Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Cacheable Presigned URL with Cloudflare Workers

oliver
October 06, 2023
Technology
2
6.2k

Cacheable Presigned URL with Cloudflare Workers

2023年10月06日「Cloudflare Meetup Nagoya 第3回」にて発表した資料。
https://cfm-cts.connpass.com/event/294096/

oliver

October 06, 2023
Tweet

More Decks by oliver

See All by oliver
comilioとCloudflare、そして未来へと向けて
oliver_diary
6
440
テキストエディタのブラウザ実装 / tokyo_study
oliver_diary
0
270
迫り来る絶望的状況からの脱却物語 / #CEDEC2021
oliver_diary
7
15k
PWAとクラウドゲーミングの現状そしてPWAとOOParts
oliver_diary
3
11k
OOPartsによるPWA事例紹介
oliver_diary
2
9k
クラウドゲーミング最新開発事例 - #CEDEC2020
oliver_diary
6
16k
クラウドゲーミング時代のPWA
oliver_diary
0
11k
OOPartsが切り開く クラウドゲーミング ✖︎ PWA
oliver_diary
4
16k
今日から始めるFirestoreのテスト
oliver_diary
2
11k

Other Decks in Technology

See All in Technology
AWSマルチアカウント統制環境のすゝめ / 20250115 Mitsutoshi Matsuo
shift_evolve
0
110
Oracle Exadata Database Service(Dedicated Infrastructure):サービス概要のご紹介
oracle4engineer
PRO
0
12k
AWS re:Invent 2024 recap in 20min / JAWSUG 千葉 2025.1.14
shimy
1
100
Visual StudioとかIDE関連小ネタ話
kosmosebi
1
370
Cloudflareで実現する AIエージェント ワークフロー基盤
kmd09
0
290
Evolving Architecture
rainerhahnekamp
3
250
When Windows Meets Kubernetes…
pichuang
0
300
[IBM TechXchange Dojo]Watson Discoveryとwatsonx.aiでRAGを実現!座学①
siyuanzh09
0
110
#TRG24 / David Cuartielles / Post Open Source
tarugoconf
0
580
WantedlyでのKotlin Multiplatformの導入と課題 / Kotlin Multiplatform Implementation and Challenges at Wantedly
kubode
0
250
機械学習を「社会実装」するということ 2025年版 / Social Implementation of Machine Learning 2025 Version
moepy_stats
5
1k
iPadOS18でフローティングタブバーを解除してみた
sansantech
PRO
1
140

Featured

See All Featured
For a Future-Friendly Web
brad_frost
176
9.5k
Distributed Sagas: A Protocol for Coordinating Microservices
caitiem20
330
21k
Fashionably flexible responsive web design (full day workshop)
malarkey
406
66k
Exploring the Power of Turbo Streams & Action Cable | RailsConf2023
kevinliebholz
28
4.5k
The MySQL Ecosystem @ GitHub 2015
samlambert
250
12k
How to Create Impact in a Changing Tech Landscape [PerfNow 2023]
tammyeverts
49
2.2k
Testing 201, or: Great Expectations
jmmastey
41
7.2k
The Illustrated Children's Guide to Kubernetes
chrisshort
48
49k
The Pragmatic Product Professional
lauravandoore
32
6.4k
Rebuilding a faster, lazier Slack
samanthasiow
79
8.8k
Being A Developer After 40
akosma
89
590k
Helping Users Find Their Own Way: Creating Modern Search Experiences
danielanewman
29
2.4k

