Object storage

An integral part of any IT infrastructure is a service designed for storing large volumes of arbitrary data (documents, backups, etc.) – object storage.

All objects are distributed among containers – buckets. Buckets namespace is global for all cloud users. Bucket name shall comply with certain requirements, in particular:

  • name length must be 3 to 63 characters;
  • name shall only contain lowercase Latin letters, digits, dot, and hyphen;
  • name and IP address shall not be the same;
  • name shall not begin with dot or hyphen and shall not end with hyphen;
  • the following symbol combinations are forbidden: ‘..’, ‘-.’, ‘.-‘.

Object name may not be longer than 500 characters and shall not end with a ‘/’ symbol. There is no directory hierarchy, however, it can be emulated because object names may contain the ‘/’ symbol.

You can find a list of user’s buckets in the place where main menu is located in the “Console” section. To create a new bucket, click respective button. To delete a bucket, click the “x” symbol next to its name.

../_images/fs1.png

Access control

The service allows you to manage user privileges both when working with buckets and objects. A user, who has created an object or a bucket, automatically becomes its owner.

Only owner has full access to object or bucket. Access rights for other users should be explicitly listed in a special Access Control List (or ACL), associated with an object. There are four permission types:

  • read;
  • write;
  • ACL read;
  • ACL write.

With regard to objects, these permissions are interpreted as follows:

Access Interpretation for buckets Interpretation for object
Read Ability to get a list of objects Ability to get an object content
Write Ability to change bucket contents (add or remove objects) Ability to change an existing object
ACL read Ability to get an object ACL Ability to get an object ACL
ACL write Ability to change a bucket ACL Ability to change an object ACL

Additional rules:

  • the service API allows retrieving a list of only those buckets, which are owned by the user sending the request;
  • object may only be deleted by object owner or bucket owner;
  • bucket may only be deleted by its owner.

Attention! Please be careful when changing access control lists:

  • “read ACL” right allows learning other user’s access;
  • “write ACL” right allows modifying both own access rules and other users’ access rules.

In addition to individual users, rights can be Allocated to special user groups:

  • All users – all the service users, including anonymous users;
  • Authenticated users are the service users, which have successfully passed authentication procedure.

Metadata

Each object can have additional attributes – metadata. Some attributes are identical to standard HTTP headers and allow fine tuning of file processing by HTTP clients. In addition to standard attributes, you can create own attributes. Own attributes are shared as HTTP headers but they have x-amz- prefix. Attribute names are not case sensitive: Cache-control and cache-control correspond to the same attribute.

../_images/fs3.png

You can use the following standard attributes:

Attribute Description Example
Content-Type Document MIME type. This parameter is required for correct document display by a browser. If you specify text/plain for an html page then such page will be displayed as plain unformatted text with all tags. You are encouraged to specify document charset (UTF-8, CP1251, KOI8-R, etc.) text/html; charset=utf-8
Content-Encoding Additional document encoding. The most frequent use is document compression by some algorithm to save disk space. gzip
Content-Disposition Allows to call the “Save as” dialog window and specify a desired object name. attachment; filename=foo.bar
Cache-Control This attribute transfers directives for all caching mechanisms included in request-reply chain. For example, “no-cache” means that caching is not used at all. no-cache
Expires One more attribute related to caching. Specifies date and time when a saved document is considered outdated Thu, 01 Dec 1994 16:00:00 GMT
Content-MD5 The document checksum is presented in BASE64 tdQ2hlY2sgSW50ZWdyaXR5IQ==

File Service Protocol (FSP)

CROC Cloud Object Storage service is compatible with Amazon S3 via software interface and supports most of standard applications designed for Amazon S3.

User authentication is performed by means of creating a special signature for each request. If the service is used other than via the web-console, the necessary settings have to be preliminary acquired in the user profile (Settings link in the top right corner). The uploaded file contains service address, account name and password for signature creation. The downloaded file can be used as rc-file for Bourne Shell environment. Furthermore in the C2_PROJECT variable the project identifier shall be specified, which is currently used in operation.

../_images/fs5.png

This protocol is an add-on to standard HTTP. Most operations use PUT and GET requests. In addition to GET requests, there is also a HEAD request. A special POST request is used to easily upload data to the bucket from HTML forms.

The stored data is returned in original format, while the service replies, including error messages, are displayed in XML format.

Objects are addressed by URL in /bucket/object format. If an object is not specified in URL then target object is a bucket. Additional parameters in URL are used to access special resources. For example, /foo/bar?acl is a request for access to ACLs of “bar” file located in foo storage. Request examples:

Request Description
GET / Get the list of buckets owned by the user
GET /foo Get a list of objects in the “foo” bucket
PUT /foo Create the “foo” bucket
GET /foo/bar Get an object named “bar” from “foo” bucket
PUT /foo/bar Upload an object named “bar” to “foo” bucket
GET /foo?acl Get an access control list for “foo” bucket
PUT /foo?acl Modify the access control list for “foo” bucket
GET /foo/?website Get website configuration
PUT /foo?website Set website configuration (enable website mode)
DELETE /foo?website Delete website configuration (disable website mode)

If you upload an object with the name which already exists in the bucket, the object with this name will be overwritten, and its ACL will be cleared. ACL should be updated with each update of the object.

A special type of PUT request is used for copying objects within the bucket. If target object already exists when object is being copied, then it will be overwritten, and access list will be cleared.

Versioning

Versioning allows to store some versions of an object in one bucket, preventing the users from occasional overwriting and deleting. Versioning is always disabled by default. You can enable or suspend bucket versioning in Versioning tab.

