Cloudflare R2
This guide walks you through connecting Sunshine Cloud Storage to Cloudflare R2. R2 is Cloudflare's S3-compatible storage with zero egress fees — you're never charged for downloads.
What You Need
- A Cloudflare account
- An R2 bucket
- An R2 API token with read/write permissions
Step 1: Create an R2 Bucket
In the Cloudflare dashboard, go to R2 Object Storage and click Create bucket. Choose a name and a location hint (automatic, or a specific region).
For full details, see Cloudflare's R2 documentation.
Step 2: Create an API Token
Go to R2 Object Storage > Manage R2 API Tokens and click Create API token. Set the permissions to Object Read & Write and scope it to your bucket (or all buckets).
After creating the token, you'll see:
- Access Key ID
- Secret Access Key
- Endpoint URL (looks like
https://<account-id>.r2.cloudflarestorage.com)
Save all three — the secret key is only shown once. You'll need the endpoint URL for the Custom Endpoint field in Sunshine.
For full details, see Cloudflare's R2 API token documentation.
Step 3: Connect in Sunshine
- Go to Sunshine Photo Cart > Settings > Cloud Storage.
- Select Cloudflare R2 as the provider.
- Choose your connection method:
- Database — Enter your Access Key ID, Secret Access Key, and select your bucket. You may also need to enter the Custom Endpoint URL from your R2 API token page.
- wp-config.php (recommended) — Add the provided code snippet to your
wp-config.phpfile. - Click Load Buckets to see your available buckets, then select yours.
- Click Test Connection to verify everything works.
wp-config.php Example
define( 'SUNSHINE_CLOUD_STORAGE_SETTINGS', serialize( array(
'provider' => 'cloudflare-r2',
'access-key-id' => 'YOUR_R2_ACCESS_KEY_ID',
'secret-access-key' => 'YOUR_R2_SECRET_ACCESS_KEY',
'bucket' => 'my-bucket-name',
'custom-endpoint' => 'https://ACCOUNT_ID.r2.cloudflarestorage.com',
) ) );
Learn how to add this custom code to your WordPress website
Public Access
By default, R2 buckets are private. To serve images publicly (required for thumbnails and display-size images), you need to connect a custom domain or enable the R2.dev public URL for your bucket.
In the Cloudflare dashboard, go to your R2 bucket > Settings and either:
- Connect a custom domain (recommended) — Use a domain managed by Cloudflare.
- Enable R2.dev subdomain — Provides a public URL like
https://pub-abc123.r2.dev.
Enter whichever public URL you use in the Custom Domain field in Sunshine's Cloud Storage settings.
CORS Configuration
If you're using the R2.dev subdomain (not a custom domain), you need to configure CORS so browsers can load images from your bucket. In the Cloudflare dashboard, go to your R2 bucket > Settings > CORS Policy and add:
[
{
"AllowedOrigins": ["*"],
"AllowedMethods": ["GET", "HEAD"],
"AllowedHeaders": ["*"],
"MaxAgeSeconds": 86400
}
]
Learn how to add this custom code to your WordPress website
Without this, images may fail to load in the WordPress admin or on your site due to cross-origin restrictions. Using * for origins is safe here since these are publicly accessible images.
Troubleshooting
Images not loading publicly
R2 buckets are private by default. Make sure you've enabled public access through a custom domain or R2.dev subdomain, and entered the public URL in Sunshine's Custom Domain field.
Endpoint errors
Make sure the endpoint URL matches the one shown on your R2 API token page. It should look like https://<account-id>.r2.cloudflarestorage.com.
ACL warnings
Cloudflare R2 does not support per-object ACLs. You'll see an ACL warning after testing your connection — this is expected. Public access is controlled at the bucket level through your custom domain or R2.dev settings.
Still need help?
If you have not yet found your answer in the documentation articles, please contact support