Backblaze can help recover your lost computer or stolen laptop by tracking it, if and when it connects to a network again. However, if you prefer not to grant Backblaze access to your computer's location, the feature can be disabled.

To disable this feature at the account level, log into your account here and click the Locate My Computer link on the left side of the page. Click the "Turn Off" button on the right side to disable this feature and stop all tracking.

Once this feature has been disabled at the account level, each Backblaze installation registered to the account will automatically disable its own location services functions, so long as version 7.0.1.452 or newer is installed. The latest version of the Backblaze Online Backup installer is always available here. These settings changes may take some time to be picked up by each installation. 

The Backblaze Maintenance Schedule page can be found here: https://www.backblaze.com/scheduled-maintenance.html

Backblaze has a maintenance window scheduled every
Thursday from: 11:30am - 1:30pm Pacific Time.

During this time the following services may be unavailable: making a new purchase, installing new trials, signing in to your account, creating new accounts, enabling B2, and creating a master Key.

Please note the following B2 calls may also be affected: b2_create_bucket, b2_delete_bucket

Most other parts of the service will remain unaffected.

We expect maintenance to be completed by 1:30pm Pacific Time. If the maintenance window needs to be extended, please keep an eye on our Twitter account during the maintenance window for updates: @Backblaze. For longer planned maintenance, updates will be posted to the Backblaze Blog prior to the maintenance taking place. 

If you are on Windows and you are trying to install Backblaze and you are running into the error: 

1. You will need to save the file to disk.

2. Right-click the saved file.

3. From the menu choose, Run as Administrator.

This will start the installer properly.

Backblaze Accounts & Two Factor Verification 

Backblaze supports two-factor verification via the TOTP (Time-based One Time Password) app of your choice, such as Authy or Google Authenticator or via SMS (Short Message Service aka text message) to a single phone number registered to the account. Please note that the SMS option is only available after the first account payment is successfully processed (typically after 30 days)

As fallback options, ten one-time use codes can be generated and saved securely, such as in a password manager, safe, or your preferred secure document storage system. For accounts using a TOTP app, SMS is supported as an optional fallback as well. 

Note: Accounts using SSO (Single Sign-On) will not have 2FV options available. 

To enable Two Factor Verification for the first time, follow these steps:  

1. Sign in to the Backblaze website with your current account email address and password.

2.  Once signed in, select "My Settings" from the left-side navigation links. 

3. Select the "Sign In Settings" link on the right side of the My Settings page.  

4. On the following pane, change the Two Factor Authentication option to "On" and all of the options to enable and configure fallback 2FV options will be available, as shown below.

6. If you choose SMS and leave the Generate Backup Codes option checked and click Update, it will show you a list of 10 backup codes you can use to regain access to your account in the future, should the primary 2FV method be inaccessible. Save or print these codes and keep them in a safe place. Once done, you will be logged out of your account automatically. 

Note: SMS will only be available if a phone number has already been registered to the account via the My Settings page. 

8. If you choose Authentication Application, open your preferred Authentication Application and scan the QR code shown for your account. Enter the verification code presented in the app and click Verify. It will tell you below that field if it was successful. You also have the option to Allow fallback to SMS, which is enabled by default. This will allow you to have a verification code sent to your verified phone number if you lose your Authentication Application. You can then click Update to save the settings. If you left the Generate Backup Codes option checked, it will show you a list of 10 backup codes you can use to regain access to your account in the future if you lose access to your phone number. Save or print these codes and keep them in a safe place. Once done, you will be logged out of your account automatically. 

9. When you log back in, you will see the below screen after you enter your password if you chose SMS. You can click the switch from Off to On to have your current browser trusted, so you won't be asked again for the SMS verification code in that browser. You will still be asked for the code in other browsers or on other devices. You have the option to select Resend Code if you have trouble receiving the SMS code, or click Use Backup Code to enter one of the 10 backup codes you saved previously. 

