How to use Wasabi Object Storage with Mastodon’s Amazon S3 Adapter

Wasabi is a cost effective alternative to Amazon S3. With it you can use existing tools built for Amazon S3 at low cost. Wasabi is great for instance owners like me who don’t have a small fortune to spent on cloud services. This blog post discusses the configuration I used for LGBTQIA.is using Mastodon v3.0.1 Catgirl Edition (the S3 Adapter is to the best of my knowledge identical to that of Vanilla Mastodon) to use Wasabi Object Storage.

Configuring Mastodon

I used the following Mastodon .env configuration to make Wasabi work. This configuration should go in .env.production. You’ll need to set your own S3_BUCKET, AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, and S3_CLOUDFRONT_HOST data. You’ll notice the S3_REGION is us-east-1 while the S3_ENDPOINT is https://s3.us-east-2.wasabisys.com/. This is intentional and not a typo. It’s explained further at the end of the article.

S3_ENABLED=true
S3_BUCKET=YOUR_BUCKET_NAME
S3_REGION=us-east-1
AWS_ACCESS_KEY_ID=YOUR_ACCESS_KEY
AWS_SECRET_ACCESS_KEY=YOUR_SECRET_KEY
S3_PROTOCOL=https
S3_HOSTNAME=s3.wasabisys.com
S3_CLOUDFRONT_HOST=media.your.hostname
S3_ENDPOINT=https://s3.us-east-2.wasabisys.com/

Configuring Nginx

I choose to proxy my media traffic through nginx. This allows for you to change the object storage provider should Wasabi ever cease operations or if you become unhappy with their pricing model without affecting remote instances who would have linked to the old URLs at Wasabi. It is also nice if you want to use Cloudflare’s Free CDN to proxy image traffic without proxying all Mastodon traffic. Remember that you need to update server_name and your_bucket_name for this to work correctly.

server {
        listen 443 ssl http2;
        listen [::]:443 ssl http2;
        server_name media.your.hostname;

        ssl_certificate /etc/nginx/ssl/cert.pem;
        ssl_certificate_key /etc/nginx/ssl/privkey.pem;
	set $backend "https://s3.us-east-2.wasabisys.com:443";

        location / {
		resolver 1.1.1.1;
                proxy_cache mastodon_media;
                proxy_cache_revalidate on;
                proxy_buffering on;
                proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
                proxy_cache_background_update on;
                proxy_cache_lock on;
                proxy_cache_valid 1d;
                proxy_cache_valid 404 1h;
                proxy_ignore_headers Cache-Control;
		proxy_set_header Host 's3.us-east-2.wasabisys.com';
                add_header X-Cached $upstream_cache_status;
		proxy_pass $backend/your_bucket_name$uri;
        }

}

Known Issues with Wasabi’s S3 Implementation

When using the us-east-2 region you must still set us-east-1 as your S3_REGION while using the https://s3.us-east-2.wasabisys.com/ endpoint. Authentication fails otherwise and you’ll be unable to upload objects. This is confusing behavior and I hope it’s fixed in the future. My only other complaint is they tend to have more frequent outages than Amazon S3 but it’s understandable at the lower price point.

Conclusion

Wasabi provides a low cost alternative to Amazon S3 at the cost of a confusing configuration. If you’ve followed this tutorial correctly your Mastodon instance will now use Wasabi. If this isn’t a new instance be sure to move your existing media files over with rclone.