|
|
|
|
|
|
by zxcvbn4038
1442 days ago
|
|
|
Keep a copy in AWS S3, they are extremely reliable for storage, you’ll sleep well knowing they are there. But that S3 bucket should be private and locked down - it’s your master copy - and AWS is the most expensive option for outgoing transit so you want to use it as little as possible. For routine usage keep a second copy in Backblaze B2 which is the cheapest storage you can get that isn’t running out of someone’s basement. I’d use Digital Ocean to serve files from that - doesn’t have to be anything major, just something running nginx. I’d front that with Cloudflare which is essentially free for content that doesn’t change frequently. Your DO instance should only respond to requests from Cloudflare’s backend IPs and only if those requests contain some magic header you inject. That makes it near impossible to find your DO host and access it directly, and it is the only thing that knows your backblaze B2 secrets so nobody is accessing B2 directly either. If you want to add an obfuscation layer in front of Cloudflare - though maybe not needed in your case since the content itself isn’t illegal in most of the world - but if you want to serve through Tor to protect Cloudflare you can - DO is a good option again - and if you go that route your Cloudflare site should have some random unrelated name and should only serve files if the requests have a magic header. Tor is where your going to reverse all the money you save with the Cloudflare + DO + B2 setup, your going to pay mostly for network usage, Tor has a lot of overhead. You can scale Tor horizontally across multiple hidden services if you can afford it. |
|
|