../_images/fs6.png

When you enable versioning CROC Cloud gives objects randomly generated unique version IDs, thus the current version is not overwritten. For example, while creating a new version object.png in the bucket which already contains the object with the same name, the original object object.png ID 12121 and its contents will remain unchanged, and CROC Cloud will create a new version ID ID 11111 and will add this version to the bucket.

../_images/fs7.png

While deleting an object, all versions remain in the bucket and a Delete marker is added to the deleted object. You can delete an object forever, using an object version ID.

Attention! Only the bucket owner can delete the object version.

../_images/fs8.png

Static websites

You can easily use the Object Storage for creating a website with static content. To do this you should enable website mode for the bucket. You must specify both index page and the page that is displayed if requested document is not shared or other errors occur. You can set these parameters via CROC Cloud management console or external API.

Public access should be opened for all objects (select all objects and click Make public in the menu). To set website parameters, open website tab. Then enable web-site mode, set index page, and (optionally) error page.

../_images/fs4.png

Save changes and test website performance.

When accessing http://bucket-name.website.cloud.croc.ru, an index page http://bucket-name.website.cloud.croc.ru/index.html will be displayed, where bucket-name is a bucket with website mode enabled for it. If you try to access a non-existing object in the bucket, an error message will appear. If error page was not set or if the value set in the configuration refers to a non-existing object, then a standard message will be displayed, issued by the system for all users.

If an object name is not specified when accessing a folder, an index document stored in this folder will be displayed. For example, when accessing http://bucket-name.website.cloud.croc.ru/folder a document, which is also accessible by the name http://bucket-name.storage.cloud.croc.ru/folder/index.html will appear.

Own domain for website

By default, you can access a bucket with website mode enabled by http://bucket-name.website.cloud.croc.ru address, where bucket-name is the name of this bucket.

Instead of using the domain, given above, you can use your own domain.

Some examples, showing how to do this:

  1. You want to have an http://img.example.ru address for your website

This example contains third-level domain img.example.ru in the example.ru zone.

First of all you have to create a bucket with img.example.ru name. Then you should upload the contents of your future website in it and enable the website mode for this bucket, like its described here: Static websites.

To make your website available by http://img.example.ru address you have to configure DNS server, which serves the example.ru zone this way:

In the example.ru zone settings you have to create the following CNAME record:

img    CNAME    img.example.ru.website.cloud.croc.ru.

After making these changes, website will be available by the http://img.example.ru address. Wherein, it will also be available by the default address: http://img.example.ru.website.cloud.croc.ru.

  1. You want to have an http://example.ru address for your website

This example contains second-level domain example.ru.

First of all you have to create a bucket with example.ru name. Then you should upload the contents of your future website in it and enable the website mode for this bucket, like its described here: Static websites.

To make your website available by http://example.ru address you have to configure DNS server, which serves the example.ru zone.

Attention! This example contains second-level domain example.ru, which is root for example.ru zone. By DNS specification a domain root can’t be a CNAME. But some DNS servers and services allow you to make such records. First you have to ensure that your DNS server/service supports such feature. Such records are often called not CNAME, but, for example: ALIAS, ANAME.

In the example.ru zone settings you have to create ALIAS or ANAME record (depending on it’s name in your DNS service) with the following values:

example.ru    ALIAS    example.ru.website.cloud.croc.ru.

HTTPS for website

By default, you can access a bucket with website mode enabled by http://bucket-name.website.cloud.croc.ru address, where bucket-name is the name of this bucket.

You can have the HTTPS support and enable redirect from HTTP to HTTPS.

For now, there is no API, which can turn the HTTPS support on. To turn on the HTTPS support for your website you should send an email to our Support Team at cloud_support@croc.ru

Some examples:

  1. You want your website http://bucket1.website.cloud.croc.ru to be available via HTTPS.

Do the following steps: Create bucket: bucket1. Enable website mode: Static websites. Create a ticket for our Support Team:

Note

Email subject: HTTPS for bucket1.website.cloud.croc.ru

Email body:

  • Bucket name: bucket1
  • Website domain: bucket1.website.cloud.croc.ru
  • Enable HTTP to HTTPS redirect: yes/no
Where:
  • Bucket name - your bucket in Object Storage, which should be available via HTTPS in website mode,
  • Website domain - the name of your website. The certificate for HTTPS will be created for this name.
  • Enable redirect from HTTP to HTTPS - if you want your website visitors who uses HTTP to be automatically redirected to the HTTPS version of website - specify yes, if you want to leave an option of visiting your website via HTTP - specify no.

Our Support Team checks the given information, creates the certificate for specified domain name and enables the HTTPS. Let’s Encrypt service is used as a certificate authority.

  1. You want your website with your own domain name http://img.example.ru to be available via HTTPS.

Do the following steps: Create bucket: img.example.ru. Enable website mode: Static websites. Configure DNS service to make your website available by http://img.example.ru: Own domain for website. Create a ticket for our Support Team:

Note

Email subject: HTTPS for img.example.ru

Email body:

  • Bucket name: img.example.ru
  • Website domain: img.example.ru
  • Enable HTTP to HTTPS redirect: yes/no
  • Use my own certificate: yes/no
Where:
  • Bucket name - your bucket in Object Storage, which should be available via HTTPS in website mode,
  • Website domain - the name of your website. The certificate for HTTPS will be created for this name.
  • Enable redirect from HTTP to HTTPS - if you want your website visitors who uses HTTP to be automatically redirected to the HTTPS version of website - specify yes, if you want to leave an option of visiting your website via HTTP - specify no.
  • Use my own certificate - when you use your own domain for website you can give us your certificate. In that case you should specify yes and attach the certificate for your domain to the email. It can be needed for test aims, or in cases when it’s necessary that certificate has some special attributes. If you specify no - the certificate for your domain will be created at Let’s Encrypt certificate authority.