From dfb3a6f65cc9f7e7166387f1b6585392bd548056 Mon Sep 17 00:00:00 2001 From: Manav Rathi Date: Sat, 25 May 2024 08:19:12 +0530 Subject: [PATCH 1/2] [docs] Add a section about 403 forbidden --- docs/docs/self-hosting/guides/configuring-s3.md | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/docs/docs/self-hosting/guides/configuring-s3.md b/docs/docs/self-hosting/guides/configuring-s3.md index 8e823ed2a..8abedc2fc 100644 --- a/docs/docs/self-hosting/guides/configuring-s3.md +++ b/docs/docs/self-hosting/guides/configuring-s3.md @@ -78,3 +78,18 @@ To summarize: Set the S3 bucket `endpoint` in `credentials.yaml` to a `yourserverip:3200` or some such IP/hostname that accessible from both where you are running the Ente clients (e.g. the mobile app) and also from within the Docker compose cluster. + +### 403 Forbidden + +If museum (`2`) is able to make a network connection to your S3 bucket (`3`) but +uploads are still failing, it could be a credentials or permissions issue. A +telltale sign of this is that in the museum logs you can see `403 Forbidden` +errors about it not able to find the size of a file even though the +corresponding object exists in the S3 bucket. + +To fix these, you should ensure the following: + +1. The bucket CORS rules do not allow museum to access these objects. + +2. The credentials are not being picked up (you might be setting the correct + creds, but not in the place where museum picks them from). From 58702103f35ac9988b8cd779a583b7355e160f98 Mon Sep 17 00:00:00 2001 From: Manav Rathi Date: Sat, 25 May 2024 08:26:52 +0530 Subject: [PATCH 2/2] Add link to example --- docs/docs/self-hosting/guides/configuring-s3.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/docs/docs/self-hosting/guides/configuring-s3.md b/docs/docs/self-hosting/guides/configuring-s3.md index 8abedc2fc..41230078c 100644 --- a/docs/docs/self-hosting/guides/configuring-s3.md +++ b/docs/docs/self-hosting/guides/configuring-s3.md @@ -91,5 +91,11 @@ To fix these, you should ensure the following: 1. The bucket CORS rules do not allow museum to access these objects. + > For viewing the uploaded files from the browser, you will need to + > currently set allowedOrigins to "*", and allow the "X-Auth-Token", + > "X-Client-Package" headers configuration too. [Here is an example of a + > working + > configuration](https://github.com/ente-io/ente/discussions/1764#discussioncomment-9478204). + 2. The credentials are not being picked up (you might be setting the correct creds, but not in the place where museum picks them from).