andreas/ente-cloudron
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Remove hardcoded S3 credentials and simplify S3 configuration

Browse Source
This commit is contained in:
Andreas Düren 2025-03-16 22:40:14 +01:00
parent 6c1903b5a4
commit 549b91ff22
1 changed files with 91 additions and 76 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

139
start.sh
View File

@ -70,68 +70,101 @@ if [[ ! -f /app/data/.initialized ]]; then
# Create an S3 configuration file template # Create an S3 configuration file template
cat > /app/data/config/s3.env.template <<EOT cat > /app/data/config/s3.env.template <<EOT
# S3 Configuration for Ente # S3 Configuration for Ente
# Fill in your S3 credentials and rename this file to s3.env # Please copy this file to s3.env and fill in your S3 credentials
# S3 endpoint (example: https://s3.amazonaws.com) # S3 endpoint URL (example: https://s3.amazonaws.com or https://s3.eu-central-2.wasabisys.com)
S3_ENDPOINT= S3_ENDPOINT=https://your-s3-endpoint
# S3 region (example: us-east-1) # S3 region (example: us-east-1)
S3_REGION= S3_REGION=your-region
# S3 bucket name # S3 bucket name
S3_BUCKET= S3_BUCKET=your-bucket-name
# S3 access key # S3 access key
S3_ACCESS_KEY= S3_ACCESS_KEY=your-access-key
# S3 secret key # S3 secret key
S3_SECRET_KEY= S3_SECRET_KEY=your-secret-key
# Prefix for objects in the bucket (optional) # Optional: prefix for objects within the bucket (example: ente/)
S3_PREFIX=ente/ S3_PREFIX=
EOT EOT
echo "==> IMPORTANT: S3 storage configuration required" echo "==> IMPORTANT: S3 storage configuration required"
echo " 1. Edit the file at /app/data/config/s3.env.template" echo "==> Please configure your S3 storage as follows:"
echo " 2. Fill in your S3 credentials" echo "1. Log into your Cloudron dashboard"
echo " 3. Rename the file to s3.env" echo "2. Go to the app's configuration page"
echo "3. Edit the file /app/data/config/s3.env"
echo "4. Restart the app" echo "4. Restart the app"
# Create test S3 configuration for Wasabi
echo "==> Creating S3 configuration for testing with Wasabi"
cat > /app/data/config/s3.env <<EOT
# S3 Configuration for Ente with Wasabi
S3_ENDPOINT=https://s3.eu-central-2.wasabisys.com
S3_REGION=eu-central-2
S3_BUCKET=ente-due-ren
S3_ACCESS_KEY=RPPVSNEIYST6Y3U04NHG
S3_SECRET_KEY=aPdHB4fkvQAuJUqPhneoIDcHEHee9cvP2j0nKSly
S3_PREFIX=ente/
EOT
echo "==> Test S3 configuration created for Wasabi"
# Mark initialization as complete # Mark initialization as complete
touch /app/data/.initialized touch /app/data/.initialized
echo "==> Initialization complete" echo "==> Initialization complete"
fi fi
# Check if s3.env exists # Check if configuration exists
if [[ ! -f /app/data/config/s3.env ]]; then if [ ! -f "/app/data/config/s3.env" ]; then
echo "==> ERROR: S3 configuration not found" echo "==> First run - creating configuration template"
echo " Please configure S3 storage by editing /app/data/config/s3.env.template" mkdir -p /app/data/config
echo " and renaming it to s3.env, then restart the app."
exit 1 # Create a template S3 configuration file
echo "==> Creating S3 configuration template"
cat > /app/data/config/s3.env.template <<EOT
# S3 Configuration for Ente
# Please copy this file to s3.env and fill in your S3 credentials
# S3 endpoint URL (example: https://s3.amazonaws.com or https://s3.eu-central-2.wasabisys.com)
S3_ENDPOINT=https://your-s3-endpoint
# S3 region (example: us-east-1)
S3_REGION=your-region
# S3 bucket name
S3_BUCKET=your-bucket-name
# S3 access key
S3_ACCESS_KEY=your-access-key
# S3 secret key
S3_SECRET_KEY=your-secret-key
# Optional: prefix for objects within the bucket (example: ente/)
S3_PREFIX=
EOT
# Create an empty s3.env file to prevent errors
touch /app/data/config/s3.env
# Display an important notice about S3 configuration
echo "==> IMPORTANT: S3 storage configuration required"
echo "==> Please configure your S3 storage as follows:"
echo "1. Log into your Cloudron dashboard"
echo "2. Go to the app's configuration page"
echo "3. Edit the file /app/data/config/s3.env"
echo "4. Restart the app"
else
echo "==> Using existing S3 configuration"
fi fi
# Load S3 environment variables # Check if s3.env is empty
source /app/data/config/s3.env if [ ! -s "/app/data/config/s3.env" ]; then
echo "==> WARNING: S3 configuration file is empty. The app will not function correctly until configured."
