Note: this is a fork of strapi-provider-cloudflare-r2 that is updated to use AWS SDK v3 and Strapi v5.

strapi-provider-cloudflare-r2-aws

Installation

# using pnpm (recommended)
pnpm add strapi-provider-cloudflare-r2-aws

# using npm
npm install strapi-provider-cloudflare-r2-aws --save

Configuration

• provider defines the name of the provider
• providerOptions is passed down during the construction of the provider. (ex: new AWS.S3(config)). Complete list of options
• actionOptions is passed directly to the parameters to each method respectively. You can find the complete list of upload/ uploadStream options and delete options

See the documentation about using a provider for information on installing and using a provider. To understand how environment variables are used in Strapi, please refer to the documentation about environment variables.

Provider Configuration

./config/plugins.js or ./config/plugins.ts for TypeScript projects:

1module.exports = ({ env }) => ({
2  // ...
3  upload: {
4    config: {
5      provider: "strapi-provider-cloudflare-r2-aws",
6      providerOptions: {
7        credentials: {
8          accessKeyId: env("CF_ACCESS_KEY_ID"),
9          secretAccessKey: env("CF_ACCESS_SECRET"),
10        },
11        /**
12         * `https://<ACCOUNT_ID>.r2.cloudflarestorage.com`
13         */
14        endpoint: env("CF_ENDPOINT"),
15        params: {
16          Bucket: env("CF_BUCKET"),
17        },
18        /**
19         * Set this Option to store the CDN URL of your files and not the R2 endpoint URL in your DB.
20         * Can be used in Cloudflare R2 with Domain-Access or Public URL: https://pub-<YOUR_PULIC_BUCKET_ID>.r2.dev
21         * This option is required to upload files larger than 5MB, and is highly recommended to be set.
22         * Check the cloudflare docs for the setup: https://developers.cloudflare.com/r2/data-access/public-buckets/#enable-public-access-for-your-bucket
23         */
24        cloudflarePublicAccessUrl: env("CF_PUBLIC_ACCESS_URL"),
25        /**
26         * Sets if all assets should be uploaded in the root dir regardless the strapi folder.
27         * It is useful because strapi sets folder names with numbers, not by user's input folder name
28         * By default it is false
29         */
30        pool: false,
31      },
32      actionOptions: {
33        upload: {},
34        uploadStream: {},
35        delete: {},
36      },
37    },
38  },
39  // ...
40});

Where to find the configuration options
You can find all needed values in the Cloudflare dashboard unter R2. All your buckets, your account ID and the access keys can be found there.

• endpoint: https://<ACCOUNT_ID>.r2.cloudflarestorage.com
• accessKeyId: You need to click on Manage R2 API Tokens to create a new token.
• secretAccessKey: You need to click on Manage R2 API Tokens to create a new token.

Security Middleware Configuration

Due to the default settings in the Strapi Security Middleware you will need to modify the contentSecurityPolicy settings to properly display thumbnail previews in the Media Library. You should replace the strapi::security string with the object below instead as explained in the middleware configuration documentation.

./config/middlewares.js

1module.exports = ({ env }) => [
2  // ...
3  {
4    name: "strapi::security",
5    config: {
6      contentSecurityPolicy: {
7        useDefaults: true,
8        directives: {
9          "connect-src": ["'self'", "https:"],
10          "img-src": [
11            "'self'",
12            "data:",
13            "blob:",
14            "market-assets.strapi.io",
15            env("CF_PUBLIC_ACCESS_URL")
16              ? env("CF_PUBLIC_ACCESS_URL").replace(/^https?:\/\//, "")
17              : "",
18          ],
19          "media-src": [
20            "'self'",
21            "data:",
22            "blob:",
23            "market-assets.strapi.io",
24            env("CF_PUBLIC_ACCESS_URL")
25              ? env("CF_PUBLIC_ACCESS_URL").replace(/^https?:\/\//, "")
26              : "",
27          ],
28          upgradeInsecureRequests: null,
29        },
30      },
31    },
32  },
33  // ...
34];

Bucket CORS Configuration

Do not forget to configure your R2 Endpoint CORS settings as described here: https://developers.cloudflare.com/r2/buckets/cors/

The simplest configuration is to allow GET from all origins:

1[
2  {
3    "AllowedOrigins": ["*"],
4    "AllowedMethods": ["GET"]
5  }
6]

More safe would be to only allow it from your Strapi deployment Origins (better for production):

1[
2  {
3    "AllowedOrigins": ["YOUR STRAPI URL"],
4    "AllowedMethods": ["GET"]
5  }
6]

Sponsors

Strapi Plugin developed and maintained by KesvaL Studio