Featured image for Using Object Storage as a Website Origin with S3, MinIO and a CDN article
Technology

Using Object Storage as a Website Origin with S3, MinIO and a CDN

4 January 2026 18 minute Berkay Bulut

Running a fully static website from object storage is no longer an experimental trick. For many projects it is now the cleanest way to host a site: no web server to patch, no PHP to tune, no database to maintain. You store static files in an S3‑compatible bucket or MinIO, put a CDN in front, and let the edge handle performance. As the dchost.com team, we see this architecture more and more in real projects: marketing sites, product docs, documentation portals, micro‑landing pages and even full Jamstack frontends. In this article we will walk through how to use object storage as the primary website origin, how S3‑compatible services and MinIO fit in, how the CDN talks to your buckets, and what you must get right around HTTPS, caching and cost. If you are planning a new static site or want to simplify an existing stack, this guide will help you design a reliable, fast and maintainable setup from day one.

Why Host a Website Directly from Object Storage?

Object storage and classic web hosting solve different problems. Traditional hosting (shared, VPS or dedicated) gives you a full server environment to run PHP, Node.js, databases and background jobs. Object storage gives you a highly durable key‑value store for files, accessible over HTTP(S) with an S3‑style API.

When your site is completely static (HTML, CSS, JavaScript, images, fonts, PDFs), a classic web server is often more than you actually need. Using object storage as the origin brings several concrete advantages:

  • Radical simplicity: No web server to configure, no virtual hosts, no PHP‑FPM or application runtime. You upload files and they are served as‑is.
  • High durability and availability: Object storage systems are built to keep many copies of your data across disks and nodes. Even a self‑hosted MinIO cluster on a dchost.com VPS or dedicated server can be configured with erasure coding for strong resilience.
  • Effortless scale: Storage capacity and throughput grow horizontally. With a CDN in front, you can handle large traffic bursts without touching the origin.
  • Clean separation of concerns: Static frontend lives in object storage and CDN, while APIs, backends and admin panels run on classic hosting or VPS infrastructure.
  • Cost predictability: You pay mainly for storage and outbound traffic, not for always‑on CPU and RAM. This aligns well with static sites that do not need continuous compute.

If you are still comparing storage types, it may help to read our overview explaining object storage vs block storage vs file storage for web applications and backups. Once you understand what object storage is good at, using it as a website origin becomes a natural next step.

Architecture Overview: Browser → CDN → Object Storage

Before diving into S3 and MinIO specifics, let's clarify the basic request flow when object storage is your origin:

  1. A visitor types https://www.example.com/ in the browser.
  2. DNS points www.example.com to your CDN (via CNAME or similar).
  3. The CDN receives the HTTPS request, terminates TLS, and checks its edge cache.
  4. If the object (for example /index.html) is cached, the CDN serves it directly.
  5. If not cached, the CDN fetches the file from your origin: an S3‑compatible bucket or MinIO endpoint.
  6. The CDN caches the response according to Cache-Control and related headers, then returns it to the user.

In this architecture the origin is not a web server, but an HTTP‑enabled object storage endpoint that exposes objects such as index.html, style.css, app.js and images like img/logo.png.

Public vs Private Origins

There are two main ways to connect your CDN to object storage:

  • Public bucket origin: Buckets or paths are world‑readable. The CDN just acts as a cache layer on top of a public HTTP endpoint.
  • Private bucket origin: Buckets are locked down. The CDN uses special credentials, signed URLs or an origin access identity/allow‑list to fetch objects.

For production, we strongly prefer a locked‑down origin where only the CDN can talk to your object storage endpoint. This prevents direct traffic from bypassing the CDN, and it also simplifies TLS and firewall rules. We describe similar origin‑hardening ideas in our article on what “real HTTPS behind a CDN” actually means and how to configure full strict SSL.

Static Website Requirements

Using object storage as origin only works if your site behaves like a static site from the browser's point of view:

  • No server‑side sessions or PHP templates in the origin.
  • No server‑rendered logic that must run on every request.
  • All dynamic behaviour implemented in JavaScript (for example SPA + API or Jamstack) or via third‑party services.

If you are new to this model, our static site hosting guide for ultra‑fast Jamstack sites with CDN and VPS is a good primer on when static architectures are a good fit.

S3‑Compatible Services vs Self‑Hosted MinIO

Once you decide to use object storage as origin, you have two broad choices:

  • Managed S3‑compatible storage: An external object storage service with an S3 API that you access over the internet.
  • Self‑hosted MinIO: An S3‑compatible object storage server you run on your own dchost.com VPS, dedicated server or colocated hardware.

