---
title: Oracle Cloud Storage
summary: null
url: >-
  https://www.fastly.com/documentation/guides/integrations/non-fastly-services/oracle-cloud-storage
---

[Oracle Cloud Storage](https://www.oracle.com/cloud/storage/) public and private buckets can be used as [origins](https://www.fastly.com/documentation/guides/getting-started/hosts/working-with-hosts) with Fastly.

## Before you begin

Before you begin the setup and configuration steps required to use Oracle Cloud as an origin, keep in mind the following:

- You must have a valid Oracle Cloud account. Before you can create a new bucket and upload files to it for Fastly to use, you must first [create an Oracle Cloud account](https://signup.oraclecloud.com/) at the Oracle website.
- Oracle Cloud implements both its [own proprietary API](https://docs.oracle.com/en-us/iaas/Content/Object/Tasks/managingobjects.htm) and an [S3 Compatible API](https://docs.oracle.com/en-us/iaas/Content/Object/Tasks/s3compatibleapi.htm). Currently, Fastly supports private buckets only via the S3 Compatible API.

## Using Oracle Cloud Storage as an origin

To use Oracle Cloud Storage as an origin, follow the steps below.

### Creating a new bucket

Data in Oracle Cloud Storage is stored in buckets. Follow these steps to create a new bucket via the Oracle Cloud web interface.

> **HINT:** The [Oracle Guide](https://www.oracle.com/webfolder/technetwork/tutorials/obe/cloud/ocis/object-storage/object-storage.html) provides more details on how to create a bucket.

1. [Log in to your Oracle account](https://www.oracle.com/cloud/sign-in.html).

2. Open the navigation menu in the upper left and navigate to **Object Storage**, then select **Object Storage**.

   ![Oracle Cloud Object Storage New Bucket window](/img/oracle-cloud-object-storage.png)

3. Select a compartment from the **Compartment** list on the left side of the page.

4. Click **Create a Bucket**.

5. In the **Bucket Name** field, enter a unique bucket name. Bucket names must be unique within the namespace and cannot be nested. The name can contain letters, numbers, dashes, and periods.

   ![Oracle Cloud Object Storage New Bucket window](/img/oracle-cloud-object-storage-new-bucket.png)

6. Click **Create a Bucket**. The new bucket appears in the list of buckets on the Oracle Cloud Storage Buckets page.

7. By default, new buckets are private. Click on three dots on the right side of the bucket and select **Edit Visibility**.
   Change the visibility to **Public** and deselect the **Allow users to list objects from this bucket** option.

8. Upload a file to the new bucket you just created.

### Finding your bucket's namespace and hostname

To set up a Fastly service that interacts with your Oracle Cloud Storage, you will need to know the namespace identifier and hostname assigned to the [bucket you created](https://www.fastly.com/documentation/guides/integrations/non-fastly-services/oracle-cloud-storage#creating-a-new-bucket) and uploaded files to.

To find your namespace, click on the bucket and examine the **Bucket Information** tab. In this example the namespace is `decafbaddeadbeef`.

  ![Oracle Cloud Storage Bucket Details](/img/oracle-cloud-object-storage-bucket-details.png)

To determine your bucket's hostname:

- If you're using the native Oracle API then the hostname takes the form of `objectstorage.<region>.oraclecloud.com` (e.g `objectstorage.us-ashburn-1.oraclecloud.com`).
- If you're using the S3 Compatible API then the hostname takes the form of `<namespace id>.compat.objectstorage.<region>.oraclecloud.com` (e.g `decafbaddeadbeef.compat.objectstorage.us-ashburn-1.oraclecloud.com`).