10. If you chose Authentication Application, you will see this screen instead. You can click the switch from Off to On to have your current browser trusted, so you won't be asked again for the Authentication Application verification code in that browser. You will still be asked for the code in other browsers or on other devices. You have the option to select Send SMS Fallback Code to your verified phone number if you have lost access to your Authentication Application, or you can select Use Backup Code to enter one of the 10 backup codes you saved previously. 

Backblaze Settings Overview (Win)

To open the Backblaze Control Panel, you can use either the Start Menu entry or the System Tray icon. 

If Backblaze has been pinned to your main Start Menu pane, it will appear as on the left below. If it has not, you can find it in the "All Programs" selection, as shown to the right below.  

The system tray icon is typically found at the lower right hand side of your desktop area, just to the left of the clock. Below is an example of the default desktop area with the system tray icons highlighted. 

Here is a close view of the System Tray and the Backblaze icon and the menu that appears if you select the Backblaze icon: 

Once you have opened the Backblaze Control Panel, you will see a screen like that shown below.

The "Backup Now" button will either resume or initiate a backup, depending on your backup schedule settings. 

The "Restore Options" button will present you with basic information about the way in which you can restore files from your Backblaze backup. 

"Selected for Backup" reports the total number and size of all of the files currently included in your Backblaze backup. 

"Backup Schedule" indicates the current schedule setting of your Backblaze software. 

"Remaining Files" shows the total number and size of files currently in queue to be uploaded. These files are not yet backed up. 

The "Settings" button will take you to the various settings you can change for the Backblaze backups. For more information on each settings pane, please refer to one of the following articles: 

General Settings (Win)

Performance Settings (Win)

Schedule Settings (Win)

Exclusion Settings (Win)

Security Settings (Win)

Backblaze Settings Overview (Mac)

There are a few ways to open Backblaze Preferences, depending on what version of macOS you are running. You will find a screenshot of each below. 

Only users on macOS 10.12-10.15 can find the application through the System Preferences pane:

To access your System Preferences pane, select the "" menu from the top left-hand side of your screen and select the "System Preferences" selection from the associated drop-down menu. It can also be accessed from the "Applications" section of "Finder"

 Users of all macOS versions can open Backblaze Preferences via either the menu bar icon or the Applications folder.

The menu bar icon will typically be found at the top right-hand side of your screen, to the left of your system clock. 

Here you will find the Backblaze application file shown in the Applications directory. 

Once you have opened the Backblaze Preferences pane, you will see the screen pictured below: 

The "Backup Now" button will either resume or initiate a backup, depending on your backup schedule settings. 

The "Restore Options" button will present you with basic information about the way in which you can restore files from your Backblaze backup. 

"Selected for Backup" reports the total number and size of all of the files currently included in your Backblaze backup. 

"Backup Schedule" indicates the current schedule setting of your Backblaze software. 

"Remaining Files" shows the total number and size of files currently in the queue to be uploaded. These files are not yet backed up. 

The "Settings" button will take you to the various settings you can change for the Backblaze backups. For more information on each settings pane, please refer to one of the following articles: 

General Settings (Mac)

Performance Settings (Mac)

Schedule Settings (Mac)

Exclusions Settings (Mac)

Security Settings (Mac)

Reports (Mac)

Creating a Restore: 

To start, you will need to sign in to the Backblaze website with your registered email address and password.

Selecting the Backup:

Once logged in, you will be brought to the account Overview page. On this page, all of the computers registered for backup under your account are shown with some basic information about each. Select which backup from which you wish to restore data by using the appropriate "Restore" button. 

Selecting the Type of Restore: 

Backblaze offers three different ways in which you can receive your restore data: downloadable zip file, Save Files to B2, or USB hard drive. The downloadable zip restore option will create a zip file of the files you request that is made available for download for 7 days. Zip restores do not have any additional cost and are a great option for individual files or small sets of data. Depending on the speed of your internet connection to the Backblaze data center, downloadable restores may not always be the best option for restoring very large amounts of data. Zip restores are limited to 500 GB per request and a maximum of 20 active requests can be submitted under a single account at any given time. 

The Save Files to B2 option allows you to move a zip restore to our B2 Cloud Storage service for permanent storage. B2 Cloud Storage is priced at $0.005/GB/Month for storage, and the Save Files to B2 option will quote your estimated storage cost. The maximum size of a Save Files to B2 restore is 10TB. You can learn more here.