Managed S3‑Compatible Object Storage

Managed object storage is attractive when you want minimum operational overhead:

  • You do not manage disks, RAID, or erasure coding directly.
  • The provider handles hardware failures and capacity expansion.
  • You connect via S3 API and usually get built‑in lifecycle management, versioning and metrics.

For a purely static site with global visitors, pairing managed S3‑compatible storage with a CDN is often the most hands‑off approach. When planning costs, remember you are paying for stored GB, operations (PUT/GET) and egress traffic. Our dedicated article on object storage cost optimization using lifecycle policies, cold storage tiers and bandwidth control goes deeper into how to keep these components under control.

Self‑Hosted MinIO on VPS or Dedicated Servers

MinIO is a fast, S3‑compatible object storage server you can run on your own infrastructure. At dchost.com, we see teams choose MinIO when they want:

  • More control over where data lives (for example, keeping everything within a specific country or data center).
  • Predictable costs based on VPS or dedicated server plans instead of per‑operation billing.
  • Tight integration with existing backup, logging and monitoring stacks.

If you go this route, treat MinIO as a critical production service: use multiple disks with erasure coding, enable TLS, configure access and bucket policies, and monitor health metrics. We have a hands‑on guide that walks through this in depth: how to run production‑ready MinIO on a VPS with erasure coding, TLS and S3‑style policies.

For high availability or disaster recovery, you can add cross‑region or cross‑server replication between MinIO instances or between MinIO and another S3‑compatible service. We cover this pattern in our article on cross‑region replication on S3/MinIO, versioning and failover.

Designing a Fully Static Site for Object Storage

The biggest technical decision is not “which object storage” but “how static is your site really?”. Converting a traditional, server‑rendered site into a fully static bundle requires some planning.

What Counts as Fully Static?

A site is a good candidate for object‑storage hosting when:

  • All pages can be generated ahead of time as HTML files. Even if there are thousands of pages, static site generators can build them.
  • Dynamic features are client‑side or externalized: contact forms posted to an external API, search driven by a JavaScript‑powered search service, authentication via an external identity provider.
  • No state is stored on the origin: no sessions, carts, or user data that requires server‑side persistence on the same origin.

Common real‑world fits include documentation sites, marketing pages, product landing pages, knowledge bases, microsites for campaigns and some content‑heavy blogs.

Static Site Generators and Build Pipelines

To generate the actual files you will upload to S3 or MinIO, you typically use:

  • Static site generators (for example Jekyll, Hugo, Eleventy, etc.).
  • Modern JS frameworks with static export modes (for example React/Vue frontends that output prerendered HTML + JS bundle).
  • Build steps for CSS/JS/asset optimization (minification, tree‑shaking, image compression, fingerprinting).

The output of your build should be a simple directory structure like this:

dist/
  index.html
  about/index.html
  blog/index.html
  blog/post-1/index.html
  assets/css/app.3f2c1a.css
  assets/js/app.98b7ad.js
  img/logo.png

Every file inside dist/ will become an object in your bucket, with the same path. That simplicity is what makes object storage and CDNs work so well together.

Handling Forms, Search and Other Dynamic Bits

Where things get tricky is forms and search. Typical approaches include:

  • API backend on a VPS or dedicated server: Your static site posts form data or search queries to an API hosted on a separate origin (for example api.example.com). The static origin never runs application code.
  • Third‑party form services: Quick to set up for marketing landing pages but less flexible.
  • Client‑side search indexes: For small sites, you can ship a pre‑built JSON search index and search entirely in the browser.

This split architecture (static frontend + API) is also very friendly to performance optimization, caching and multi‑region deployments, which we discuss in other articles such as our guide to how HTTP/2 and HTTP/3 affect SEO and Core Web Vitals when choosing hosting.

Setting Up an S3‑Compatible Bucket as Website Origin

Let's look at a concrete configuration pattern for using an S3‑compatible bucket as a static website origin behind a CDN. The exact UI and terminology will vary between providers, but the core concepts are similar.

1. Create a Bucket and Folder Layout

  • Create a bucket, for example example-com-site.
  • Decide whether you want a single bucket for multiple environments (for example prod/ and staging/ prefixes) or one bucket per environment.
  • Upload the contents of your dist/ directory to a chosen prefix, for example prod/.

Your object keys will look like:

prod/index.html
prod/about/index.html
prod/assets/css/app.3f2c1a.css

2. Configure Index and Error Documents

Traditional web servers know what to do when a directory path like /about/ is requested: they serve about/index.html. Object storage does not do this automatically, so you either:

  • Use a built‑in “static website hosting” mode (if provided) where you can configure index document and error document, or
  • Configure the CDN to rewrite paths ending with / to /index.html before hitting the origin.