### Creating a new service

To create a new Fastly service, you must first create a new domain and then create a new host and edit it to accept traffic for Oracle Cloud Storage. Instructions to do this appear in our guide to [creating a new service](https://www.fastly.com/documentation/guides/getting-started/services/about-services). While completing these instructions, keep the following in mind:

- When you [create the new host](https://www.fastly.com/documentation/guides/getting-started/hosts/working-with-hosts#adding-a-host), enter the Oracle bucket's hostname in the **Hosts** field on the **Origins** page. See [Finding your bucket's namespace and hostname](https://www.fastly.com/documentation/guides/integrations/non-fastly-services/oracle-cloud-storage#finding-your-buckets-namespace-and-hostname).
- When you [edit the host details](https://www.fastly.com/documentation/guides/getting-started/hosts/working-with-hosts#editing-a-host) on the **Edit this host page**, confirm the Transport Layer Security (TLS) area information for your host. Specifically, make sure you do the following:
  - Secure the connection between Fastly and your origin.
  - Enter your [bucket's hostname](https://www.fastly.com/documentation/guides/integrations/non-fastly-services/oracle-cloud-storage#finding-your-buckets-namespace-and-hostname) in the **Certificate hostname** field.
  - Select the checkbox to match the SNI hostname to the Certificate hostname (it appears under the SNI hostname field).
  - _(Optional)_ Enable shielding by choosing the appropriate shielding location from the **Shielding** menu. When using Oracle Cloud Storage, this means you must choose a [shielding location](https://www.fastly.com/documentation/guides/concepts/shielding/#choosing-a-shield-location) closest to the most appropriate Oracle region.
- Decide whether or not you should specify an override host in the **Advanced options** area which is the same as your bucket hostname.

## Using the Oracle Cloud API with public objects

To use the Oracle Cloud API with public objects, you need to either create a [new header](https://www.fastly.com/documentation/guides/integrations/non-fastly-services/oracle-cloud-storage#using-a-header-object), or a [VCL Snippet](https://www.fastly.com/documentation/guides/integrations/non-fastly-services/oracle-cloud-storage#using-a-vcl-snippet). The purpose of the header or VCL snippet is to rewrite request URLs for your Oracle Cloud Storage instance.

### Using a Header object

1. On your Fastly service's configuration page, click **Create header** to create a new header.
2. Fill out the **Create a header** fields as follows:
   - In the **Name** field, enter `Rewrite Oracle Cloud Storage URL`.
   - From the **Type** menu, select **Request**, and from the **Action** menu, select **Set**.
   - In the **Destination** field, enter `url`.
   - From the **Ignore if set** menu, select **No**.
   - In the **Priority** field, enter `20`.
3. In the **Source** field, enter `"/n/<namespace id>/b/<bucket name>/o" req.url` (e.g., `"/n/decafbaddeadbeef/b/fastly-bucket/o" req.url`).
4. Click **Create**.
5. Click **Add a condition** next to the `Rewrite Oracle Cloud Storage URL` header.
6. Click **Create a new request condition**.
7. Fill out the condition fields as follows:
   - In the **Name** field, enter `Oracle Cloud Storage Shielding`.
   - In the **Apply if** field, enter `(req.method == "GET" && !req.backend.is_shield) {}`.
8. Click **Save and apply**.
9.   From the **Activate** menu, select **Activate on Production** to deploy your configuration changes.

### Using a VCL Snippet

1. Click **VCL Snippets** on your service's configuration page, then click **Create Snippet**.

2. In the **Name** field, enter a name for the snippet.

3. Select **Within subroutine** to specify its placement, and **miss** as the subroutine type.

   ![Select VCL Snippet type](/img/vcl_snippet_type.png)

4. Add the following code to the **VCL** field. Change the values of the `oracleNamespace` and `oracleBucket` variables to match your Oracle namespace and bucket.

   ```vcl
   declare local var.oracleNamespace STRING;
   declare local var.oracleBucket STRING;
   set var.oracleNamespace = "YOUR_ORACLE_NAMESPACE_ID";   # Change this value to your own data
   set var.oracleBucket = "YOUR_ORACLE_BUCKET_NAME";   # Change this value to your own data

   if (req.method == "GET" && !req.backend.is_shield) {
     set bereq.url = "/n/" var.oracleNamespace "/b/" var.oracleBucket "/o/" bereq.url;
   }
   ```

## Using the S3 Compatible API with public objects

To use the S3 Compatible API with public objects you must create a new header, as explained below.

