according to S3 API compatibility
cloudflare r2 api is missing a huge number of api features, including
x-amz-acl
tho using --dump=headers,
when rclone sends X-Amz-Acl: private, r2 accepts that
when rclone sends X-Amz-Acl: public-read-write, r2 rejects that.
so this is confusing,
one the one hand, as i understand it, r2 does not accept x-amz-acl
on the second hand, r2 accepts x-amz-acl with private but not public-read-write
from a quick test, looks like there is not much granularity
"X-Amz-Acl: private is ‘correct’ since the buckets are private - even if it’s a no-op in the background."
so i think that given:
--- s3 clients like rclone always sends X-Amz-Acl
--- by default R2 buckets are private
R2 just accepts X-Amz-Acl: private
update: my last thought seems to be correct.
accessing R2 over the S3 compatibility layer,
all buckets/objects are always private, no way to change that. https://blog.cloudflare.com/r2-open-beta/
For the S3-compatible API, authentication is done the same way as on S3: SigV4 against an R2 URL. SigV4 signs requests using a secret key to authenticate them to R2. This means public access to R2 over the Internet is only possible today by hosting a Worker, connecting it to R2, and routing requests through it.
So no public buckets at the moment.
I haven't figured out how to serve a domain from cloudflare yet though, but I'm thinking of moving downloads.rclone.org to there, which currently is serving about 7 TB of data a month.