We generally prefer handling these rewrites at the CDN layer. It keeps your object storage configuration simpler and lets you do more advanced routing if needed.

3. Set Correct MIME Types and Content‑Type

Objects in S3‑compatible storage have metadata, including Content-Type. Your HTML, CSS and JS files must be served with correct types:

  • text/html; charset=utf-8 for .html
  • text/css for .css
  • application/javascript for .js
  • Appropriate types for fonts, images and JSON

Most upload tools infer types from file extensions, but it's worth validating a few responses with curl -I or browser dev tools.

4. Cache Headers and Cache Busting

Because your CDN will heavily cache assets, you should set strong cache headers:

  • Immutable assets (CSS/JS/images with fingerprinted filenames like app.3f2c1a.css): Cache-Control: public, max-age=31536000, immutable.
  • HTML documents: shorter TTLs, for example Cache-Control: public, max-age=300 or leave them to be overridden by CDN rules.

Using fingerprinted filenames for assets and long‑lived cache headers is sometimes called “cache busting”. We cover techniques and gotchas in our dedicated article on cache busting strategies with CDNs and browser caching.

5. Lock Down Bucket Access

For a secure setup:

  • Disable public access to the bucket if your provider offers a checkbox for this.
  • Create a dedicated IAM user or access key pair that the CDN will use for origin pulls if needed.
  • Restrict bucket policies so only your CDN's IP ranges or identity can read objects.

Some CDNs support “origin access” features that let them fetch from otherwise private buckets without any public URLs being exposed. Prefer these patterns whenever possible.

Using MinIO as a Static Website Origin

With MinIO, you control the entire stack: disks, network, TLS and policies. The goal is to present the CDN with a stable HTTPS endpoint that behaves just like S3.

1. Deploy MinIO on Your Server

At a high level, you will:

  • Provision a VPS, dedicated server or colocated machine at dchost.com with enough disk and network capacity.
  • Install MinIO (standalone for small setups, distributed/minio server with multiple disks for production).
  • Configure MinIO to listen on a private IP or an internal VLAN behind a reverse proxy (Nginx or similar) that terminates TLS.

Use systemd to manage the MinIO service, configure log rotation and monitor resource usage (CPU, RAM, IO). Our detailed guide to production‑ready MinIO on a VPS covers these steps step‑by‑step.

2. Buckets, Policies and TLS

Inside MinIO:

  • Create a bucket for your site, for example example-com-site.
  • Define a read‑only policy that allows GET on example-com-site/prod/* for your CDN's access key or IP range.
  • Ensure all access goes through HTTPS. Use valid TLS certificates on your reverse proxy (you can automate with ACME/Let's Encrypt).

You can expose MinIO directly on a dedicated hostname (for example origin.example.com) used only by the CDN, not by end users. This keeps your origin endpoint separate from the public website hostname.

3. Performance Considerations

MinIO is extremely fast when backed by NVMe or SSD and a stable network. For static site origins:

  • CPU: A few vCPUs usually suffice; object storage is more I/O‑bound than CPU‑bound for static workloads.
  • RAM: Enough to cache metadata and frequently accessed objects; 4–8 GB is often fine for small/medium sites.
  • Disks: Prefer NVMe SSD if you also use the same MinIO cluster for backups or large objects.

Since the CDN will cache most traffic, your MinIO origin mainly needs to handle cache misses, deployments and occasional direct testing.

Configuring the CDN for an Object Storage Origin

The CDN is the user‑facing “web server” in this architecture. Correct configuration here determines performance, cache hit ratio and even SEO behaviour.

1. Add the Origin

In your CDN panel:

  • Add a new origin with the hostname of your S3‑compatible endpoint or MinIO reverse proxy, for example origin.example.com or bucket.storage-provider.com.
  • Specify HTTPS and verify the certificate chain is valid.
  • Optionally set a custom Host header (some object storage endpoints expect a specific virtual host name).

Then, create a CDN “pull zone” or equivalent for www.example.com that uses this origin.

2. Path Rewrites and Directory Indexing

Configure rules so that:

  • Requests ending with / map to /index.html on the origin.
  • Optional: fallback 404.html or SPA routing rules (for example, rewriting unknown paths to /index.html for client‑side routers).

Be careful with SPA routing: if you rewrite all 404s to /index.html you must still send proper HTTP status codes to ensure SEO is not harmed.

3. Caching Rules

Good defaults for a static site origin:

  • Respect origin headers for cacheable content (based on Cache-Control and Expires).
  • Force long TTLs (for example 1–30 days) at the edge for fingerprinted assets if the origin headers are not strong enough.
  • Shorter TTLs (or even cache bypass) for HTML documents where you need faster content updates.