USB hard drive restores are built with the data you request and then shipped to an address of your choosing. We ship via FedEx with signature required where available. FedEx does not deliver to PO Boxes. All USB restores are prepared and shipped from the U.S., even if your data is stored in a non-U.S. data center.

USB hard drive restores cost $189 and can contain up to 8 TB max (7,000,000 MB of data). This includes the cost of shipping. 

Note: If you are ordering a Mac restore drive that you plan on using and accessing through a Windows computer, please follow this guide to ensure the drive is formatted correctly for Windows.

Selecting Files for Restore: 

Using the left hand file viewer, navigate to the location of the files you wish to restore. You can use the disclosure triangles to see subfolders. Clicking on a folder name will display the folder's files in the right hand file viewer. If you are attempting to restore files that have been deleted or are otherwise missing or files from a failed or disconnected secondary or external hard drive, you may need to change the timeframe parameters. 

Put checkmarks next to disks, files or folders you'd like to recover. Once you have selected the files and folders you wish to restore, select the "Continue with Restore" button above or below the file viewer. Backblaze will then build the restore via the option you select (zip or usb drive). You'll receive an automated email notifying you when the zip restore has been built and is ready for download or when the usb restore drive ships. 

If you are using the downloadable zip option, and the restore is over 2 GB, we highly recommend using the Backblaze Downloader for better speed and reliability. We have a guide on using the Backblaze Downloader for Mac OS X here, or for Windows here. 

Please note: You can now apply filters to your view on the "View/Restore Files" page

You now have the option of applying the following filters to your file view on the "View/Restore Files" page. The options are:

1. Show hidden Files: This will display data normally hidden from the default view

2. Files Backed Up in the Last Week: This will display only files backed up in the last week

3. Files Accumulated in Forever Version History: Please note, if your back is set to any other version history besides Forever Version history, this option will not appear for you.

 ( you can find out more about our Extended Version History options here )

What to do after you have created your restore:

If you have selected a .zip (download) restore:

Once you have created a restore, our restore servers will begin preparing the files you requested.  When the restore is ready to be downloaded, you will receive an email notification.  Then you can go to https://secure.backblaze.com/user_signin.htm to login in to your account, and select 'My Restores'.

This will show you all of your restores available for download.  

We would recommend selecting 'Use Downloader' for all restores over 1 GB, which will download the Backblaze Downloader.  

Once the zip restore has been downloaded to your computer, you will need to unzip the folder to access the restored files. If you are on a Windows computer, you can use the unzipper built into the Backblaze Downloader. If you are on a Mac, you can use the unzipper built into the OS.

*Note - For best results on large restores, we recommend breaking up your restore into multiple chunks as shown here.

If you have selected a USB Hard Drive Restore:

You will want to follow the packaged instructions that come bundled with your drive, detailing how to install the appropriate unlocking software, and inputting the unlock code from your "My Restores" page. The steps for how to unlock your Encrypted drive can be found in this guide.

In both instances, either downloading a .zip, or accessing your encrypted drive, you would then drag and drop the files from the restore to the appropriate areas of your computer.

Please note: all restore drives are formatted to the operating system of the computer the restore was created from.

The following is a collection FAQs for customers using Backblaze for Business prior to January 18th, 2017 and who have not yet migrated to the new Backblaze for Business. Please see the Migration FAQ for on migrating.  

Installing & Getting Started

• What is the difference between IT and Individual Access?
• Does Backblaze Have a Silent Installer?
• Why is My Custom Installer Asking My Users for a Password?

Licensing

• How Do I Add Additional Licenses to my Backblaze for Business Account?
• Transfer Backup State for Backblaze for Business
• How Do I Remove A Backup from My Business Account?

Common Questions

• What is a Usage Report and Why are They Important?
• Why Am I Getting "Out of Compliance" Emails?
• How Do I Renew My Backblaze for Business Account?
• What Does ‘Client Not Seen’ Mean?
• How do I Change the Email Address/Domain Associated w/ my Account?
• Inherit Backup State for Backblaze for Business

The Master Application Key ID for an account can be found at the top of the 'App Keys' page of the Backblaze website, once signed into the Backblaze website. See the below screenshot. 

