Cloudflare Workers for Backblaze B2

Cloudflare Workers enable serverless functions to run as close as possible to the end user. For more information about how you can use Cloudflare Workers with your Backblaze B2 account, click here.

Create a Cloudflare Worker

The Backblaze B2 GitHub repository contains full source code and configuration details for Cloudflare Workers.

Before you begin, complete the following tasks:

  1. Start a project in the Workers CLI using the Backblaze repository as a template for your own Worker.
  2. Run the following commands changing the Worker name, shown in the example as my-proxy, to your project name:
    wrangler generate my-proxy https://github.com/backblaze-b2-samples/cloudflare-b2
    cd my-proxy
    

Configure Your Cloudflare Worker

Before you begin, create a private bucket in your Backblaze B2 account. If the bucket you want to use is public, do not change this setting until you set up your Worker.

  1. Create an application key with access to the appropriate bucket.
  2. Edit the wrangler.toml file, adding a [vars] section with your application key ID and endpoint:
    [vars]
    B2_APPLICATION_KEY_ID = ""
    B2_ENDPOINT = ""
    BUCKET_NAME = ""
    ALLOW_LIST_BUCKET = ""
    
  3. Enter your bucket name using one of the following options:
    • To direct all incoming requests to the specified bucket, use the format acme-images.
    • To use the initial segment in the incoming URL path as the bucket name, enter $path, for example:
      https://s3.us-west-001.backblazeb2.com/acme-images/logos/acme.png
      
      Note: If you use the default *.workers.dev subdomain, specify a bucket name in the configuration, or set BUCKET_NAME to $path and pass the bucket name in the path.
    • To use the initial subdomain in the incoming URL hostname as the bucket name, enter $host, for example:
      https://acme-images.s3.us-west-001.backblazeb2.com/logos/acme.png
      
      Note: If you set BUCKET_NAME to $host, configure a Route or a Custom Domain for each bucket name that the Workers must access. You cannot route *.acme.com/* to your Workers.
    • Set the ALLOW_LIST_BUCKET variable to either true or false.
      Backblaze B2 buckets, even those that are public, do not allow anonymous clients to list the bucket’s objects. Set the ALLOW_LIST_BUCKET variable to true to allow this functionality. Set the variable to false, to deny this functionality. In most cases, you should set ALLOW_LIST_BUCKET to false.
    • Run the following command to publish the Workers project to the Cloudflare Workers environment:
      wrangler publish
      

Deploy Your Worker

  1. Sign in to your Cloudflare dashboard, and navigate to your new Worker.
  2. Click Settings, click Variables, and click Edit Variables.
  3. Add a variable named B2_APPLICATION_KEY, and enter your Backblaze B2 application key as the value.
    We recommend that you set your B2 application key here instead of in wrangler.toml.
    You should never save secrets such as API keys, passwords, and other sensitive data in source code files in the event that they are shared privately or in a public repository.
  4. Click Encrypt, and click Save and deploy.

The environment variables should look like the following example:

Environment variables

Update Your Web Pages

You must update your code to reference your Cloudflare Worker rather than the B2 bucket. For example, replace all occurrences of acme-images.s3.us-west-001.backblazeb2.com with images.acme.com.

Set Bucket Visibility

  1. Verify that you can access your content in the Worker.
  2. Change the visibility of the public bucket to private.
  3. Verify that your content is no longer accessible directly from B2.
End users can no longer access your content directly from Backblaze B2.