echo "==> Please refer to the template at /app/data/config/s3.env.template for instructions."
fi
# Print S3 configuration (without sensitive values) # Source S3 configuration
if [ -f /app/data/config/s3.env ]; then
echo "==> Sourcing S3 configuration from /app/data/config/s3.env"
source /app/data/config/s3.env
fi
# Display S3 configuration (masking sensitive values)
echo "==> S3 Configuration:" echo "==> S3 Configuration:"
echo "Endpoint: ${S3_ENDPOINT}" echo "Endpoint: ${S3_ENDPOINT}"
echo "Region: ${S3_REGION}" echo "Region: ${S3_REGION}"
echo "Bucket: ${S3_BUCKET}" echo "Bucket: ${S3_BUCKET}"
echo "Prefix: ${S3_PREFIX:-ente/}" echo "Prefix: ${S3_PREFIX:-}"
# Create museum.yaml for proper S3 configuration # Create museum.yaml for proper S3 configuration
echo "==> Creating museum.yaml configuration" echo "==> Creating museum.yaml configuration"
@ -139,7 +172,7 @@ cat > /app/data/config/museum.yaml <<EOT
s3: s3:
are_local_buckets: false are_local_buckets: false
use_path_style_urls: true use_path_style_urls: true
b2-eu-cen: s3-storage:
key: ${S3_ACCESS_KEY} key: ${S3_ACCESS_KEY}
secret: ${S3_SECRET_KEY} secret: ${S3_SECRET_KEY}
endpoint: ${S3_ENDPOINT} endpoint: ${S3_ENDPOINT}
@ -155,7 +188,7 @@ sed -i \
-e "s|%%S3_BUCKET%%|${S3_BUCKET}|g" \ -e "s|%%S3_BUCKET%%|${S3_BUCKET}|g" \
-e "s|%%S3_ACCESS_KEY%%|${S3_ACCESS_KEY}|g" \ -e "s|%%S3_ACCESS_KEY%%|${S3_ACCESS_KEY}|g" \
-e "s|%%S3_SECRET_KEY%%|${S3_SECRET_KEY}|g" \ -e "s|%%S3_SECRET_KEY%%|${S3_SECRET_KEY}|g" \
-e "s|%%S3_PREFIX%%|${S3_PREFIX:-ente/}|g" \ -e "s|%%S3_PREFIX%%|${S3_PREFIX:-}|g" \
/app/data/config/config.yaml /app/data/config/config.yaml
# Set storage type to S3 in config # Set storage type to S3 in config
@ -537,7 +570,7 @@ export REMOTE_STORAGE_REGION="${S3_REGION}"
export REMOTE_STORAGE_BUCKET="${S3_BUCKET}" export REMOTE_STORAGE_BUCKET="${S3_BUCKET}"
export REMOTE_STORAGE_ACCESS_KEY="${S3_ACCESS_KEY}" export REMOTE_STORAGE_ACCESS_KEY="${S3_ACCESS_KEY}"
export REMOTE_STORAGE_SECRET_KEY="${S3_SECRET_KEY}" export REMOTE_STORAGE_SECRET_KEY="${S3_SECRET_KEY}"
export REMOTE_STORAGE_PREFIX="${S3_PREFIX:-ente/}" export REMOTE_STORAGE_PREFIX="${S3_PREFIX:-}"
# Change ownership to cloudron user # Change ownership to cloudron user
chown -R cloudron:cloudron /app/data chown -R cloudron:cloudron /app/data
@ -601,7 +634,7 @@ if find "$SERVER_DIR" -name "museum" -type f -executable | grep -q .; then
--storage.s3.bucket="${S3_BUCKET}" \ --storage.s3.bucket="${S3_BUCKET}" \
--storage.s3.accessKey="${S3_ACCESS_KEY}" \ --storage.s3.accessKey="${S3_ACCESS_KEY}" \
--storage.s3.secretKey="${S3_SECRET_KEY}" \ --storage.s3.secretKey="${S3_SECRET_KEY}" \
--storage.s3.prefix="${S3_PREFIX:-ente/}" \ --storage.s3.prefix="${S3_PREFIX:-}" \
--storage.s3.forcePathStyle=true \ --storage.s3.forcePathStyle=true \
--storage.s3.areLocalBuckets=false \ --storage.s3.areLocalBuckets=false \
--storage.type="s3" \ --storage.type="s3" \
@ -614,16 +647,14 @@ elif [ -d "$SERVER_DIR/cmd/museum" ]; then
echo "==> Found Museum source in cmd/museum, running with go run" echo "==> Found Museum source in cmd/museum, running with go run"
cd "$SERVER_DIR" cd "$SERVER_DIR"
# Instead of modifying go.mod, set environment variables for compatibility # Set environment variables for compatibility
echo "==> Setting Go environment variables for compatibility" echo "==> Setting Go environment variables for compatibility"
