Migrating an object store from Digital Ocean to Hetzner

Fremantle
2026 March 11 (Wednesday), 6:59PM
· hosting · VPS · Hetzner ·

I've finally gotten around to moving a bit more of my web stuff to Hetzner. Today it was the S3-compatible object store that this blog uses for images and other uploaded files. The whole process was reasonably easy, apart from a few waiting bits where I forgot what I was doing and an unfortunate silliness with DNS where I forgot to copy some records to the new system.

Setting up the new bucket in the Hetzner Console interface (not the KonsoleH one) was simple, as was copying the data across with Rclone (with do and hetzner remotes set up in rclone.conf):

$ rclone sync do:my-wiki hetzner:my-wiki --progress

The main difference between the providers is that Digital Ocean sets up custom subdomains for buckets automatically, including SSL certificates (from LetsEncrypt). On Hetzner we have to do that ourselves, which I'm actually finding much easier to think about because the configuration lives alongside the rest of the webserver's.

The official docs give instructions for Nginx, but not Apache, for which something like the following config works:

RewriteEngine On
SSLProxyEngine on
<VirtualHost *:80>
        ServerName files.samwilson.id.au
        RewriteRule ^/(.*)$ https://files.samwilson.id.au/$1 [L,R=permanent,QSA]
</VirtualHost>
<VirtualHost *:443>
        ServerName files.samwilson.id.au
        SSLCertificateFile /etc/letsencrypt/live/files.samwilson.id.au/fullchain.pem
        SSLCertificateKeyFile /etc/letsencrypt/live/files.samwilson.id.au/privkey.pem
        Include /etc/letsencrypt/options-ssl-apache.conf
        ProxyPass / https://my-wiki.hel1.your-objectstorage.com/
        ProxyPassReverse / https://my-wiki.hel1.your-objectstorage.com/
        RequestHeader set Host "my-wiki.hel1.your-objectstorage.com"
        RequestHeader set X-Forwarded-Host "{HTTP_HOST}s"
        RequestHeader set X-Real-IP "%{REMOTE_ADDR}s"
        RequestHeader set X-Forwarded-For "%{X-Forwarded-For}s, %{REMOTE_ADDR}s"
        Header set Access-Control-Allow-Origin "https://samwilson.id.au"
</VirtualHost>

I do keep finding Hetzner's convention of using placeholder-sounding domain names to be a bit confusing. your-objectstorage.com isn't example text, it's the real domain name. They also have your-server.de and first-ns.de and seemingly plenty of others.