S3 compatible environment vars [enhancement]

[gmarcus]

Hello @stephengpope
Awesome (really awesome) project.

I am running on a VPS (Hostinger + Coolify) and setting up my S3 env variables to use Cloudflare R2 object storage. This request may be relevant to other S3 compatible services.

I have toolkit running well on my VPS, but am running into issues using Cloudflare R2 public buckets.

Currently, I am configured with a standard R2 endpoint and a bucket name:

S3_ENDPOINT_URL="https://7513e39970404e276fb0ab7d1a2d66a5.r2.cloudflarestorage.com"
S3_BUCKET_NAME="ncatoolkit"

All is working as expected with route responses building URLs for generated files in the format of

$S3_ENDPOINT_URL/$S3_BUCKET_NAME/<somefile>

ex when hitting /v1/toolkit/test:

    "response": "https://7513e39970404e276fb0ab7d1a2d66a5.r2.cloudflarestorage.com/ncatoolkit/success.txt",

By default, R2 buckets are private and require authentication to access toolkit generated URLs.

I would like to make my bucket public so that I can easily incorporate the response URLs in downstream automations.

R2 requires the use of a custom domain to make a bucket public. When setting up the R2 custom domain, it is assigned to a specific bucket and all public facing URLs are in the form of

https://custom.domain/<somefile>
# Note that the bucket name is omitted.

I would like to be able to configure the S3 environment variables in 1 of 2 ways:

1. Omit the bucket name (allow it to be blank):

S3_ENDPOINT_URL="s3.cliq.dev"
S3_BUCKET_NAME=""

and have the responses generate URLs without appending the bucket name so it would generate URLs without the bucket name like:

https://s3.cliq.dev/success.txt

This may create other complications for toolkit since some operations may require a bucket name. Alternatively....

2. Add a new S3_PUBLIC_ENDPOINT_URL

S3_ENDPOINT_URL="https://7513e39970404e276fb0ab7d1a2d66a5.r2.cloudflarestorage.com"
S3_BUCKET_NAME="ncatoolkit"
S3_PUBLIC_ENDPOINT_URL="https://s3.cliq.dev"

and have the responses use the new S3_PUBLIC_ENDPOINT_URL for generated files like:

https://s3.cliq.dev/success.txt

This setup would allow creating read-only access through S3_PUBLIC_ENDPOINT_URL which ultimately is the intended result.

What say you?

[hamchowderr]

I run a set up and use a custom domain, you just need to put in regular variables and you should be good if you do all of the other steps you mentioned.

[gmarcus]

I run a set up and use a custom domain, you just need to put in regular variables and you should be good if you do all of the other steps you mentioned.

@hamchowderr Yes the standard R2 endpoint is working. And yes, I can access files with the custom domain.

This ticket is about flexibility in how toolkit constructs the output URLs. Otherwise, in every n8n node, or every python script, I will have to change the URLs downstream.

https://7513e39970404e276fb0ab7d1a2d66a5.r2.cloudflarestorage.com/ncatoolkit/3d6af22e-f7e0-4f53-923f-0260b4920641.mp4 -> https://s3.cliq.dev/3d6af22e-f7e0-4f53-923f-0260b4920641.mp4

I think it would be great to be able to control how toolkit generates the output file URLs not just for R2 but for other storages as well.

[hamchowderr]

I will have to let Stephen comment, as I don’t think that makes it more flexible. I have always just put my keys in and they work. I have done it with GCP recently, and have always done it with Digital Ocean and Hostinger. Never had problems one time, if I did need to configure anything it’s always on the side of the bucket, never the toolkit. URL’s have always worked out of the gate. Sent from [Proton Mail](https://proton.me/mail/home) for iOS.

…

-------- Original Message --------

On Saturday, 11/22/25 at 03:44 Glenn Marcus ***@***.***> wrote: gmarcus left a comment [(stephengpope/no-code-architects-toolkit#222)](#222 (comment)) > I run a set up and use a custom domain, you just need to put in regular variables and you should be good if you do all of the other steps you mentioned. ***@***.***(https://github.com/hamchowderr) Yes the standard R2 endpoint is working. And yes, I can access files with the custom domain. This ticket is about flexibility in how toolkit constructs the output URLs. Otherwise, in every n8n node, or every python script, I will have to change the URLs downstream. https://7513e39970404e276fb0ab7d1a2d66a5.r2.cloudflarestorage.com/ncatoolkit/3d6af22e-f7e0-4f53-923f-0260b4920641.mp4 -> https://s3.cliq.dev/3d6af22e-f7e0-4f53-923f-0260b4920641.mp4 I think it would be great to be able to control how toolkit generates the output file URLs not just for R2 but for other storages as well. — Reply to this email directly, [view it on GitHub](#222 (comment)), or [unsubscribe](https://github.com/notifications/unsubscribe-auth/BDKWMNCEEXJGS3HPVELVKM336BEBTAVCNFSM6AAAAACM3WFQG6VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZTKNRWGY2DCNBXHE). You are receiving this because you were mentioned.Message ID: ***@***.***>

[gmarcus]

@stephengpope I hear what @hamchowderr is saying, but Cloudflare R2 is not working the same as DO.