The Master Application Key is only shown when generating it and is not shown again, so make sure you save this in a secure location if you plan on using this more than once. 

On the same page, non-master app key and app key ID pairs can also be generated with specific access rights. 

For a detailed look, the documentation for app keys and app key IDs can be found here: https://www.backblaze.com/b2/docs/application_keys.html

NOTE: The terminology for the Master Application Key ID was recently changed from being called the Account ID. If you are using an integration where the terminology has not been updated to reflect our change, the Master Application Key ID will work in place of the Account ID. For a non-master app key that has been created, you can use that key's keyID in place of an Account ID.

Welcome

With the release of Veeam Backup and Replication Version 12 comes the ability to tier your Veeam Backup Jobs directly to B2 Cloud Storage. 

This guide will walk you through Backblaze buckets and keys, how to set up an S3 Compatible Object Storage Repository pointing to your Backblaze B2 bucket with Immutability, and assigning that repository to a new Backup Job. 

If you would like to set up your B2 Cloud Storage bucket as a part of a Scale-out Backup Repository, or are running either Veeam Version 10 or Veeam 11, please see this guide: Quickstart Guide for offloading Veeam Cloud Tier backups to Backblaze B2 with immutability

Part 1: Setting up Your Backblaze Account

Begin this guide by signing in to your Backblaze account. If you do not have an account, please sign up here.

1) Click Create a Bucket

2) Give your bucket a valid name, enable Object Lock, then click "Create a Bucket".  

3) Confirm your bucket has been made. Leave the File Lifecycle setting at the default "Keep all versions" Make note of your Endpoint, this will be useful when setting up your repository.

Ex: in this case, the endpoint is "s3.us-east-005.backblazeb2.com"

4) Navigate to the App Keys page. Click the "Add a New Application Key" button. 

5) Give your key a valid name, leave all other settings on default, then click "Create New Key".  

6) Record your keyID and applicationKey. You'll use them to set up your repository. 

Part 2: Adding your Backup Repository

1) Open Veeam Backup & Replication 12.

2) Navigate to Backup Infrastructure, then click Add Repository.

3) Click Object storage.

4) Click S3 Compatible.

5) Fill out the Name and Description fields, then click Next.

6) Fill out the Service point field with your Bucket Endpoint. Fill out the Region field with the 2nd part of the Endpoint. Then click Add... 

7) Fill out the Access key and Secret key fields with your keyID and applicationKey, respectively. Then click OK. 

8) Confirm your B2 credentials on the Account window, then click Next. 

9) Click the Browse... button to the right of the Bucket field. 

10) Select your bucket, then click OK. 

11) Click the Browse... button to the right of the Folder field. 

12) Click New Folder.

13) Type a name for your new folder. Press the Enter key to accept the name. Then click OK.

14) Check the box to select "Make recent backups immutable for x days", set your preferred number of days, then click Next. 

Note: This is a required step in this guide due to Object Lock being enabled in the example bucket. Checking this box is how one enables Veeam Immutability for their backups. Backblaze strongly recommends using this feature to protect your data from ransomware. 

15) Proceed through the Mount Server, Review, and Apply screens without making changes. Then click Finish on the Summary page. 

Congratulations! Your Repository is finished. Find it in the Backup Repositories section of your Backup Infrastructure. When you are ready, proceed to the next section to make your Backup Job. 

Part 3: Creating a Direct-to-Cloud Backup Job 

1) Navigate to Home -> Jobs.

2) Click Backup Job, then click Virtual machine...

3) Fill out the Name and Description fields, then click Next. 

4) Click Add...

5) Browse your VMs and make your selection(s). Click Add when finished. Repeat as necessary.

6) Confirm the selections, then click Next. 

7) Use the Backup repository drop-down to find and select your Backblaze B2 Backup repository.

8) Click Advanced...

9) Navigate to the Storage tab. Use the Storage optimization drop-down to find and select 4MB. Then click OK. 

