It’s a CORS issue. It’s already fixed in Khatru, but I haven’t had time to update Haven yet. I also want to clean up my changes and add caching to these CORS headers directly in khatru. If @utxo the webmaster 🧑💻
doesn’t get to it first, I’ll try to update Haven this weekend. For now, you can enforce the CORS headers in Nginx at the location level (see below). However, I don’t recommend this from a security perspective.
https://haven.accioly.social/7b1004156efc88dd8b1125a3aa50b08cdc4e6b0d0ee68c34e05d2dd80d8b266f.svg
With CORS headers in place, Cloudflare works smoothly on top of Nginx/Docker. Just be careful not to serve videos through Cloudflare as it’s against their ToS. I’ve been there before with my personal Mastodon instance and migrating media to a proper CDN wasn't one of my top 10 favourite activities.
CC: @The Ben [PLEASE COPY MY WORK] , @hzrd149
Ouch. I think I do serve videos in my mastodon instance. I'll have to check their ToS for that. What happened to you? They suspended your account or something? How did you solve that?
I left this note with Cloudflare ToS for the other frog-loving fren on Nostr:
nostr:nevent1qqs9a2xy3spvsslv8kxv3jaelfqs3vsu0p27m2gqfldk5ytaqlxsseqprdmhxue69uhksctkv4hzuctrvd5k7mre9eek7cmfv9kz7q3qa6we08n7zsv2na689whc9hykpq4q6sj3kaauk9c2dm8vj0adlajqxpqqqqqqzle32jt
In my case, they didn’t suspend my account. Cloudflare just started publicly restricting the videos (it’s "fun" – they actually serve media that says the video was restricted and you’re in violation of their ToS).
Mastodon has “S3-like” API support, but back then (this was years ago – no idea if things have improved) migrating media from the file system to S3-like services on Mastodon was pretty much open-heart surgery. I ended up with an "unproxied" (from Cloudflare’s perspective) subdomain hitting a new "video friendly" cheap CDN serving media from the S3 Like service.
The good news is I learned a lot about Mastodon internals and even some DevOps-y stuff in the process. 10/10, would definitely recommend. 😂
Migrating from and to S3 in mastodon is still a PitA. They haven't restricted me yet, but if they do, i can just move to DNS only, since it is already in an s3 like object storage.
And since i couldn't make blossom work, i wont be storing files in blossom anyways :-D
With my repo (and I’m sure The Ben’s repo will follow up), Blossom will work OOB with a simple docker/podman compose up – just give me a few days. :)
As for Mastodon, if you already have an Object Storage and is serving the media from a separate subdomain you’re golden; there's plenty of video-friendly CDNs out there. I self-hosted for a couple of years for $6 to $15 a month (yes, there are some great managed hosting options that actually do a proper job of giving you a solid backup if you need to check out your data at that price range, I myself surrendered to the convenience after self-hosting for several years).
i'm spending 28 USD/year for the VPS and 40 USD/year for an idrive-e2 object storage. that's less than 6 USD/month for the whole mastodon instance.
Nice! This is great pricing for sure. I'm honestly not up to date with good value for money ervices nowadays. But Hetzner and OVH has always served me well. Wasabi and Backblaze are also great options for storage. Bunny and Fastly also works well as CDNs.
i read a lot about wasabi having hidden fees, i was afraid to try. Backblaze was more expensive than idrive e2 when i checked (still is, 50 USD in idrive vs. 72 USD in backblaze).
I'll check bunny and fastly.
Ok, but a daft question, shouldn't the backend itself make CORS headers configurable? @utxo the webmaster 🧑💻
In my repo, I don't even want to install Nginx proxies, because every server operator should be able to configure and start those proxies themselves.
Of course it works with the header-configs from @Anthony Accioly, but it doesn't look great to open it at location level.
But I can see from the comments that we are apparently working on Haven. Super cool.
This one is on me Ben. Don't worry, Haven will have proper CORS support OOB soon. I just need some patience as I'm travelling and working on a gazillion other things at the moment and I want to get this right.