Hi guys! This seems like a very simple thing but this puzzles me a lot. I was trying to access my R2

Hi guys! This seems like a very simple thing but this puzzles me a lot. I was trying to access my R2 bucket using boto3 (using Ubuntu running inside Docker) but I received a TLS handshake error.

Long story short it seems OpenSSL is raising an alert number 40 if I don't specify Server Name Indication (SNI)

This is reflected using the openssl client
$ openssl s_client -connect <account_id>.r2.cloudflarestorage.com:443
CONNECTED(00000003)
407732BA387F0000:error:0A000410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure:../ssl/record/rec_layer_s3.c:1599:SSL alert number 40

But if I specify the SNI with
$ openssl s_client -connect <account_id>.r2.cloudflarestorage.com:443 -servername cloudflarestorage.com
CONNECTED(00000003)

Then there is not error.

Why should I present the servername and how should this be done with boto3?

Tony•12/20/24, 9:49 AM

I use R2 for store data of my application. I don't know why my user download files from R2 so slow, very slow. I use paid version, but it's very slow

Tony•12/20/24, 9:49 AM

Anyone meet this problem? Please help

aliyilmaz•12/20/24, 12:03 PM

hi, has anyone encountered this error?

aliyilmaz•12/20/24, 12:41 PM

GraphQL error: 'limit' must be positive number and not greater than 10000 for account "***"

aliyilmaz•12/20/24, 12:41 PM

BucketLevelMetricsQuery

aliyilmaz•12/20/24, 12:42 PM

i have zero buckets

aliyilmaz•12/20/24, 12:43 PM

i created r2 today

aliyilmaz•12/20/24, 12:47 PM

it's interesting

aliyilmaz•12/20/24, 12:49 PM

yep

aliyilmaz•12/20/24, 12:55 PM

i think it's releated this

aliyilmaz•12/20/24, 12:55 PM

https://www.cloudflarestatus.com/incidents/gnl2dp153485

Billing Subscription Update and Invoice Issues

Aaliyilmaz hi, has anyone encountered this error?

aliyilmaz•12/20/24, 2:21 PM

i solved this error with
npx wrangler r2 bucket create test-bucket

aliyilmaz•12/20/24, 2:21 PM

maybe it's helps anyone

Yuya•12/20/24, 3:10 PM

Hi I am having the following error. Does it have to do with the Billing Subscription Update and Invoice Issues? as this is a new account and I just created the bucket? thanks

Yuya•12/20/24, 3:11 PM

Will try thanks

Ppetazz.Hi guys! This seems like a very simple thing but this puzzles me a lot. I was tr...

petazz.OP•12/20/24, 6:09 PM

Ok it seems this is because Cloudflare only provides certificates that are down to r2.cloudflarestorage.com

Why isn't this mentioned in any of the docs?

Ppetazz.Ok it seems this is because Cloudflare only provides certificates that are down ...

Chaika•12/20/24, 6:32 PM

Cloudflare issues a wildcard cert for your account id, for example *.accountId.r2.cloudflarestorage.com*.accountId.r2.cloudflarestorage.com to allow for virtual host pattern as well as path-style

Chaika•12/20/24, 6:33 PM

If you're not seeing a cert there, I would guess you're confusing your account id? It's on the right side of the r2 dash
There's been issues before with delayed issuing but nothing recently reported, plus I assume it's been a bit since you setup your r2

CChaika If you're not seeing a cert there, I would guess you're confusing your account i...

petazz.OP•12/20/24, 6:50 PM

Ok sorry I was inaccurate there. The issue seems to be that when my client (openssl) starts the handshake with the full accountId.r2.cloudflarestorage.com Cloudflare rejects this because the SNI in the request includes the subdomain (the accountId). However it seems to work if the SNI only goes down to r2 level

petazz.OP•12/20/24, 6:50 PM

And the rejection comes from Cloudflare's side

Ppetazz.Ok sorry I was inaccurate there. The issue seems to be that when my client (open...

Chaika•12/20/24, 7:00 PM

It shouldn't, you can even visit it directly in your browser and just get an s3 error about no auth header. What's your account id (it's safe to share, nothing sensitive/anything you can do with it)
That behavior may make sense if there's no cert issued for it by CF, but there should be...

CChaika It shouldn't, you can even visit it directly in your browser and just get an s3 ...

petazz.OP•12/20/24, 7:31 PM

Ah ok trying it with the browser somehow triggered me. It seems I had a typo in my accountId. It's funny that's the symptom. You'd somehow expect to get a 404-type of message and not ERR_SSL_VERSION_OR_CIPHER_MISMATCH if the "resource" is not found

petazz.OP•12/20/24, 7:32 PM

Thanks for your help!

Ppetazz.Ah ok trying it with the browser somehow triggered me. It seems I had a typo in ...

Chaika•12/20/24, 7:37 PM

It seems I had a typo in my accountId. It's funny that's the symptom. You'd somehow expect to get a 404-type of message and not ERR_SSL_VERSION_OR_CIPHER_MISMATCH if the "resource" is not found

It's because if you misspell it, Cloudflare doesn't have a certificate to cover the misspelling (no *.r2.cloudflarestorage.com), and ERR_SSL_VERSION_OR_CIPHER_MISMATCH is Cloudflare's way of conveying that it has no valid certificate to use (and thus openssl can't establish a connection either)

petazz.OP•12/20/24, 7:56 PM

Right, I just think it's quite rare to see so strict SNI enforcing. Which is good I guess

BlackForestBoi•12/21/24, 2:52 PM

Hey folks!

anyone experiencing not being able to subscribe to the R2 buckets?
For some unexplainable rason our R2 access was removed and I cannot resubscribe.
Everytime i try my page reloads and goes back to the same state.

