CDN with SSL and S3 Buckets
Making a CDN using AWS S3 buckets
Creating a CDN is very useful for fast and responsive asset hosting for websites and projects. In this tutorial, I will walk through the steps on how to step up an S3 bucket on amazon (blob file storage) create a subdomain to direct to it, and give it an TLS/SSL certificate.
Step 1 - S3 Bucket
The first step is to actually create the bucket. This must be the same name as the subdomain you’re using, in my case it’s s3vr.jaspertech.pro. Then go to Properties > Static website hosting > enable. Turn off “block all public access” and then add the following bucket policy to allow internet access:
1
2
3
4
5
6
7
8
9
10
11
12
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "PublicReadGetObject",
"Effect": "Allow",
"Principal": "*",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::s3vr.jaspertech.pro/*"
}
]
}
Create an index.html with something, upload it to your bucket, and configure it in the static website settings. This is required to serve your bucket as a static site.
Now there should be a static website being hosted with the contents of your bucket. That might be good enough for you, but if you want to set up HTTPS you can do these next steps.
Step 2 - Request a Certificate
Go to AWS Certificate Manager and request a new public certificate. I used DNS to verify ownership, which prompted me to create a CNAME record with the host _123456789abc.s3vr and the value _123456789abc.abc.acm-validation.aws (these are examples not the actual values) where s3vr is the subdomain for my assets.
You’ll need to wait a few minutes for the record to propagate, but if you did it correctly, the certificate will show as “issued” in the AWS certificate console.
Step 3 - Configuring Cloudfront CDN
Next, go to AWS Cloudfront > Distributions > Create distribution. Set the origin domain to your bucket, and set the protocol policy to redirect to HTTPS. In the general settings, add your subdomain as an alternate domain name CNAME (ex. s3vr.jaspertech.pro), and set the custom ssl certificate to the ACM certificate you created in step 2. In the overview for your distribution, copy the distribution domain name (ex. abc123abc.cloudfront.net).
Step 4 - Configure DNS
Finally, login to your DNS provider, and create a new CNAME record. Set the host value to your subdomain (ex. s3vr) and then the value to the cloudfront domain name you got in the last step.
It will take a few minutes to propagte, but when you vist your subdomain you should now see the index.html over HTTPS. Any files you upload to your bucket will be served via HTTPS to the internet.
Additional Notes for Streaming to Games
Now that’s all you need to setup, but there are a couple additional things you need to know so you don’t have to go through the same pain I did while troubleshooting.
- Enable “untrusted links” if needed if you’re using this for something like VRChat. This basically allows a game to contact any domain and not just the ones whitelisted by the developers.
- Sometimes using the “video” option on ingame media players would not stream audio, so you can use the “live” option instead. This doesn’t seem to work any differently, as you can still pause the stream.
- Check what audio codec your media is using. I used VLC for this, under
Tools > Codec Information.Stream 0will be your video codec, and any streams after that will be your audio codecs. This won’t be as much of a problem for newer media, but if you have older media files, and the sound ingame sounds too quiet or off, then convert your audio codec to stereo. You can use a tool like ffmpeg to do this with a command like
1
ffmpeg -i input.mkv -c:v copy -c:a aac -ac 2 output.mkv