Use a CDN for distributing assets

Question

Use a CDN for distributing assets

Closed this issue 10 months ago · 4 comments

We're currently using ActiveStorage's redirect mode to serve music and image files from S3. This means requests for these assets go through our render-hosted app and are served from the S3 bucket. We could put a CDN (probably AWS CloudFront) in front of this to improve the speed at which we serve the assets and reduce the load on the rails app.

Answer 1 · 2023-11-22T21:28:00.000Z

@ChrisLowis I’ve been doing some research and experiments with the ActiveStorage proxy mode. One thing I realised is that in this mode the S3 bucket has to be publicly accessible, because it can’t use the signed, time-limited URLs that it uses in redirect mode.

Example URL in redirect mode

http://localhost:3000/rails/active_storage/blobs/redirect/eyJfcmFpbHMiOnsibWVzc2FnZSI6IkJBaHBBaEFEIiwiZXhwIjpudWxsLCJwdXIiOiJibG9iX2lkIn19--cd648721c9621677701013074993ab4016b238ad/cover.jpg

redirects to:

https://jam-coop-development.s3.us-west-2.amazonaws.com/to7kv6wakt8x8mnqe8mtptlk9tx1?response-content-disposition=inline%3B%20filename%3D%22cover.jpg%22%3B%20filename%2A%3DUTF-8%27%27cover.jpg&response-content-type=image%2Fjpeg&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIA2FRRYGACYMMRGJ4P%2F20231122%2Fus-west-2%2Fs3%2Faws4_request&X-Amz-Date=20231122T203131Z&X-Amz-Expires=300&X-Amz-SignedHeaders=host&X-Amz-Signature=244983d8b36b25a64b3dcbb6d0ca7a88c5707ec947dbea43531bbc7e18cb084a

Example URL in proxy mode (with fictional CDN)

http://assets.jam.coop/rails/active_storage/blobs/proxy/eyJfcmFpbHMiOnsibWVzc2FnZSI6IkJBaHBBaEFEIiwiZXhwIjpudWxsLCJwdXIiOiJibG9iX2lkIn19--cd648721c9621677701013074993ab4016b238ad/cover.jpg

no redirect

So while the URLs are obscure (which probably makes it hard to spider all of the assets in the bucket), there’s nothing stopping one user from buying an album, obtaining the download URL, and sharing the URL with their friends. The download URL is a permalink to the file.

Do you think this makes the approach unsuitable for the music downloads? Maybe we just use it for cover artwork and other assets that don’t have a monetary value…?

Answer 2 · 2023-11-23T07:40:40.000Z

Do you think this makes the approach unsuitable for the music downloads?

Maybe we just use it for cover artwork and other assets that don’t have a monetary value…? I'm not sure I'd worry about that too much. At the moment people can already: - download the lower bitrate files from the album preview page - share the link to the purchase completion page - share the contents of the zip file itself We'll never be able to do anything about the last and it'd probably be hard to do anything about the first two. Not to mention there's probably many other options to get the music for free elsewhere. Bandcamp (and the linked article) talk about this a bit too: https://get.bandcamp.help/hc/en-us/articles/360007902173-I-heard-you-can-steal-music-on-Bandcamp-What-are-you-doing-about-this- I think having a better/faster experience for those who do decide to support probably outweighs these concerns. What do you think?

…

On Wed, 22 Nov 2023, 21:28 James Mead, ***@***.***> wrote: @ChrisLowis <https://github.com/ChrisLowis> I’ve been doing some research and experiments with the ActiveStorage proxy mode. One thing I realised is that in this mode the S3 bucket has to be publicly accessible, because it can’t use the signed, time-limited URLs that it uses in redirect mode. Example URL in redirect mode http://localhost:3000/rails/active_storage/blobs/redirect/eyJfcmFpbHMiOnsibWVzc2FnZSI6IkJBaHBBaEFEIiwiZXhwIjpudWxsLCJwdXIiOiJibG9iX2lkIn19--cd648721c9621677701013074993ab4016b238ad/cover.jpg redirects -> https://jam-coop-development.s3.us-west-2.amazonaws.com/to7kv6wakt8x8mnqe8mtptlk9tx1?response-content-disposition=inline%3B%20filename%3D%22cover.jpg%22%3B%20filename%2A%3DUTF-8%27%27cover.jpg&response-content-type=image%2Fjpeg&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIA2FRRYGACYMMRGJ4P%2F20231122%2Fus-west-2%2Fs3%2Faws4_request&X-Amz-Date=20231122T203131Z&X-Amz-Expires=300&X-Amz-SignedHeaders=host&X-Amz-Signature=244983d8b36b25a64b3dcbb6d0ca7a88c5707ec947dbea43531bbc7e18cb084a Example URL in proxy mode (with fictional CDN) http://assets.jam.coop/rails/active_storage/blobs/proxy/eyJfcmFpbHMiOnsibWVzc2FnZSI6IkJBaHBBaEFEIiwiZXhwIjpudWxsLCJwdXIiOiJibG9iX2lkIn19--cd648721c9621677701013074993ab4016b238ad/cover.jpg -> *no redirect* So while the URLs are obscure (which probably makes it hard to spider all of the assets in the bucket), there’s nothing stopping one user from buying an album, obtaining the download URL, and sharing the URL with their friends. The download URL is a permalink to the file. Do you think this makes the approach unsuitable for the music downloads? Maybe we just use it for cover artwork and other assets that don’t have a monetary value…? — Reply to this email directly, view it on GitHub <#30 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AAAECQZDVN7UMFHXNX7AJWDYFZU6ZAVCNFSM6AAAAAA5662NHSVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTQMRTGUZTGMJWGA> . You are receiving this because you authored the thread.Message ID: ***@***.***>

Answer 3 · 2023-11-23T08:39:23.000Z

I think having a better/faster experience for those who do decide to support probably outweighs these concerns. What do you think?

Yeah, that makes complete sense, particularly given the nature of the majority of users who presumably want to support the artists. I remember Hookline being very concerned about this issue, but the target audience there was much more commercial, so I think this is a very different scenario. I just wanted to make sure it was a conscious decision and that you're comfortable that we can justify it to the artists.

Answer 4 · 2023-12-10T11:08:25.000Z

Addressed in #87.