How to setup Object Storage for Peertube on Cloudron (iDrive e2)
-
- Public Access is needed for the Object Storage
Which of these access permissions should be assigned?
Read Only
Write Only
Read and Write
CustomIf you select "Custom" then an IAM policy field becomes available. (Are IAM and CORS the same?) Here are examples of IAM from the iDrive e2 site:
https://www.idrive.com/object-storage-e2/bucket-policy-examplesClaude AI has the following to say:
For PeerTube S3 object storage to work properly, I would recommend setting it to be public read access. Here is a breakdown of the different options and why public read is likely the best approach:
Read Only: This would not allow PeerTube to write new objects to S3, so it wouldn't work.
Write Only: This would allow PeerTube to write objects but not serve them back to users, so that wouldn't work.
Read Write: This gives full public access, when only public read access is required. Better to limit it to just reading.
Custom Permissions: You could customize advanced options, but public read is probably the right balance of access needed.
So public read access allows PeerTube to:
Upload and write video objects to S3 buckets
Serve and read those video objects back to users
Without allowing public deletion or overwritten of objects.
This makes public read access ideal for accessing PeerTube videos without unnecessary exposure. The objects are placed by PeerTube but available read-only publicly to play the videos.
I found this a bit confusing and asked Claude AI again:
Based on the explanation I provided, the best option to select for the PeerTube S3 storage setup is:
"Read Write"
While "Read Only" or "Write Only" alone would not be sufficient, Read Write will enable both the:
Writing of video objects by PeerTube to S3
Reading those uploaded video objects publicly back to viewers
This gives PeerTube the needed access while also exposing the video files themselves for public streaming access.
I mentioned setting custom object-level permissions before as a more complex approach. However, the options you listed are at the overall bucket level it seems.
So Read Write on the bucket, and then possibly setting the individual objects read-only after upload, would function appropriately in this case.
That allows compatibility with the provided options, while still achieving public readability of uploaded objects themselves.
- Public Access is needed for the Object Storage
-
@LoudLemur said in How to setup Object Storage for Peertube on Cloudron (iDrive e2):
Public Access is needed for the Object Storage
Generally speaking buckets do not need to be (and you probably don't want them to be) public. Public buckets are independently publicly browseable on the web not just accessible to the app.
-
@jdaviescoates said in How to setup Object Storage for Peertube on Cloudron (iDrive e2):
Generally speaking buckets do not need to be (and you probably don't want them to be) public.
Thanks for looking at my thread. It is confusing, because the Peertube documentation says that buckets should be public:
https://docs.joinpeertube.org/maintain/remote-storage
-
@LoudLemur said in How to setup Object Storage for Peertube on Cloudron (iDrive e2):
the Peertube documentation says that buckets should be public:
Interesting (and yes also confusing). I'm pretty sure mine aren't and still seem to be working fine.
-
@jdaviescoates said in How to setup Object Storage for Peertube on Cloudron (iDrive e2):
Generally speaking buckets do not need to be (and you probably don't want them to be) public. Public buckets are independently publicly browseable on the web not just accessible to the app
Do you think this might be to enable other instances following / subscribing to your own, so they might need access to those files?
-
@LoudLemur said in How to setup Object Storage for Peertube on Cloudron (iDrive e2):
Do you think this might be to enable other instances following / subscribing to your own, so they might need access to those files?
Good question, possibly, but I've really no idea.
Try subscribing to https://uniteddiversity.tv and/ or https://bridport.tv and let's see what happens...?
