My Digital Garden

Moving Mastodon Media to Object Storage

Moving Mastodon Media to Object Storage


Setup on Digitial Ocean

  1. Determine sub-domain we will serve media from

  2. In Digital Ocean control panel DNS, create DNS A entry for to public IP of droplet

  3. In DO control panel create space, note name (synesthesia-media)

  4. In Digitial Ocean control panel API/Spaces Keys create a new key with same name as bucket, make secure note of Access Key and Secret key

  5. On server, create new file /etc/nginx/sites-availavble/media

    proxy_cache_path /tmp/nginx_mstdn_media levels=1:2 keys_zone=mastodon_media:100m max_size=1g inactive=24h;
    server {
     listen 80;
     listen [::]:80;
     root /home/mastodon/live/public;
     location /.well-known/acme-challenge/ { allow all; }
     return 301$request_uri;
     access_log /dev/null;
     error_log /dev/null;
     server {
     listen 443 ssl http2;
     listen [::]:443 ssl http2;
     access_log /var/log/nginx/mstdn-media-access.log;
     error_log /var/log/nginx/mstdn-media-error.log;
     # Add your certificate and HTTPS stuff here
     ssl_protocols TLSv1.2 TLSv1.3;
     ssl_ciphers HIGH:!MEDIUM:!LOW:!aNULL:!NULL:!SHA;
     ssl_prefer_server_ciphers on;
     ssl_session_cache shared:SSL:10m;
     # Uncomment these lines once you acquire a certificate:
     # ssl_certificate     /etc/letsencrypt/live/;
     # ssl_certificate_key /etc/letsencrypt/live/;
     location /synesthesia-media/ {
         proxy_hide_header      Strict-Transport-Security;
         proxy_cache mastodon_media;
         proxy_cache_revalidate on;
         proxy_buffering on;
         proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
         proxy_cache_background_update on;
         proxy_cache_lock on;
         proxy_cache_valid 1d;
         proxy_cache_valid 404 1h;
         proxy_ignore_headers Cache-Control;
         add_header X-Cached $upstream_cache_status;
  6. ln -s /etc/nginx/sites-available/media /etc/nginx/sites-enabled/media

  7. nginx -t

  8. systemctl restart nginx

  9. Get certificate #TODO

  10. edit /etc/nginx/sites-available/media and uncomment certificate lines

  11. su mastodon

  12. add following in to Mastodon /home/mastodon/live/.env.production

  13. exit (back to root)

  14. systemctl restart mastodon*

  15. su mastodon

  16. s3cmd --configure
    should look something like

    screenshot of s3cmd config

  17. Copy media content to bucket
    s3cmd sync /home/mastodon/live/public/system/ s3://YOUR_S3_BUCKET_NAME_DO_SPACES_NAME/ --verbose

  18. Set ACLs tp public
    s3cmd setacl s3://YOUR_S3_BUCKET_NAME/ --acl-public --recursive

  19. remove local copies
    rm -rf /home/mastodon/live/public/system

See also