Make sure you know how to purge cache by URL or tag when deploying new versions. This is critical for smooth releases and is discussed more extensively in our article on browser and CDN cache busting strategies.

4. Bandwidth and Cost Controls

CDNs offload most traffic from your origin. However, misconfigured caching or cache busting can still cause high egress. To keep costs under control:

  • Monitor cache hit ratio and work to keep it as high as possible.
  • Avoid changing asset filenames unnecessarily between deploys.
  • Consider regional pricing and traffic routing if your CDN supports it.

We cover these ideas in more detail in our guide to controlling CDN bandwidth costs with origin pull, cache hit ratio and regional pricing.

5. Security Features

Take advantage of CDN‑side security to protect your static origin:

  • Enable basic WAF rules for common attacks (SQL injection patterns, XSS, etc.).
  • Rate‑limit abusive clients or bots.
  • Restrict administrative paths (if any) by IP or additional authentication.

Even though your origin is static, your site is still a target. Many attacks try to exploit JS libraries, forms or embedded widgets. CDN‑side protection plus good HTTPS settings make a big difference.

DNS, SSL and Security Considerations

Using object storage as origin changes where TLS terminates and how you think about DNS, but the principles remain the same: your visitors talk HTTPS to a hostname you control, and everything behind that hostname should be secured as if it were a normal web server.

Custom Domains and DNS

The simplest setup is:

  • www.example.com → CNAME to your CDN zone hostname.
  • example.com → either CNAME (if provider supports CNAME flattening/ALIAS) or an A/AAAA record to the CDN's edge IPs.

From there, the CDN is responsible for routing to your S3/MinIO origin. Our article on www vs non‑www canonical domains, 301 redirects and HSTS is a good reference for choosing your primary hostname and redirect strategy.

HTTPS, HSTS and Security Headers

You should:

  • Enable HTTPS at the CDN level with valid certificates for your domain (often automated).
  • Force HTTP→HTTPS redirects.
  • Configure Strict-Transport-Security (HSTS) once you are confident your HTTPS setup is stable.
  • Set additional headers like Content-Security-Policy, X-Frame-Options, X-Content-Type-Options and Referrer-Policy on the CDN.

We go into these headers in detail in our HTTP security headers guide. Even for static sites, these headers help reduce the impact of XSS, clickjacking and content‑type confusion.

Origin Protection

Your object storage origin should not be directly reachable from the public internet, or at least not obviously so:

  • Limit access to CDN IPs only (via firewall or bucket policies).
  • Use private endpoints if your CDN and storage share the same network or region.
  • Avoid exposing friendly or guessable public URLs to your bucket.

The goal is that if someone discovers your storage endpoint, they still cannot abuse it or send large amounts of traffic to it directly.

Cost and Performance Tuning for Object Storage Origins

Once your architecture is live, you will spend most of your time on two axes: performance (time to first byte, Core Web Vitals) and cost (storage + egress + CDN).

Storage and Network Usage

For static sites, storage growth tends to be modest unless you host many images or downloads. Bandwidth is usually the main cost driver. Good practices include:

  • Compressing CSS/JS and using image formats like WebP/AVIF where appropriate.
  • Setting correct cache headers so edge nodes and browsers cache aggressively.
  • Using a CDN with PoPs close to your main audience to reduce latency and origin hits.

We have a broader overview of storage strategy in our guide on hot, cold and archive storage for backups with NVMe, SATA and object storage, which can also inspire how you plan long‑term file storage for static content.

Deployment Strategy

A practical deployment pipeline for object storage origins often looks like this:

  1. Build the static site (CI/CD pipeline or manual build).
  2. Upload the new version to a versioned prefix (for example releases/2025-01-04/).
  3. Update a small current alias (for example a current/ prefix or CDN rule) to point to the new release.
  4. Purge CDN cache for HTML documents (and any assets that changed without fingerprinting).

This gives you instant rollback by switching the alias back to the previous prefix. It's a lightweight variant of blue‑green deployments on static origins.

Monitoring and Troubleshooting

Key things to monitor:

  • CDN metrics: cache hit ratio, edge errors, latency by region.
  • Origin metrics: 4xx/5xx rates on object storage, request volume, error logs.
  • Website metrics: Core Web Vitals (LCP, INP, CLS) and TTFB from real user monitoring.

If TTFB is high, your first suspects should be DNS resolution, TLS handshake at the CDN and cache hit ratio, not the object storage origin itself. Static origins are usually extremely fast when properly cached.

