Forked from Compute@Edge static content starter kit for Rust
Serve objects from a Storj bucket using Fastly Compute@Edge. Enables dynamic logic at the edge while sourcing objects from the decentralized(web3) cloud.
- Prefix the backend bucket hostname with your bucket prefix
- Serve a 404 page if the requested page is not found
- Remove extra headers sent by your storage provider, such as
x-goog-*
- Add Content Security Policy and other security-related headers
- Respond to CORS preflight requests
- Redirect requests for directories to index.html
- Serve robots.txt
- Authenticate requests to the origin with AWS Signature Version 4
- Add caching policy to content
- Strip query strings
- Add
Link: rel=preload
header to pre-fetch critical assets like fonts
When deploying your project, you will be prompted to configure the bucket_origin
backend. You can enter your bucket host here, or just hit enter to accept the defaults if you want to experiment with our mock backend:
Configure a backend called 'bucket_origin'
Hostname or IP address: [mock-s3.edgecompute.app]
Port: [443]
If your content is already in a bucket which is public to the internet, or in a private bucket which supports AWSv4-compatible authentication, you can get started right away by modifying src/config.rs
. The values you will need to set are:
BACKEND_NAME
- This should match the name of your storage backend in the Fastly UI.BUCKET_NAME
- The name of the bucket you want to access.BUCKET_HOST
- The hostname of the Storj DCS gateway, e.g.gateway.us1.storjshare.io
, excluding your bucket prefix.
For private buckets, set these values also:
BUCKET_SERVICE
- The service, as defined in your provider's AWSv4 docs, that you are using.s3
for Storj DCSBUCKET_REGION
- The region, as defined in your provider's AWSv4 docs, that you are using.auto
is fine for Storj DCS.
Optionally, you can update these values to configure the default functionality of the starter kit:
ALLOWED_HEADERS
- The headers that you want to allow from the origin to be passed to the user. This means headers such asx-goog-metadata
will be removed by default.ASSET_REGEX
- The regex used to determine assets to be preloaded for a given response body. Defaults to files in/assets/
.CONTENT_SECURITY_POLICY
- The value of theContent-Security-Policy
header used to determine origins that resources can be loaded from.
If your bucket requires authentication, you will need to create an edge dictionary named bucket_auth
with the following values:
access_key_id
- The HMAC access key ID for your service account with read access.secret_access_key
- The HMAC secret key for your service account with read access.
In addition to this, you will need to update the Cargo.toml
to replace default = []
with default = ["auth"]
. This will include the dependencies required to generate signed requests in your package.
This starter is feature-packed, and requires some extra dependencies on top of the fastly
crate to handle signing requests for S3/GCS. If you are using a public bucket for your origin, these dependencies will not be included.
This starter includes implementations of common patterns explained in our using Compute@Edge and VCL migration guides. Any of the code you see here can be modified or built upon to suit your project's needs.
To learn more about how Fastly communicates with your bucket host, read the Integrating third party services as backends guide. This is based on a VCL service, but you can utilise many of the same patterns with the help of the VCL migration guide.
Please see our SECURITY.md for guidance on reporting security-related issues.