Access to the bucket is not possible right now.

BBlackForestBoi Hey folks! anyone experiencing not being able to subscribe to the R2 buckets? ...

BlackForestBoi•12/21/24, 2:54 PM

Ok seems like quite a few people do that going by that thread. Has anyone gotten this resolved for them? Currently our users cannot access their data and I am afraid that at some point CF may delete the data. Our payment options are valid and funds available so I am not sure whats the problem.

Vi•12/21/24, 6:37 PM

Hey! I have a question regarding r2 and collecting logs. Basically, I serve a bunch of various files which users will be accessing via a cloudflare worker that'll return the specific object within r2. I want to keep track of the number of times each file was downloaded/viewed so one option would be to just update a download column in a db somewhere within my worker when a file is requested. However I worry that this may cause a bit of latency since I have to wait to open a db connection, update a record, wait for it to update, and I'm serving HLS files so the requests will be coming in pretty quickly. My next idea was to do see if I can forward the logs itself to an endpoint I've setup which removes the need to have any of this within the worker. First off, is this even possible, and secondly, would there still be a log forwarded even if the file was obtained through the cache rather than r2?

Or, is there a better way to go about all this? Open to all suggestions!

Vi•12/21/24, 6:41 PM

When a file is being served via the worker, don't we do something like return request(...) and since we're returning it, it'll exit out of the worker right? Meaning anything I put after that statement won't run

Vi•12/21/24, 6:47 PM

Right but isn't that still the same as doing it syncronously? Like the response will need to wait until the db finishes incrementing because otherwise it'll return the response and exit out before the db increment occurs right?

Vi•12/21/24, 6:50 PM

Maybe I'm misunderstanding how workers work but I thought this would be the "right" way to do it but it'll cause latency since we're waiting for the db.update method to run

await db.update...
return response(...)

because if we just do

db.update...
return response(...)

this will run async and since the db.update call runs in the method and not some sort of queue/background processor, when return response(...) finishes running the method/worker will close even if db.update is still running

That's how I'm thinking about it but I could be wrong

Vi•12/21/24, 6:59 PM

Oh wow this is very cool. I wrote some quick psuedo code but is this how it should behave?

export default {
  async fetch(request, env, ctx) {
    // Get the file
    let res = await fetch(request);

    // Do the db analytics
    ctx.waitUntil(await db.update(imaginary method to update db));

    // This will be immediately executed, then the worker will close once line above finishes
    return res;
  },
};

export default {
  async fetch(request, env, ctx) {
    // Get the file
    let res = await fetch(request);

    // Do the db analytics
    ctx.waitUntil(await db.update(imaginary method to update db));

    // This will be immediately executed, then the worker will close once line above finishes
    return res;
  },
};

Vi•12/21/24, 7:03 PM

Ah so something like this?

Vi•12/21/24, 7:03 PM

export default {
  async fetch(request, env, ctx) {
    // Get the file
    let res = await fetch(request);

    // Do the db analytics
    ctx.waitUntil(dbCall(request));

    // This will be immediately executed, then the worker will close once line above finishes
    return res;
  },
  async dbCall(request) {
    // Make a call to the DB and using the params in the request
    // find the file and update it
    await db.update(...)
  }
};

export default {
  async fetch(request, env, ctx) {
    // Get the file
    let res = await fetch(request);

    // Do the db analytics
    ctx.waitUntil(dbCall(request));

    // This will be immediately executed, then the worker will close once line above finishes
    return res;
  },
  async dbCall(request) {
    // Make a call to the DB and using the params in the request
    // find the file and update it
    await db.update(...)
  }
};

Vi•12/21/24, 7:03 PM

Oh yeah whoops

Vi•12/21/24, 7:04 PM

Okay dumb question but why isn't it async function fetch

Vi•12/21/24, 7:05 PM

actually won't making ctx.waitUntil(dbCall(request)); into ctx.waitUntil(this.dbCall(request)); make the code above work?

imf1xic•12/21/24, 9:15 PM

imf1xic•12/21/24, 9:15 PM

how i can fix it

Andreychik32•12/21/24, 11:43 PM

I have the same error as @imf1xic has.

imf1xic•12/21/24, 11:44 PM

yeah

imf1xic•12/21/24, 11:44 PM

i create a bucket with wrangler and r2 worked

imf1xic•12/21/24, 11:45 PM

https://developers.cloudflare.com/r2/buckets/create-buckets/

Cloudflare Docs

Create new buckets · Cloudflare R2 docs

You can create a bucket from the Cloudflare dashboard or using Wrangler.

Andreychik32•12/21/24, 11:46 PM

oh thanks, will try this

imf1xic•12/21/24, 11:46 PM

im russian, u can ask me dm

imf1xic•12/21/24, 11:46 PM

@Andreychik32

Andreychik32•12/21/24, 11:50 PM

I've created a bucket successfully using your method and now it correctly appears under overview. Thanks.

anxidashu•12/22/24, 1:37 AM

why TTFB is so long even cache is hit?

maneesh•12/22/24, 8:19 AM

hello everyone, i am maneesh from AdTip company from india, we are facing issue, our user data disapper in cloud fair, we don't know what is issue, please resolve it quickly.

export default { async fetch(request, env, ctx) { // Get the file let res = await fetch(request); // Do the db analytics ctx.waitUntil(await db.update(imaginary method to update db)); // This will be immediately executed, then the worker will close once line above finishes return res; }, };

export default { async fetch(request, env, ctx) { // Get the file let res = await fetch(request); // Do the db analytics ctx.waitUntil(dbCall(request)); // This will be immediately executed, then the worker will close once line above finishes return res; }, async dbCall(request) { // Make a call to the DB and using the params in the request // find the file and update it await db.update(...) } };