Putting It All Together: When Object Storage Origins Make Sense

Using S3‑compatible storage or MinIO as a website origin is not a silver bullet for every project, but for the right kind of workloads it is incredibly effective. If your site is static, or can be made static with a clear separation between frontend and API, you gain simplicity, resilience and scalability by moving your HTML, CSS, JS and media into object storage behind a CDN.

From the dchost.com side, we like this approach best when combined with a solid VPS or dedicated server layer for APIs, background jobs and admin tools, while the public‑facing frontend lives entirely in object storage and at the CDN edge. It keeps your attack surface small, your deployment pipeline simple and your performance excellent even under traffic spikes.

If you are planning a new site or refactoring an existing one and want to explore a static + object storage origin architecture, you can combine it with our other guides on static site hosting for Jamstack, real HTTPS behind a CDN and controlling CDN bandwidth costs. And of course, if you need help sizing VPS or dedicated servers for MinIO or your API layer, the dchost.com team is always happy to share concrete, real‑world sizing advice.

Post Views: 65

Frequently Asked Questions

No. Object storage as a website origin is only suitable for fully static sites. Platforms like WordPress, Laravel or custom PHP/Node.js apps require server-side code execution and usually a database; they must run on classic hosting, a VPS or dedicated server. However, you can still use object storage in those stacks for specific pieces: for example, offloading media uploads to S3-compatible storage while the main application runs on a web server. For a full static origin, all pages must be pre-generated, and any dynamic behaviour needs to be handled client-side or via separate APIs.

Forms and search need to be decoupled from the origin. A common pattern is to host a small API on a VPS or dedicated server (e.g. api.example.com) and submit form data or search queries there via JavaScript. The static site itself, served from S3 or MinIO through a CDN, remains read-only. For simple marketing forms you can also use third-party form providers, but for long-term control and compliance we usually recommend your own lightweight API. Search can be done via a JavaScript search index for small sites or via a dedicated search service accessed from the browser.

Yes, if you treat it as a production storage system. That means running MinIO on reliable hardware (or a high-quality VPS/dedicated server), using multiple disks with erasure coding, enabling TLS, configuring strong access policies and monitoring health and performance. You should also plan backups or replication to another MinIO instance or S3-compatible service for disaster recovery. In this setup the CDN will cache most traffic, so MinIO mainly handles cache misses and deployments. When designed correctly, MinIO is a very robust origin for static sites.

First, ensure your site is truly static: export all pages as HTML and collect CSS, JS, images and other assets into a single build directory. Next, create an S3-compatible bucket or MinIO bucket and upload this directory so paths match your current URL structure. Configure index/error handling (often via CDN path rewrites), then point your CDN origin to the storage endpoint. Test everything on a temporary hostname. Once satisfied, update DNS to send traffic for your real domain to the CDN, and monitor cache behaviour and logs. Keep your old hosting for a short overlap period as a safety net.

Done correctly, SEO should not suffer and performance often improves, which can help Core Web Vitals and rankings. Key points are: keep URLs stable, return correct HTTP status codes (especially 200, 301, 404), ensure all pages are accessible without JavaScript when possible, and configure proper HTTPS, HSTS and canonical domains. The fact that files live in object storage and are served through a CDN is transparent to search engines. Just make sure redirects, sitemaps and robots.txt are updated to match the new infrastructure and that you do not accidentally block crawlers at the CDN layer.

Similar Articles

Best Hosting Architecture for Small SaaS Apps: Single VPS vs Multi‑VPS vs Managed Cloud
Best Hosting Architecture for Small SaaS Apps: Single VPS vs Multi‑VPS vs Managed Cloud

When you are building a small SaaS product, hosting architecture can easily feel like a…

Read more
Zero‑Downtime Migration Between Plesk and cPanel: The Calm, No‑Drama Runbook
Zero‑Downtime Migration Between Plesk and cPanel: The Calm, No‑Drama Runbook

İçindekiler1 The 02:00 Pager That Taught Me Zero‑Downtime Migrations2 Before You Touch DNS: Discovery, SLOs,…

Read more
VPS SSH Hardening Without the Drama: FIDO2 Hardware Keys, SSH CA, and Safe Key Rotation Step-by-Step
VPS SSH Hardening Without the Drama: FIDO2 Hardware Keys, SSH CA, and Safe Key Rotation Step-by-Step

So there I was late one evening, watching a stream of failed SSH logins scroll…

Read more
Automating VPS Setup with Terraform and Ansible
Automating VPS Setup with Terraform and Ansible

If you find yourself repeating the same VPS setup steps again and again—creating users, hardening…

Read more