Cloudflare Workers for Backblaze B2
Cloudflare Workers enable serverless functions to run as close as possible to the end user. For more information about how you can use Cloudflare Workers with your Backblaze B2 account, click here.
Create a Cloudflare Worker
The Backblaze B2 GitHub repository contains full source code and configuration details for Cloudflare Workers.
Before you begin, complete the following tasks:
- Sign up for a Backblaze B2 account.
- Sign up for a Cloudflare Workers account. You can publish Workers to the default
*.workers.dev
subdomain free of charge, or you can publish Workers to your own paid domain. - Install and configure wrangler, the Workers command-line interface (CLI).
- Start a project in the Workers CLI using the Backblaze repository as a template for your own Worker.
- Run the following commands changing the Worker name, shown in the example as
my-proxy
, to your project name:
wrangler generate my-proxy https://github.com/backblaze-b2-samples/cloudflare-b2 cd my-proxy
Configure Your Cloudflare Worker
Before you begin, create a private bucket in your Backblaze B2 account. If the bucket you want to use is public, do not change this setting until you set up your Worker.
- Create an application key with access to the appropriate bucket.
- Edit the
wrangler.toml
file, adding a[vars]
section with your application key ID and endpoint:
[vars] B2_APPLICATION_KEY_ID = "
" B2_ENDPOINT = " " BUCKET_NAME = " " ALLOW_LIST_BUCKET = " " - Enter your bucket name using one of the following options:
- To direct all incoming requests to the specified bucket, use the format
acme-images
. - To use the initial segment in the incoming URL path as the bucket name, enter
$path
, for example:
https://s3.us-west-001.backblazeb2.com/acme-images/logos/acme.png
Note: If you use the default*.workers.dev
subdomain, specify a bucket name in the configuration, or setBUCKET_NAME
to$path
and pass the bucket name in the path. - To use the initial subdomain in the incoming URL hostname as the bucket name, enter
$host
, for example:
https://acme-images.s3.us-west-001.backblazeb2.com/logos/acme.png
Note: If you setBUCKET_NAME
to$host
, configure a Route or a Custom Domain for each bucket name that the Workers must access. You cannot route*.acme.com/*
to your Workers.
- To direct all incoming requests to the specified bucket, use the format
- Set the
ALLOW_LIST_BUCKET
variable to eithertrue
orfalse
.
Backblaze B2 buckets, even those that are public, do not allow anonymous clients to list the bucket’s objects. Set theALLOW_LIST_BUCKET
variable totrue
to allow this functionality. Set the variable tofalse
, to deny this functionality. In most cases, you should setALLOW_LIST_BUCKET
tofalse
. - Run the following command to publish the Workers project to the Cloudflare Workers environment:
wrangler publish
Deploy Your Worker
- Sign in to your Cloudflare dashboard, and navigate to your new Worker.
- Click Settings, click Variables, and click Edit Variables.
- Add a variable named
B2_APPLICATION_KEY
, and enter your Backblaze B2 application key as the value.
We recommend that you set your B2 application key here instead of inwrangler.toml
.
You should never save secrets such as API keys, passwords, and other sensitive data in source code files in the event that they are shared privately or in a public repository. - Click Encrypt, and click Save and deploy.
The environment variables should look like the following example:
Update Your Web Pages
You must update your code to reference your Cloudflare Worker rather than the B2 bucket. For example, replace all occurrences of acme-images.s3.us-west-001.backblazeb2.com
with images.acme.com
.
Set Bucket Visibility
- Verify that you can access your content in the Worker.
- Change the visibility of the public bucket to private.
- Verify that your content is no longer accessible directly from B2.