The purpose of this project is to provide a Cloudflare worker which reads from a private Backblaze B2 bucket, to provide an easy way to utilize Cloudflare as a CDN for any kind of static content.
The service is deployed as a Cloudflare Worker and uses environment variables for parameters.
Requires Wrangler.
wrangler devSee note about Environment Variables in Development Environment below.
The application expects to receive environment variables from Cloudflare to set the environment. The variables are described below.
| Name | Description | Example Value |
|---|---|---|
AUTH_HEADER |
This is a user:password pair, base64 encoded. The word "Basic" and a space must prepend the entry. See below for instructions on getting this value. | Basic dXNlcm5hbWU6cGFzc3dvcmQK |
BUCKET_NAME |
The name of the bucket in Backblaze B2. | my-cool-bucket |
CACHE_CONTROL |
The time that cache should be valid for the files in the bucket. This affects both the B2 cache as well as Cloudflare. It is reccomended to set this within wrangler.jsonc. | "public,max-age=172800" |
See more details about setting these values in a production deployment in Deployment.
When using variables in conjunction with wrangler dev, they must be set according to the following.
You will need a CLOUDFLARE_API_TOKEN set as an environment variable. It is recommended to use the "Edit Workers" template for this token, when setting it up.
- Within Backblaze, add an application key for your bucket.
- Select the appropriate bucket (not "All" unless you know what you're doing)
- Select "Read Only"
- Provide a duration less than 1000 days in the future, specified in seconds. Since this will need to rotate, it is reccomended (for this application's purpose) a maximum value of
86400000. (As of this writing it is possible to create a application key without expiration)
Upon creating the app key, use the values for keyID and applicationKey by Backblaze to generate the base-64 encoded Basic authorization header:
# The -n flag is important to prevent a newline character from being added to the base64 string.
$ AUTH=$(echo -n keyID:applicationKey | base64)
$ VALUE="Basic $AUTH"
$ echo $VALUE
Basic dXNlcm5hbWU6cGFzc3dvcmQ=Use the contents of $VALUE (including "Basic ") as generated following the steps above, within the environment variable AUTH_HEADER. This can be done through the Cloudflare console or using wrangler:
wrangler secret put AUTH_HEADERBoth the username:password pair and authorization value should be treated as a secret. Within Backblaze it is not possible to change or view the keys after creation, they must be regenerated as new keys!
The bucket name of the B2 bucket needs to be expressed with the environment variable BUCKET_NAME.
This can be done through the Cloudflare console or using wrangler:
wrangler secret put BUCKET_NAMEIf the bucket name is not considered secret (or if your deployment is appropriately protected) you can put this in your wrangler.toml:
{
"vars": {
"BUCKET_NAME": "my-cool-bucket"
}
}The environment variable CACHE_CONTROL must be in your wrangler.toml:
{
"vars": {
"CACHE_CONTROL": "public,max-age=172800"
}
}max-age can be a fairly high value if your content does not change often. The value is in seconds.
wrangler publishUtilize the worker's endpoint to access your files in your private bucket! This can be done in the browser, through a shell program, or anything that uses HTTPS. The worker handles the middleware between your browser, the Cloudflare cache, and the B2 bucket.
curl my-secret-bucket.example.workers.dev/pictures-of-cats/fatkitty.jpgSee TESTING.MD.
{ "vars": { "BUCKET_NAME": "my-cool-bucket", "CACHE_CONTROL": "public,max-age=172800" } }