1. On your Fastly service's configuration page, click **Create header** to create a new header.
2. Fill out the **Create a header** fields as follows:
   - In the **Name** field, enter `Rewrite Oracle Cloud Storage URL`.
   - From the **Type** menu, select **Request**, and from the **Action** menu, select **Set**.
   - In the **Destination** field, enter `url`.
   - From the **Ignore if set** menu, select **No**.
   - In the **Priority** field, enter `20`.
3. In the **Source** field, enter `"/<bucket name>/" req.url` (e.g., `"/fastly-bucket/o" req.url`).
4. Click **Create**.
5.   From the **Activate** menu, select **Activate on Production** to deploy your configuration changes.

## Private Buckets

> **IMPORTANT:** Currently, Fastly can only support private objects using the S3 Compatible API.

To use an Oracle Cloud Storage private bucket with Fastly you must implement version 4 of [Amazon’s header-based authentication](https://docs.aws.amazon.com/AmazonS3/latest/API/sig-v4-header-based-auth.html). You can do this using [custom VCL](https://www.fastly.com/documentation/guides/full-site-delivery/fastly-vcl/about-fastly-vcl). Keep in mind the following:

- You will need an Oracle **[Customer Secret Key](https://docs.oracle.com/en-us/iaas/Content/Identity/Tasks/managingcredentials.htm#Working2)** which consists of an **Access Key** and **Secret Key**.
- You must use path-based access. Virtual host-style access (for example, accessing a bucket as `<bucketname>.<namespace>.compat.objectstorage.<region>.oraclecloud.com`) is not supported.

The following table lists the information you need to obtain from Oracle Cloud Storage before starting.

| Item        | Description                                                                                                                                                                                                                                          |
| ----------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| Namespace   | The namespace identifier assigned to your bucket (see [Finding your bucket's namespace and hostname](https://www.fastly.com/documentation/guides/integrations/non-fastly-services/oracle-cloud-storage#finding-your-buckets-namespace-and-hostname). |
| Bucket name | The name of your OCS bucket. When you download items from your bucket, this is the string listed in the URL path or hostname of each object.                                                                                                         |
| Region      | The OCS region code of the location where your bucket resides (e.g., `us-east-1`).                                                                                                                                                                   |
| Access key  | The OCS access key string for your account that has at least read permission on the bucket.                                                                                                                                                          |
| Secret key  | The OCS secret access key paired with the access key above.                                                                                                                                                                                          |

Once you have this information, you can configure your Fastly service to authenticate against your S3 bucket using header authentication by calculating the appropriate header value in VCL.

> **HINT:** Consider leaving the **Override host** field for the origin blank in your service settings. This setting will override the host header from the snippets shown here and may invalidate the signature that authenticates the information being sent.

Start by creating a [VCL snippet](https://www.fastly.com/documentation/guides/full-site-delivery/fastly-vcl/vcl-snippets/using-vcl-snippets). Give it a meaningful name, such as `AWS protected origin`. When you create the snippet, select **Within subroutine** to specify its placement and choose **miss `(vcl_miss)`** as the subroutine type. Then, populate the VCL editor with the following code (be sure to change specific values as noted to ones relevant to your own AWS bucket):

1. Click **VCL** on your service's configuration page, then click **Add snippet**.
2. Fill out the **Add VCL snippet** fields as follows:

   - Using the **Type** controls, select the [type of snippet](https://www.fastly.com/documentation/guides/full-site-delivery/fastly-vcl/vcl-snippets/about-vcl-snippets) to create.
   - In the **Name** field, enter an appropriate name (e.g., `Catch Error for Custom Response`).
   - Using the **Placement** controls, select **Within subroutine**.
   - From the **Subroutine** menu, select **fetch (`vcl_fetch`)**.
   - _(Optional)_ In the **Priority** field, enter the order in which you want the snippet to execute. Lower numbers execute first.
   - In the VCL editor, add the following code. Be sure to change the values of the variables (e.g., `ocsNamespace`, `ocsAccessKey`) to match your Oracle environment.

