Comments (8)
Hello @fostermi ,
That's the good place, no worry.
Ok there is 2 questions here. I will answer to both of them.
"Mount" and "Path":
Mount and Path are for the web server. It is the same thing as in NGinX Location or Apache2 Virtual Host.
So Mount is the structure configuration that will declare the Host and Path on which the server will answer for that specific target. Path is the url path on which the target will answer. Without any Host, it will listen on all domains.
Example 1:
targets:
first-bucket:
mount:
path:
- /
So when you will call on http://localhost:8080/
or http://127.0.0.1:8080/
that will answer with the target results.
Example 2:
targets:
first-bucket:
mount:
host: fake:8080
path:
- /base/
So when you will call on http://fake:8080/base/
that will answer with the target results.
Is it better now ?
Resources:
This is because you only declared that path "/" under resource. So you are "protected" just when you go on "/" but not for any other path. If you want to be protected on path you must change your configuration like this one:
# Targets map
targets:
first-bucket:
mount:
path:
- /bucket/
resources:
- path: /bucket/*
methods:
- GET
provider: provider1
oidc:
authorizationAccesses: # Authorization accesses : groups or email or regexp
- group: "Roles - My Group"
Note:
For your need of example configuration, there is some things under "Feature guide" (Example with API feature here ). Having more is really time consuming as you can imagine.
Feel free to ask anything again :)
Oxyno-zeta
from s3-proxy.
Ok, thanks for the clarification, regarding the term Mount. Its really more like application context-root or as you said "Location".
I tried your suggestion for the Target configuration, but I'm still getting the "no resource found in authorization"
message, even though the mount path and the resource path are the same with a wildcard for everything under the path:
# Targets map
targets:
first-bucket:
mount:
path:
- /bucket/
resources:
- path: /bucket/*
methods:
- GET
provider: provider1
oidc:
authorizationAccesses:
- group: "Roles - My Group"
actions:
GET:
enabled: true
config:
redirectWithTrailingSlashForNotFoundFile: true
from s3-proxy.
Ok, I think I figured it out. The issue is that when un-commenting the lines from your full config file example, I preserved the line indentations, (i.e. I deleted the #
and re-spaced the line by two). Thus resources
was a child of mount
instead of being at the same level.
# Targets map
targets:
first-bucket:
mount:
path:
- /buckets/
resources:
- path: /buckets/*
methods:
- GET
provider: provider1
oidc:
authorizationAccesses:
- group: "Roles - MODS - Web Support"
actions:
GET:
enabled: true
config:
redirectWithTrailingSlashForNotFoundFile: true
That's one of the things I mentioned by having an commented out file as your example.
One final thing. Why can't I have the Target list and Target map both start with /
? If I do, the app crashes with:
panic: chi: attempting to Mount() a handler on an existing path, '/'
from s3-proxy.
Also, what does this mean in the logs:
"No GET hook declared for target first-bucket"
from s3-proxy.
Cool ! I'm happy to see that.
One final thing. Why can't I have the Target list and Target map both start with /? If I do, the app crashes with.... : You can't have them on the same path and any host. You have to select at least a host for both of them. Why ? Because how can the server router know that you want to access the target list or the target ? It's exactly the same thing as having 2 houses on same road with the same number. Which one do you pick ?
Tell me if this isn't clear :) . I can give you an configuration example.
"No GET hook declared for target first-bucket": This message is printed in the log because you haven't declared any webhook on GET requests. It is a feature described here: https://oxyno-zeta.github.io/s3-proxy/feature-guide/webhooks/ if you want to look a it. It is optional ;)
from s3-proxy.
Ok, thanks for the response. I read the concept of the Target List as a sort of Directory Listing of all of the targets under the Target mount/path (or location or whatever you want to call it). Therefore it wasn't intuitive to think of Target list and Target as separate, but instead like a normal directory/file structure. That is, if I made a request to the root path /
, I'd want a "listing" of everything under that URL. If I accessed an object under the root path, I'd obviously have to reference that object like /object
hence no collision. I can't think of an use case for accessing a base mount point (or path or whatever) that wasn't a listing, since the request wouldn't refer to an actual object. If you think about typical Apache or Nginx routing, a Location block defines the public URL for the resource, which might include a Directory statement that defines it somewhere on disk, but you access it by the URL in the Location block. You don't use the Location to get a listing, then request an item in the filesystem by referring to its Directory location. Hence my confusion.
from s3-proxy.
Now everything is clear and is working well ?
from s3-proxy.
Yes, things are working. Thanks!
from s3-proxy.
Related Issues (20)
- Use security-credentials endpoint for authentication? HOT 1
- How to operate s3-proxy behind a reverse http proxy? HOT 7
- How to use s3-proxy with AWS named profiles HOT 5
- PUT and DELETE operations not working HOT 3
- Question about config file parameters HOT 2
- Using s3cmd HOT 4
- folder-list page leads to Internal server error HOT 4
- Allow application/octet-stream HOT 1
- Sub bucket HOT 1
- Let the docker image build itself HOT 3
- Add support for filesystem as a target HOT 1
- Proxy pre-compressed data as-is HOT 13
- Provide a way to disable folder listing HOT 9
- Support PASETO authentication HOT 4
- Signed URL for PUT requests HOT 10
- Assume role failing via WebIdentity HOT 4
- Uploading large objects using multipart HOT 2
- [oidc] JWT auth failures respond with HTTP 500 instead of 401 HOT 2
- How to integrate with an SPA using a bearer token HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from s3-proxy.