Note: This is optional, but will improve performance of object storage backups to Backblaze B2 Cloud Storage. 

10) Confirm the selections, Click Next.

11) Proceed through the Guest Processing window without making changes. On the Schedule page, click "Run the job automatically" and set a schedule. Then click Apply. 

12) Optionally click the "Run the job when I click Finish" box, then click Finish. 

Congratulations! Your Direct-to-Cloud Backup Job to Backblaze B2 with Immutability is finished. Thanks for following along.

Again, Backblaze strongly recommends all Veeam customers enable Object Lock in Backblaze B2 and Immutability in Veeam to protect against ransomware. If you have a valid reason for not protecting against ransomware and do not want to enable immutability, please contact our support team for detailed instructions on how this can be enabled.

If you have any questions about B2, please feel free to reach out to our Support Team via our website here: https://www.backblaze.com/help.html

What is Object Lock?

Object Lock is a feature that makes data immutable by preventing a file from being changed or deleted until a given date. This helps to protect files stored in Backblaze B2 Cloud Storage from threats like ransomware which could potentially encrypt or remove files you intend to keep.

How does Object Lock work?

Object Lock must be enabled on a bucket at the time the bucket is created. For files going into a bucket with Object Lock enabled, there are two ways to lock them. First, you can set a date when you upload the file as part of the call to our API. Second, you can set a date on a file that is already uploaded. For both methods, you must set a date to lock the file until and which mode you want to use. Attempts to delete the file or make any changes to it before the set date will fail. While you can use the second method to extend the lock on a file, you cannot use it to shorten the lock.

The majority of users will never have to interact with the API at all - integrations like Veeam will simply ask how long you want your files to be immutable and enable that functionality behind the scenes for you.

With Default Bucket Retention, the feature applies Object Lock for a specified retention period on files uploaded or copied into a bucket. Read here for more information.

With Object Lock Legal Hold, the feature prevents a file from being changed or deleted, but the immutability does not have a defined retention period - a file is immutable until Object Lock Legal Hold is removed. Read here for more information.

Does Object Lock with Backblaze work the same way as it does with AWS?

From a functionality standpoint, Object Lock with Backblaze B2 Cloud Storage works the same way as it does with AWS. Files will be locked until the date a user sets on the file.

Is there an extra cost to use Object Lock?

There is no extra cost to use Object Lock, however you are responsible for the normal charges associated with storing the locked file.

Can Object Lock be enabled later on?

Yes. You may enable Object Lock on a bucket when creating a new bucket or on an existing bucket. Once enabled, the files in that bucket already and files uploaded after the enablement are eligible to be locked. At this time, the S3-compatible API, the B2 Native API, the B2 SDKs and the CLI may be used to enable Object Lock. The web application will support this feature at a later date.

What happens if I made a mistake and locked a file for longer than I wanted?

If you have locked your file for longer than you intended then you will need to close your B2 account. For assistance in closing your B2 account please see either Canceling and Deleting a Backblaze Account or How Do I Cancel My B2 Account.

Can I use Immutability with Veeam?

Yes, Object Lock in B2 Cloud Storage was designed with the Immutability feature in Veeam Backup & Replication in mind. If you have enabled Object Lock on a bucket on your account you can follow our guide on how to set up Veeam with B2 Cloud Storage. For more information, see this page.

Can I use Object Lock on a bucket that does not have it enabled?

No, Object Lock can only be used on a bucket that has Object Lock enabled.

Can I use Object Lock with the B2 CLI/AWS CLI?

Here is an example of how to create a bucket with Object Lock enabled and upload a file to Backblaze B2 with an Object Lock, then check the retention period for that file:

Creating a Bucket:

aws s3api create-bucket --bucket <bucketname> --object-lock-enabled-for-bucket --endpoint-url <S3 Endpoint>

Upload a File:

aws s3api put-object --bucket <bucketname> --key <filename> -->body <local_filename> --object-lock-mode COMPLIANCE --object-lock-retain-until-date "YYYY-MM-DD HH:MI:SS" --endpoint-url <S3 Endpoint>

Check Object Retention:

aws s3api get-object-retention --bucket <bucketname> --key <filename> --endpoint-url <S3 Endpoint>

Can I only use Object Lock with the S3 Compatibility API?

