Can we make it work with a private GCP bucket?

  • DKQ

    (@deepakkumarq)


    1 year, 6 months ago

    Is it possible to somehow make this plugin work with a private GCP bucket? From the security point of view this will help to prevent direct access to the bucket files.

Viewing 1 replies (of 1 total)

  • i do this.

    to achieve, i use nginx (which runs my wordpress) also hav an assets endpoint, this does a caching reverse proxy to the gcs assets.

    In this way only my nginx accesses the gcs for read (and the wordpress backend does read/write as needed via this plugin).

    location @www {
    proxy_cache_valid      200  96h;
    expires 1y;
    include /rules/server.d/assets.inc;
}

    and then in assets.inc

        limit_except GET HEAD OPTIONS {
        deny all;
    }
    proxy_set_header    Host storage.googleapis.com;
    proxy_pass https://assets/mybucket$uri;
    proxy_intercept_errors on;
    proxy_http_version  1.1;
    proxy_set_header    Connection "";
    proxy_hide_header x-goog-meta-size;
    proxy_hide_header x-goog-meta-width;
    proxy_hide_header x-goog-meta-height;
    proxy_hide_header x-goog-meta-object-id;
    proxy_hide_header x-goog-meta-source-id;
    proxy_hide_header x-goog-meta-file-hash;
    proxy_hide_header x-goog-meta-child-of;

    this is just a snippet, you get the idea.

Viewing 1 replies (of 1 total)
  • The topic ‘Can we make it work with a private GCP bucket?’ is closed to new replies.