• When using the R2 endpoint, all bucket access is private, requiring downstream auth headers to fetch objects from the bucket.
• When using a custom domain endpoint, all bucket access is public, but the bucket name cannot be present in the URL path

If I configure toolkit with the R2 endpoint, then I will have to either
a) have some set node or custom code after every API response to replace all R2_domain/bucket_name/ URLs with custom.domain/ (without the bucket name) URLs
b) add auth headers when trying to fetch a file to every n8n node that uses the API responses URLs. This can be error prone and most n8n nodes expect public URLs, which means I would most likely have to do a) every time

It is making sense to me that toolkit could respect a new S3_PUBLIC_ENDPOINT_URL that if present, would be used instead for URLs returned by the API responses.

[hamchowderr]

I am curious if you have tried using the S3 endpoint from the toolkit? I might have misunderstood but you are saying that you are using the API from Cloudflare R2 to upload objects correct? It should automatically upload the file into your bucket. This is what I use in automation - I never use direct creds from Digital Ocean, Supabase, or etc as they all run on the S3 protocol. I would assume Cloudflare is the same as it is S3.

[gmarcus]

@hamchowderr Yeah I am only using toolkit.

Cloudflare R2 is different. The custom domain is already mapped to the bucket name (in fact, a custom domain can only be used with 1 bucket). As a result, the bucket name cannot be in the URL path with custom domains.

The URLs generated by toolkit include the bucket name which is not compatible with R2 public bucket setup.

1. Try opening this URL using the standard R2 endpoint with bucket name:

https://7513e39970404e276fb0ab7d1a2d66a5.r2.cloudflarestorage.com/ncatoolkit/success.txt

Requires authentication - all access with the R2 endpoint is private

2. Try with the custom domain and bucket name:

https://s3.cliq.dev/ncatoolkit/success.txt

404 - Not found

3. Try with just the custom domain:

https://s3.cliq.dev/success.txt

Works

[hamchowderr]

Thanks for posting this issue, I have needed a reason to try Cloudflare buckets and learned a couple of things. The first thing I want to say is that this does not fall under "not-compatible". It is actually working the way it should, it's just Cloudflare is the only provider has has S3 set-up like this (which is actually very surprising). They only way they allow you to upload is specifically through that endpoint. I see what you mean by creating a new url for each file, is that really a problem in your automation?

Also not sure if you have something but it took about 30 seconds to come up with some JS to replace any file I get. I actually like this better as I don't have to touch anything and it will be correct unless i change my domain. Learning this i will def stick to D.O or Supabase - the flexibility and smoothness of setting up a bucket is super clear.

// Get the response URL from the array
const s3Url = $input.all()[0].json.response;

// Replace the S3 endpoint with your custom domain
const publicUrl = s3Url.replace(
'https://whateveryourcloudflareis.r2.cloudflarestorage.com/ncat/',
'https://files.yourwebsite.io/'
);

// Return the public URL
return { json: { publicUrl } };

[gmarcus]

@hamchowderr Glad you now understand the challenge with using Cloudflare R2 to read from the bucket (again, I am talking about reads/downloads, not uploads). Cloudflare has a very generous free tier and aligns with the promise to stop spending $$$ on 3rd party services when you can use toolkit for free.

---

So yes, while it is possible to do the regex replacement, it would need to happen for each and every API call. While possible, it is a bad idea.

Take this @stephengpope n8n automation example that I marked up:

Each red arrow would require a new n8n code node to convert the response URLs from the R2 endpoint to the custom domain.

In this specific example, as the user of toolkit, I would have to add 6 new nodes to convert the output response of each node to feed in as an input response to the next node. Adds a bunch of extra nodes, lots of copy/paste, harder to maintain, harder to debug and makes the automation flow messy.

For more complex automations, it may be way more than 6 nodes.
My original thought is to build this into toolkit once and allow others to benefit from the enhancement.

[hamchowderr]

Have you seen this?: https://github.com/stephengpope/no-code-architects-toolkit/blob/main/docs/adding_routes.md

[gmarcus]

Have you seen this?: https://github.com/stephengpope/no-code-architects-toolkit/blob/main/docs/adding_routes.md

This is to add new API endpoints. My enhancement is to modify every API call that returns URLs in their response. It requires a change to the core services.

Thanks for your quick responses. I will wait to hear from @stephengpope or someone else to get their thoughts.

[gmarcus]

I have posted a PR with a working (and verified) solution. See #224