No, Object Lock is available via the S3 Compatibility API and the B2 Native API.

What happens after the end of the retention period?

Once the Object Lock retention period expires, a file may be changed or deleted.

Will Object Lock affect any other bucket or lifecycle settings?

Yes. When a file is locked, lifecycle settings or an integration setting attempting to change or delete the file will fail.

Can Object Lock only be enabled using the WEB UI? If not how can it be otherwise enabled?

Object Lock may be enabled by API or by using the web application. See this page for more information about our API. Default Bucket Retention and Object Lock Legal Hold may be enabled through the web application as well.

Can Object Lock Legal Hold be enabled for multiple files at once?

No, Object Lock Legal Hold may be applied only one file at a time during upload or updating a file.

What are examples of who or what Default Bucket Retention would usually apply to?

Default Bucket Retention is a great feature for those who want to ensure that their data is not changed or deleted. Refer to the Default Bucket Retention article for more information.

This article explains how to use Cloudflare Workers to serve data from a private B2 Bucket. If you would like to allow Cloudflare to fetch content from a public Backblaze B2 Bucket, see the KB article on using Cloudflare Workers to fetch content from a public B2 Bucket.

Introduction

Many customers have expressed interest in hosting static data for their website (ranging from minified Javascript applications to multi-hour 8K video) because of the security, reliability, and affordability of Backblaze B2 storage. One solution to ensuring performance and availability is to route requests through a CDN (Content Delivery Network) such as Backblaze's Bandwidth Alliance partner Cloudflare, taking advantage of Cloudflare's performance and the free data transfer between Backblaze B2 and Cloudflare.

How does a CDN like Cloudflare work?

Cloudflare leverages DNS (Domain Name System) so that content requests come to Cloudflare's servers. Through caching and private high-speed links, Cloudflare ensures high availability and reliability from storage. A website's domain name is registered with Cloudflare (and transferred from its domain name registrar), so that Cloudflare becomes responsible for serving content from that domain. Behind the scenes, Cloudflare allows a website's domain to be aliased to some other domain, so that a user may see images and content from https://www.coffeemaniacs.com when those images and that content is actually being served from Backblaze B2 (https://f345.backblazeb2.com/file/coffemaniacs-storage)

Backblaze Buckets are on the Internet Securely

Although all buckets are addressable from the internet, only public buckets can be accessed by just anybody. By default, Backblaze B2 storage is private, which means that access requires authentication. Backblaze's various integration partners have incorporated this security into their tools to keep Backblaze B2 as user-friendly as possible while still maintaining security.

Website Content from Secure Buckets

Putting these elements together means that customers serving data from their website want to serve from their website; they want to store their photos and videos and all of their digital content in a private bucket, available through (and only through) their website. When hosting a website directly, adding the authentication required to pull data from Backblaze B2 is straightforward. Fronting a website through Cloudflare is slightly more complex: now Cloudflare has to access private buckets to retrieve and cache data, which means Cloudflare has to authenticate its requests to Backblaze B2.

Web Workers for the Win

Cloudflare offers web workers, small Javascript snippets that allow rewriting HTTP and HTTPS requests on the fly. These make it straightforward to add authentication headers to content requests, and authenticate the link between Cloudflare and Backblaze B2. Even better, Cloudflare's web workers can be uploaded directly into Cloudflare's servers making the automation of the process straightforward. Web workers are available at all plan levels (including the free plan), for a nominal charge (please see Cloudflare's site for their pricing and plan). At the free level, only one script is possible, but one is enough to allow Cloudflare access to otherwise private data.