Transcript

  1. Cloud fl are Meetup Nagoya ୈ3ճ Cacheable Presigned URL with

    Cloudflare Workers 2023/10/06 oliver

  2. ࣗݾ঺հ • גࣜձࣾϢʔπʔςοΫʢ୅ද / ιϑτ΢ΣΞΤϯδχΞʣ • લલ৬͸޿ࠂ഑৴ɺલ৬͸Ϋϥ΢υήʔϛϯά • Cloud fl

    are͸਺೥લ͔Βͣͬͱ௥͔͚͍ͬͯΔ • ͱ͋Δࣄ৘Ͱେྔͷը૾഑৴ΛηΩϡΞͳঢ়ଶͰ഑৴͢Δٕज़͕ඞཁͱͳͬ ͍ͯΔʢͷͰɺࠓճͷLTͰݕূ݁ՌΛൃද͠Α͏ͱࢥͬͨʣ minakawadaiki.com

  3. ը૾഑৴ʹCloudflareΛ બ୒͢Δ1൪ͷཧ༝

  4. σʔλΤάϨεྉ͕ۚ 0ԁ͔ͩΒ https://www.cloud fl are.com/ja-jp/learning/cloud/what-are-data-egress-fees/

  5. ֎෦ʹஔ͔ΕͯΔը૾Λ CloudflareͰϓϩΩγ͢Δ

  6. ֎෦ʹஔ͔ΕͯΔը૾ΛCloudflareͰϓϩΩγ͢Δ • ύλʔϯ1ʢDNSΛCloud fl areͰ؅ཧͰ͖Δ৔߹ʣ • DNS ProxyΛઃఆͯ͋͛͠Ε͹OK • Ωϟογϡͤͨ͘͞ͳ͍΋ͷ·ͰΩϟογϡͤ͞ͳ͍Α͏ʹ஫ҙ

    https://developers.cloud fl are.com/support/third-party-software/others/con fi guring-an-amazon-web-services-static-site-to-use-cloud fl are/

  7. ֎෦ʹஔ͔ΕͯΔը૾ΛCloudflareͰϓϩΩγ͢Δ • ύλʔϯ2ʢDNSΛCloud fl areͰ؅ཧͰ͖ͳ͍৔߹ʣ • Cloud fl are WorkersͰΩϟογϡͯ͋͛͠Δ

    • Workersͷݺͼग़͠ྉ͕͔͔ۚΔͷͰ஫ҙ • 1೔͋ͨΓ10ສ݅ͷϦΫΤετ·Ͱແྉʢ2023೥10݄6೔࣌఺ʣ • ϦΫΤετ100ສ݅͋ͨΓֹ݄0.15υϧʢ2023೥10݄6೔࣌఺ʣ https://developers.cloud fl are.com/workers/examples/cache-api/

  8. DNSΛCloudflareͰ؅ཧͰ͖ͳ͍৔߹ https://<workers-path>/image?src=https://<image-path>

  9. Cloudflare্͚ͩͰը૾഑৴͢Δ

  10. Cloudflare্͚ͩͰը૾഑৴͢Δ • ύλʔϯ̍ʢCloud fl are ImagesΛ࢖͏ʣ • ը૾֨ೲ10ສ఺͋ͨΓ$5ʢ2023೥10݄6೔࣌఺ʣ • ը૾഑৴10ສ఺͋ͨΓ$1ʢ2023೥10݄6೔࣌఺ʣ

    • ༷ʑͳը૾ૢ࡞ʢϦαΠζͳͲͷฤूʣ͕URLͰՄೳ • Workers + R2ͱൺ΂ͯগׂ͠ߴͳҹ৅ https://www.cloud fl are.com/ja-jp/developer-platform/cloud fl are-images/

  11. Cloudflare্͚ͩͰը૾഑৴͢Δ • ύλʔϯ̎ʢCloud fl are Workers + R2Λ࢖͏ʣ • R2ͷྉۚʢಡΈऔΓʹ͔͔Δ෦෼͚ͩهࡌʣ

    • ετϨʔδ: $0.015 / GB ετϨʔδ • ΫϥεBૢ࡞ɿطଘͷঢ়ଶΛಡΈऔΔ: $0.36 / 100ສ • ը૾ૢ࡞͸WorkersͰ΋ผ్՝ۚ͢Ε͹Մೳ https://developers.cloud fl are.com/r2/api/workers/workers-api-usage/

