[DigitalPoint] App for Cloudflare® 1.9.6

[Ridemonkey]

It can, but you would need to enable it (installing addon doesn’t make it happen just from installing). R2 can be used for data and/or internal_data folders, keeping permission checking intact.

Thanks, I've done a little more digging into the settings now.

So if I wanted to have minimal disruption to the live forum, I can stage the data using rclone by just doing a raw copy of the relevant data (e.g. /data/ or /internal_data/attachments) to an R2 bucket before enabling the setting. This will result in XF retrieving the files on behalf of the user from the R2 bucket, up until I enable the presigned URLs option at which point the users will grab the attachments directly from Cloudflare.

Does this have an effect on SEO/search engine results? It would seem to me like, if the search engine grabs a presigned URL during indexing (i.e. an attachment that is publicly viewable), the media link will not be relevant to hand out during, say, a Google Image search. Is this a reasonable concern or is there something I'm overlooking?

Edit: this also seems to result in some slightly weird user experiences - like a user can load a page, but then be unable to open an image in a new tab because the link expired. Hm. I understand why this is, just thinking about the tradeoffs.

Really appreciate the amount that you contribute from your own development work. I bought your Wordpress plugin and would happily pay for this one if it actually cost money!

 

[digitalpoint]

Thanks, I've done a little more digging into the settings now.

So if I wanted to have minimal disruption to the live forum, I can stage the data using rclone by just doing a raw copy of the relevant data (e.g. /data/ or /internal_data/attachments) to an R2 bucket before enabling the setting. This will result in XF retrieving the files on behalf of the user from the R2 bucket, up until I enable the presigned URLs option at which point the users will grab the attachments directly from Cloudflare.

Presigned URLs are an option, but not a requirement. You don’t need presigned URLs at any point for R2 to work. The rest is correct though… you can use rclone to pre-populate your bucket with existing data before you enable R2 in XenForo.

Does this have an effect on SEO/search engine results? It would seem to me like, if the search engine grabs a presigned URL during indexing (i.e. an attachment that is publicly viewable), the media link will not be relevant to hand out during, say, a Google Image search. Is this a reasonable concern or is there something I'm overlooking?

If you rely on attachments (the actual attachment hidden behind XenForo user permissions) for search engine traffic, I wouldn’t use the presigned URL option.

Really appreciate the amount that you contribute from your own development work. I bought your Wordpress plugin and would happily pay for this one if it actually cost money!

No worries… and thanks!

 

[Alpha1]

Presigned URLs are an option, but not a requirement. You don’t need presigned URLs at any point for R2 to work.

Am I correct that without presigned URLs there is no permissions check?

Is it still slow due to using http/1.1 or is it using http/2 or /3 now?

 

[digitalpoint]

Am I correct that without presigned URLs there is no permissions check?

There are still permission checks for attachments with or without persigned URLs.

Is it still slow due to using http/1.1 or is it using http/2 or /3 now?

Last I checked, presigned URLs are still limited to HTTP/1.1 (basically because presigned URLs are a part of Amazon's S3 protocol spec... and the entire Amazon S3 API only works under HTTP/1.1).

Either way, presigned URLs have never been a requirement for this addon to function normally. It's an option, not a requirement.

 

[Alpha1]

Thank you for explaining.
Could you please explain what the point is of presigned URL's instead of hosting from r2.domain.com/data/attachments/ and serve xf attachments from CF R2?

 

[digitalpoint]

Thank you for explaining.
Could you please explain what the point is of presigned URL's instead of hosting from r2.domain.com/data/attachments/ and serve xf attachments from CF R2?

Presigned URLs are only used for things that would be in the internal_data directory in XenForo (things that require permission checks). Nothing in the data directory (things like avatars and attachment thumbnails) have permission checking, so presigned URLs are not an option there.

At a basic level, a XenForo attachment is proxied through the /attachments/ route because that route acts as a gate to the actual attachment data that resides in say, internal_data/attachments/0/100-1234567890abcdef1234567890abcdef.data. The underlying attachment data is never accessed directly because that would bypass permission checks. By default XenForo proxies a local file through the /attachments/ route so it can do permission checking. R2 is effectively the same thing... the data is proxied through the /attachments/ route so permission checking can be done.

Presigned URLs allow you to still have permission checking, but without needing to proxy the data through your server. Basically presigned or not is just a difference if you want the attachment data itself to pass through your server or not. But both cases still keep permission checking intact. Presigned URLs might make sense for a server that is bandwidth resources constrained... like say a user is downloading a 1GB attachment, maybe you don't want 1GB of data going into your server from R2 and back out when you can just send them straight to the R2 server via a presigned URL.

 

[Alpha1]

Thank you Shawn!
It seems to me that presigned URL's are not very useful due to the slowness of http/1.1
We can still use R2 without presigned URLs, but as that hits the server, what is the point of doing this? What are the benefits?

 

[digitalpoint]

HTTP/1.1 is really only noticeably slower when you hit the concurrent hostname limitations (not using multiplexing). For a “normal” site where a user is only downloading 1 attachment at a time, it’s not measurably slower. If you are using full attachments for things like serving images on a page (so the user visiting a page is downloading 20 or 30 attachments concurrently because they visited the page), yes, it will be slower. But honestly, a site is probably doing it wrong in that case because why are you spinning up the entire XenForo stack for every image on a page in order to do permissions checking on the image? It’s a terrible idea for efficiency.

Personally, I use presigned URLs because I use attachments “normally”. I don’t have situations where users are downloading a zillion full attachments at the same time. That frees up bandwidth usage on my servers. But sites are free to do whatever best suits them (that’s why it’s an option).