Web Workers, Updates, and Authorizations: Working Together

One solution is to use a Web Worker to rewrite the request URLs on the fly, adding an Authorization parameter. Although an authorization is good for any number of requests, B2 authorizations eventually expire (the longest period of time an authorization can persist is 7 days). Manually updating the authorization each week would be a chore: this is something that should happen automatically. Fortunately, both Backblaze B2 and Cloudflare offer APIs that can automate the process. The procedure here uses a Python script and the B2 APIs to get a new B2 download authorization, good for 7 days from the moment the script runs. After embedding that authorization into a Javascript snippet, the Python script uses the Cloudflare APIs to upload the script. By using a scheduler such as cron on Linux or MacOS, or schtasks on Windows, an administrator can automate running the script every day or two, thus ensuring the authorization code is always current. This article contains the complete script, as well as instructions on modifying it with the right parameters.

Setting up to enable access to your private bucket

Building this connection requires:

• A Backblaze account
• An ApplicationKey and ApplicationKeyID that gives read access to the private bucket
• The name of the Backblaze B2 file server for the bucket
• A Cloudflare account
• A top-level internet domain (such as www.pawneeparks.org)
• Cloudflare Web Worker access
• The Cloudflare API key
• The Cloudflare Zone ID
• A Python3 program to get a refreshed authorization token and upload it to Cloudflare along with the worker code (available at Github). (Once Cloudflare's recently announced Workers KV comes out of beta, we will update this article to store the authorization key in this distributed database.)
• A server running cron (or something similar) to run the python3 update at regular intervals

Guide

Gather the information needed about your Backblaze B2 account

If you do not already have a Backblaze account, sign up for one here. Backblaze B2 includes 10 gigabytes of free storage and does not require a billing method to get started exploring the possibilities.

After creating (or signing into) your Backblaze B2 account, go to My Account on the top menu, and then select Buckets in the right hand menu

This will open the bucket UI screen, and if this is a new account, it will have no buckets (yet).

Redirecting traffic requires having a bucket. Clicking on 'Create Bucket' brings up the bucket creation dialog.

Choose a name (not the one in the dialog). Bucket names must be globally unique across all Backblaze B2 accounts. Choosing a name already in use will return an error; should this happen, simply choose another name. Users of the redirected content will not see this name.

As long as we are here, get the BucketId for this bucket (this is a globally unique identifier). Next, upload a file (it does not matter what). Click on Upload/Download.

Click on upload, and send a text or HTML file up to Backblaze B2 (we will retrieve it as part of testing the integration) later. This file will be referred to later as uploadedFile.html.

Just drag and drop a file, and upload it to the Backblaze B2 bucket.

Find the white i in a small gray circle at the far right of the file listing (circled in green), and click on that. It gives information about the file: we are looking for the fileserver for this account (all buckets from this account will utilize this particular fileserver).

As shown, the fileserver for this bucket is https://f001.backblazeb2.com. Make a note of the fileserver, as this is the top-level domain that is the target of the remap. Also note that the filepath is <fileserver>/file/<BucketName>/filename — this pattern is used to source content through the remapped domain (more detail on this later).

Next, get (or create) an applicationKeyId and applicationKey to generate authorization tokens. Once the file information dialog is dismissed, click on the 'Buckets' menu item in the left-hand menu to return to the main Buckets page. Near the top of the page, is a link to Show Account Key and Application Key.

Click on this link to go to the key management.

Although it is possible to use the Master Application Key ID and Master Application Key, it is preferable to use a key with less access. Scrolling down this screen a bit gives:

This will create an ApplicationKeyID and ApplicationKey (and this one is scoped to provide full read and write access to the bucket). Please note that the ApplicationKey is displayed exactly once. Although another key can be created with similar permissions, this particular key cannot be regenerated. This key gives access to your bucket, and should be kept securely. Application keys enable a great deal of flexibility in granting access to your stored content.

Note the ApplicationKey (again: this is the only time it will be displayed) and the ApplicationKeyId for the bucket. The ApplicationKeyId, along with the KeyName, are listed (as are all keys created for an account).

This is all the information required from Backblaze.

Set up the Cloudflare account

If you do not already have a Cloudflare account, sign up for one at Cloudflare.

and sign up:

After signing up, register your top-level domain with Cloudflare by going to 'add record'.  Ensure the record type is CNAME. This will map your top level domain (here static.pawneeparks.org) to the source that Cloudflare will fetch content from.