  12. Cloudflare Workers + R2Λ࢖͏ https://<workers-path>/< fi le-name>/with-cache ͜͜ͰΩϟογϡ͍ͤͯ͞Δ

  13. ॺ໊෇͖URLͰը૾ΛकΔ

  14. ॺ໊෇͖URLͰը૾ΛकΔ • Ϣʔεέʔε • ಛఆͷ૊৫ʹॴଐ͍ͯ͠Δਓ͚͔ͩ͠ݟΕͳ͍ը૾ • Notionͷը૾ͱ͔GitHubͷը૾ͱ͔ • ອըͳͲΛߪೖͯ͠ઐ༻ͷReaderͳͲͰಡΉ৔߹ •

    kindleͱ͔ͦͷଞອըΞϓϦͱ͔ https://docs.aws.amazon.com/ja_jp/AmazonS3/latest/userguide/ShareObjectPreSignedURL.html

  15. ॺ໊෇͖URLͰը૾ΛकΔ ᶃ ݖݶʹج͍ͮͯॺ໊෇͖URLΛൃߦ͢Δ ᶄ ॺ໊Λݕূ͠ը૾ΛϨεϙϯε ॺ໊෇͖URLൃߦαʔόʔ ը૾ετϨʔδ https://<domain>/<image-path>/verify?mac=<MAC>&expiry=<number>

  16. WorkersͰ࣮૷͢Δ

  17. WorkersͰ࣮૷͢ΔʢURLੜ੒ʣ https://developers.cloud fl are.com/workers/examples/signing-requests/ • `/:image/generate` ͰΞΫηεΛ଴ͪड͚Δ • generateSignedUrlؔ਺Ͱ࡞੒ͨ͠ॺ໊෇͖URLΛΫϥΠΞϯτʹϨεϙϯε

  18. WorkersͰ࣮૷͢ΔʢURLੜ੒ʣ https://developers.cloud fl are.com/workers/examples/signing-requests/ • Web Crypto API ͰΩʔΛੜ੒ •

    ΞϧΰϦζϜ͸ॺ໊෇͖URLͰΑ͘༻͍ΒΕΔ
 HMAC-SHA256Λ࠾༻ • HMAC͸ڞ௨伴҉߸ํࣜͳͷͰ
 ॺ໊ଆͱݕূଆͰಉ͡ΩʔΛ༻͍Δ • ॺ໊URLʹ࠷௿ݶඞཁͳ৘ใ͸ɺͦͷURLͷ༗ޮظݶͱΞΫ ηεൣғʢ ࠓճͰ͍͏ͱ `url.pathname` ʣͰ͋ΓɺͦΕΒ ΛؚΊͯॺ໊͍ͯ͠Δ • ॺ໊ͯ͠ੜ੒͞ΕͨMACΛURLʹؚΊΔͨΊBase64ʹม׵ • `+`จࣈ͸URLʹؚΊΔͱόάΛੜΉͨΊɺ `-` ʹม׵ • URLͷQuery ParamsʹMACͱ༗ޮظݶʢexpiryʣΛ෇༩

  19. WorkersͰ࣮૷͢Δʢը૾ΞΫηεʣ • ॺ໊෇͖URLʹ෇༩͞Ε͍ͯΔMAC ͱexpiryΛ༻͍ͯɺ`verifySignedUrl` ؔ਺Λ࣮ߦʢৄࡉ࣍ϖʔδʣ • ʮॺ໊͕ਖ਼͍͠ʯ͔ͭʮͦͷॺ໊͕ ༗ޮظݶ಺ʯͰ͋Δ͔ΛνΣοΫ • R2͔Βը૾Λऔಘ͠ɺϨεϙϯε

