_KEY, 'secret' => AWS_SECRET_KEY )); $key = '250/1/1/1/image.jpg'; // path that describes image saved in our database (thumbnail size, etc). $source_file = 'image.jpg'; // file uploaded by user $acl = 'public-read'; $bucket = 'mybucket'; $client->upload($bucket, $key, fopen($source_file, 'r'), $acl);
I’m assuming this makes the image object itself “public” and it stays that way permanently and will load up properly for sites visitors? On the bucket itself, there is also a private/public permission. Do I also set this to “public” as well, or are there security concerns I need to be aware of that requires just the bucket to remain private?
My end goal is to simply allow all these images to load up publicly, so how should I set up the permissions for buckets/objects? Right now, I have both of them set to “public”.
Lastly, I am using CNAME to have my own image “i” sub-domain, like (https://i.mydomain.com). I noticed strange behavior on my test site. It seems like if I don’t view the site for a few hours/days and then come back, the images don’t load up anymore even after refreshing the page a few times, and then if I mess around with the permissions and save the same changes again, the images load normally again. I suspect it might have something to do with my alias not having SSL available on my alias, such as my HTTPS domain trying to load (and block) unsecure images, but I an not sure. How do I set up a Let’s Encrypt SSL for https://i.mydomain.com (which has a DNS CNAME to mybucket.objects-us-west-1.dream.io)?