Click on 'add record', and then make sure the cloud icon directly to the right of the 'Automatic TTL' choice box and directly to the left of the 'Add Record' button is orange; if it is gray, click it once to change the setting from 'DNS only' to 'DNS and HTTP Proxy'.

The next step requires adding billing information, and a subscription to web workers. After this is accomplished, go the the workers page, and launch the editor.

Do not modify the default script (there is no need). However, the script must be saved by clicking the 'save' button (circled in green). Clicking this button may not appear to do anything, but it is absolutely required for the next step, which is to specify the route on which the worker script is enabled.

Click on the 'routes' tab (circled in green) to show the routes.

 click 'Add Route' to add a route, and it should show up.

and the script will show as enabled for this script:

The routing is set up, and the script will be taken care of automatically by python script, but we will need an API key for Cloudflare. Click on 'Dashboard' to return to the main Cloudflare interface, and then go to the Overview.

Several things require attention here. First, SSL should be set to Full (Strict) to ensure that Cloudflare verifies certificates from Backblaze B2 storage. Next, the Zone ID is required to upload our worker script, as is the API key. After noting the Zone ID, click on 'Get your API key'.

and scroll down to the bottom of this page. The final section is API Keys. The required information is the global API key. Click View to display the API key, and make note of it. Cloudflare will require account verification.

It will reveal your API key:

Please note: under no circumstances display your API key in a public forum.

Setting up the authorized web worker with Cron

Since Backblaze B2 authorization tokens expire, feeding a CDN requires updating the authorization token. The simplest way to do this is to replace the entire worker script with a new one, where the authorization token is hard-coded into the Javascript. To make this easier, here is a script which, given the identities, identifiers, and keys, will get a new authorization token from Backblaze, embed it into a web worker script that will add the token as a header to incoming requests, and then upload the script to Cloudflare. By default, the script's authorization tokens are valid for one week (the maximum possible time). If this script is scheduled to run once a day, then the script can be missed for five days before the authorization token expires.

Setting up a Python script to run at regular intervals is beyond the scope of this guide, as is setting up a Python3 environment. This is the Python3 script to get a B2 authorization token and upload a web worker to authorize Cloudflare requests to the private bucket is available.

This script requires some customization, as a number of values are specific to the user.

cloudflareEmail

The email address registered as the account owner in Cloudflare

bucketSourceId

The hexadecimal bucket identifer for the source bucket in Backblaze B2

bucketFilenamePrefix

The filename prefix (if any) for which the B2 ApplicationKey is valid

cfZoneId

The Zone ID for the Cloudflare account

b2AppKey

This is the Backblaze B2 Application Key to authorize access to the Backblaze B2 bucket. This is the secret key that is displayed exactly one time and never again.

b2AppKeyId

This is the Backblaze B2 Application Key ID. It is also a long string, but it is displayed in the list of existing keys.

maxSecondsAuthValid

The number of seconds for which the authorization is valid when created. The default script value is a week, which is the maximum time-to-live of any authorization token. The valid time may be set to a smaller value. However, this should be weighed against how often the cron job will run. If the cron job runs once a day, then if it is skipped for a day or two or even five, the authorization remains active if the authorization token lasts for a week.

The Backblaze Fireball program consists of a Synology NAS with 10GigE add-in card, and hard drives shipped to the customer. The customer sets up the NAS, moves the data to it, and after configuring and testing the configuration for validity, returns the NAS to Backblaze. When Backblaze receives the NAS, the data is moved to B2 storage, verified, and then the data is cleared from the NAS.

If you become aware of an actual or potential violation of laws, rules, regulations, or any of Backblaze policies, you can report this anonymously in one of two ways:

1. By emailing to anonymous[at]Backblaze.com
2. Report this online by filling in the Anonymous Reporting Form.

If you suspect you have received a phishing email with content hosted on our servers, please send an email to reportphishing @ Backblaze . com.

Please ensure to include who the email was sent from and the link that routes to our domain.

The link should begin with "https://f000.backblazb2.com" or "https://f001.backblazeb2.com" or "https://f002.backblazeb2.com."