Skip to main content

General guidelines for S3 compatible object storage

Before you can add buckets to Nebbl, you need to create them in the cloud storage provider services. There are certain requirements for the buckets you create to be compatible with Nebbl, which we'll cover in this section.

We'll show how to create a bucket in the Amazon AWS S3 service as an example, but the process is similar for other services. Read the full description for the AWS S3 service in this article.

General requirements

For buckets to be compatible with Nebbl, they need to meet the following requirements:

  • Support CORS
  • Support GET, PUT network request methods

For zero-knowledge buckets additionally:

  • Support DELETE, POST, HEAD network request methods

Generally, to connect an S3 compatible object storage to Nebbl, you will need 5 credential items, which are:

  • Region
  • Endpoint
  • Bucket name
  • Access key
  • Secret key

You will need to get these credentials from your cloud storage provider and enter them in the Region, Endpoint, Bucket name, Access key, and Secret key fields when adding a bucket in Nebbl.

You might want to check this article to see how to get these credentials on the example of creating an AWS S3 bucket. Or check other articles for other cloud storage providers.

Setting up CORS rules

Because Nebbl is currently only available as a browser-based service and it makes network requests to your bucket to upload and download files, you need to set up CORS rules for your bucket.

Universal CORS rules

If you want to set up CORS rules quickly, you can use the following rules which will be sufficient for most S3 compatible object storage services:

[
  {
    "AllowedOrigins": [
      "https://nebbl.com"
    ],
    "AllowedMethods": [
      "GET",
      "PUT",
      "DELETE",
      "POST",
      "HEAD"
    ],
    "AllowedHeaders": ["*"],
    "ExposeHeaders": [
      "ETag"
    ]
  }
]

If you need more enhanced security for your buckets, read further in this article.

Enhanced CORS rules for General buckets

To enhance security for general buckets, you can use a more narrow CORS policy:

[
  {
    "AllowedOrigins": [
      "https://nebbl.com"
    ],
    "AllowedMethods": [
      "GET",
      "PUT"
    ],
    "AllowedHeaders": [
      "Origin",
      "Content-Type",
      "Cache-Control",
      "Pragma",
      "Expires",
      "X-Requested-With",
      "X-Content-Type-Options"
    ],
    "ExposeHeaders": [
      "ETag"
    ]
  }
]

Enhanced CORS rules for Zero-knowledge buckets

For zero-knowledge buckets, you need a bit more permissive CORS policy:

[
  {
    "AllowedOrigins": [
      "https://nebbl.com"
    ],
    "AllowedMethods": [
      "GET",
      "PUT",
      "DELETE",
      "POST",
      "HEAD"
    ],
    "AllowedHeaders": [
      "Origin",
      "Content-Type",
      "Cache-Control",
      "Pragma",
      "Expires",
      "X-Requested-With",
      "X-Content-Type-Options",
      "Authorization",
      "x-amz-date",
      "x-amz-content-sha256",
      "x-amz-user-agent",
      "Access-Control-Request-Headers",
      "Amz-Sdk-Invocation-Id",
      "Amz-Sdk-Request"
    ],
    "ExposeHeaders": [
      "ETag"
    ]
  }
]

That's all! If you meet all these requirements, you can add your bucket to Nebbl.