     ```vcl
     declare local var.ocsNamespace STRING;
     declare local var.ocsAccessKey STRING;
     declare local var.ocsSecretKey STRING;
     declare local var.ocsS3Bucket STRING;
     declare local var.ocsRegion STRING;
     declare local var.canonicalHeaders STRING;
     declare local var.signedHeaders STRING;
     declare local var.canonicalRequest STRING;
     declare local var.canonicalQuery STRING;
     declare local var.stringToSign STRING;
     declare local var.dateStamp STRING;
     declare local var.signature STRING;
     declare local var.scope STRING;

     set var.ocsNamespace = "YOUR_OCS_NAMESPACE"; # Change this value to your own data
     set var.ocsAccessKey = "YOUR_OCS_ACCESS_KEY";   # Change this value to your own data
     set var.ocsSecretKey = "YOUR_OCS_SECRET_KEY";   # Change this value to your own data
     set var.ocsS3Bucket = "YOUR_OCS_BUCKET_NAME";   # Change this value to your own data
     set var.ocsRegion = "YOUR_OCS_REGION";   # Change this value to your own data

     if (req.method == "GET" && !req.backend.is_shield) {

       set bereq.http.x-amz-content-sha256 = digest.hash_sha256("");
       set bereq.http.x-amz-date = strftime({"%Y%m%dT%H%M%SZ"}, now);
       set bereq.http.host = var.ocsNamespace ".compat.objectstorage." var.ocsRegion ".oraclecloud.com";
       set bereq.url = querystring.remove(bereq.url);
       set bereq.url = regsuball(urlencode(urldecode(bereq.url.path)), {"%2F"}, "/");
       set var.dateStamp = strftime({"%Y%m%d"}, now);
       set var.canonicalHeaders = ""
         "host:" bereq.http.host LF
         "x-amz-content-sha256:" bereq.http.x-amz-content-sha256 LF
         "x-amz-date:" bereq.http.x-amz-date LF
       ;
       set var.canonicalQuery = "";
       set var.signedHeaders = "host;x-amz-content-sha256;x-amz-date";
       set var.canonicalRequest = ""
         "GET" LF
         bereq.url.path LF
         var.canonicalQuery LF
         var.canonicalHeaders LF
         var.signedHeaders LF
         digest.hash_sha256("")
       ;

       set var.scope = var.dateStamp "/" var.ocsRegion "/s3/aws4_request";

       set var.stringToSign = ""
         "AWS4-HMAC-SHA256" LF
         bereq.http.x-amz-date LF
         var.scope LF
         regsub(digest.hash_sha256(var.canonicalRequest),"^0x", "")
       ;

       set var.signature = digest.awsv4_hmac(
         var.ocsSecretKey,
         var.dateStamp,
         var.ocsRegion,
         "s3",
         var.stringToSign
       );

       set bereq.http.Authorization = "AWS4-HMAC-SHA256 "
         "Credential=" var.ocsAccessKey "/" var.scope ", "
         "SignedHeaders=" var.signedHeaders ", "
         "Signature=" + regsub(var.signature,"^0x", "")
       ;
       unset bereq.http.Accept;
       unset bereq.http.Accept-Language;
       unset bereq.http.User-Agent;
       unset bereq.http.Fastly-Client-IP;
     }
     ```
3. Click **Add** to create the snippet.
4.   From the **Activate** menu, select **Activate on Production** to deploy your configuration changes.

> **NOTE:** 
>
> This article describes how to configure an integration with a service provided by a third party. As stated in our [Terms of Service](https://www.fastly.com/terms), we do not provide direct support for non-Fastly services.
>
>

## Related content

- [Working with hosts](https://www.fastly.com/documentation/guides/getting-started/hosts/working-with-hosts)
- [Creating request headers](https://www.fastly.com/documentation/guides/full-site-delivery/headers/adding-or-modifying-headers-on-http-requests-and-responses)