    https://developers.cloud fl are.com/workers/examples/signing-requests/

  20. WorkersͰ࣮૷͢Δʢը૾ΞΫηεʣ • ݕূ༻ͷڞ௨伴Λ࡞੒͢Δ • URLͰड͚औͬͨMACΛBase64͔Βม׵ • ॺ໊ʹར༻ͨ͠
 ʮ`${url.pathname}@${expiry}`ʯΛੜ੒ • ॺ໊Λݕূ

    https://developers.cloud fl are.com/workers/examples/signing-requests/

  21. Ωϟογϡ༗ແͰͷ଎౓Λൺֱ͢Δ

  22. R2 from Workers with no cache ntimes 10 -- curl

    ‘https://<worker-domain>/<image-path>/no-cache’ --compressed -o /dev/null -w "%{time_total}\n" -s | percentile

  23. Presigned URL With R2 ntimes 10 -- curl ‘https://<r2-domain>.r2.cloud fl

    arestorage.com/images/<image-name>?X-Amz-Expires=3600&X-Amz-Date=20231005T200233Z &X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=<credential>
 &X-Amz-SignedHeaders=host&X-Amz-Signature=<sig>’ --compressed -o /dev/null -w "%{time_total}\n" -s | percentile

  24. R2 from Workers with cache ntimes 10 -- curl ‘https://<workers-domain>/<image-path>/with-cache’

    --compressed -o /dev/null -w "%{time_total}\n" -s | percentile

  25. Public bucket on R2 ntimes 10 -- curl ‘https://<public-r2-domain>/images/<image-name>’ --compressed

    -o /dev/null -w "%{time_total}\n" -s | percentile

  26. ଎౓Λൺֱ͢Δʢ20MBͷը૾ʣ Workers with no cache Presigned URL Workers with cache

    Public bucket 0 0.3 0.6 0.9 1.2 S S S S S

  27. ຊ୊

  28. Cacheable Presigned URL with Cloudflare Workers

  29. ΩϟογϡՄೳͳॺ໊෇͖URL • ͳͥඞཁ͔ • R2ͱ͸͍͑ɺΩϟογϡ͞Εͯͳ͍ը૾͸Ϩεϙϯε͕஗͍ • R2ͷಡΈऔΓΑΓWorkersͷݺͼग़͠ͷํ͕௿ίετ • ΍Βͳ͚Ε͹͍͚ͳ͍͜ͱ •

    ॺ໊෇͖URLͷϩδοΫʹΩϟογϡॲཧΛ௥Ճ • ॺ໊෇͖URLΛ࡞੒͢ΔࡍͷexpireΛௐ੔͢Δ

  30. ॺ໊෇͖URLͷϩδοΫʹΩϟογϡॲཧΛ௥Ճ • ॺ໊ͷݕূʹ੒ޭͨ࣌͠ʹΩϟογϡ͔ Βऔಘ͢ΔίʔυΛ௥Ճ • Ωϟογϡ͕ͳ͍৔߹͸R2͔Βը૾Λऔ ಘ͠Ϩεϙϯε͢Δ

  31. ॺ໊෇͖URLΛ࡞੒͢ΔࡍͷexpireΛௐ੔͢Δ https://advancedweb.hu/cacheable-s3-signed-urls/

  32. ॺ໊෇͖URLΛ࡞੒͢ΔࡍͷexpireΛௐ੔͢Δ • ࠓճ͸؆қతʹʮ࣍ͷX࣌0෼ + 10sʯ
 Λ༗ޮظݶͱͨ͠ॺ໊෇͖URLΛ
 ࡞੒͍ͯ͠Δ • ཁ͢Δʹ13࣌15෼ʹੜ੒͞ΕΔॺ໊URL ͱ13࣌59෼ʹੜ੒͞ΕΔॺ໊෇͖URL͕

    ಉҰʹͳΔ͜ͱͰΩϟογϡ͞ΕΔΑ͏ ʹͳΔ

  33. UploadपΓͷ࿩͸·ͨͲ͔͜Ͱ