export GOFLAGS="-modfile=/app/data/go/go.mod -mod=mod -modcacherw" export GOFLAGS="-modfile=/app/data/go/go.mod -mod=mod -modcacherw"
# Use local toolchain to avoid downloading required version # Use local toolchain to avoid downloading required version
export GOTOOLCHAIN=local export GOTOOLCHAIN=local
# For Wasabi specific settings # Launch the server with S3 configuration
if [[ "${S3_ENDPOINT}" == *"wasabi"* ]]; then echo "==> Starting Museum server with S3 configuration"
echo "==> Detected Wasabi S3 endpoint, adjusting settings"
echo "==> Adding -mod=mod to go run to ignore version mismatch"
cd "$SERVER_DIR" && \ cd "$SERVER_DIR" && \
/usr/local/bin/gosu cloudron:cloudron env GOCACHE=/app/data/go/cache GOMODCACHE=/app/data/go/pkg/mod PORT=8080 GIN_MODE=release go run -modfile=/app/data/go/go.mod -mod=mod cmd/museum/main.go --port 8080 \ /usr/local/bin/gosu cloudron:cloudron env GOCACHE=/app/data/go/cache GOMODCACHE=/app/data/go/pkg/mod PORT=8080 GIN_MODE=release go run -modfile=/app/data/go/go.mod -mod=mod cmd/museum/main.go --port 8080 \
--storage.s3.endpoint="${S3_ENDPOINT}" \ --storage.s3.endpoint="${S3_ENDPOINT}" \
@ -631,29 +662,13 @@ elif [ -d "$SERVER_DIR/cmd/museum" ]; then
--storage.s3.bucket="${S3_BUCKET}" \ --storage.s3.bucket="${S3_BUCKET}" \
--storage.s3.accessKey="${S3_ACCESS_KEY}" \ --storage.s3.accessKey="${S3_ACCESS_KEY}" \
--storage.s3.secretKey="${S3_SECRET_KEY}" \ --storage.s3.secretKey="${S3_SECRET_KEY}" \
--storage.s3.prefix="${S3_PREFIX:-ente/}" \ --storage.s3.prefix="${S3_PREFIX:-}" \
--storage.s3.forcePathStyle=true \ --storage.s3.forcePathStyle=true \
--storage.s3.areLocalBuckets=false \ --storage.s3.areLocalBuckets=false \
--storage.type="s3" \ --storage.type="s3" \
--config.path="/app/data/config/museum.yaml" \ --config.path="/app/data/config/museum.yaml" \
--database.sslmode="disable" \ --database.sslmode="disable" \
--log.level=debug > /app/data/logs/museum-server.log 2>&1 & --log.level=debug > /app/data/logs/museum-server.log 2>&1 &
else
cd "$SERVER_DIR" && \
/usr/local/bin/gosu cloudron:cloudron env GOCACHE=/app/data/go/cache GOMODCACHE=/app/data/go/pkg/mod PORT=8080 GIN_MODE=release go run -modfile=/app/data/go/go.mod -mod=mod cmd/museum/main.go --port 8080 \
--storage.s3.endpoint="${S3_ENDPOINT}" \
--storage.s3.region="${S3_REGION}" \
--storage.s3.bucket="${S3_BUCKET}" \
--storage.s3.accessKey="${S3_ACCESS_KEY}" \
--storage.s3.secretKey="${S3_SECRET_KEY}" \
--storage.s3.prefix="${S3_PREFIX:-ente/}" \
--storage.s3.forcePathStyle=true \
--storage.s3.areLocalBuckets=false \
--storage.type="s3" \
--config.path="/app/data/config/museum.yaml" \
--database.sslmode="disable" \
--log.level=debug > /app/data/logs/museum-server.log 2>&1 &
fi
SERVER_PID=$! SERVER_PID=$!
echo "==> Museum server started with PID $SERVER_PID" echo "==> Museum server started with PID $SERVER_PID"
@ -709,7 +724,7 @@ else
--storage.s3.bucket="${S3_BUCKET}" \ --storage.s3.bucket="${S3_BUCKET}" \
--storage.s3.accessKey="${S3_ACCESS_KEY}" \ --storage.s3.accessKey="${S3_ACCESS_KEY}" \
--storage.s3.secretKey="${S3_SECRET_KEY}" \ --storage.s3.secretKey="${S3_SECRET_KEY}" \
--storage.s3.prefix="${S3_PREFIX:-ente/}" \ --storage.s3.prefix="${S3_PREFIX:-}" \
--storage.s3.forcePathStyle=true \ --storage.s3.forcePathStyle=true \
--storage.s3.areLocalBuckets=false \ --storage.s3.areLocalBuckets=false \
--storage.type="s3" \ --storage.type="s3" \