Remove hardcoded S3 credentials and simplify S3 configuration

2025-03-16 22:40:14 +01:00 · 2025-03-16 22:40:14 +01:00 · 549b91ff22
commit 549b91ff22
parent 6c1903b5a4
1 changed files with 91 additions and 76 deletions
--- a/start.sh
+++ b/start.sh
@ -70,68 +70,101 @@ if [[ ! -f /app/data/.initialized ]]; then
    # Create an S3 configuration file template
    cat > /app/data/config/s3.env.template <<EOT
 # S3 Configuration for Ente
-# Fill in your S3 credentials and rename this file to s3.env
+# Please copy this file to s3.env and fill in your S3 credentials
-# S3 endpoint (example: https://s3.amazonaws.com)
+# S3 endpoint URL (example: https://s3.amazonaws.com or https://s3.eu-central-2.wasabisys.com)
-S3_ENDPOINT=
+S3_ENDPOINT=https://your-s3-endpoint
 # S3 region (example: us-east-1)
-S3_REGION=
+S3_REGION=your-region
 # S3 bucket name
-S3_BUCKET=
+S3_BUCKET=your-bucket-name
 # S3 access key
-S3_ACCESS_KEY=
+S3_ACCESS_KEY=your-access-key
 # S3 secret key
-S3_SECRET_KEY=
+S3_SECRET_KEY=your-secret-key
-# Prefix for objects in the bucket (optional)
+# Optional: prefix for objects within the bucket (example: ente/)
-S3_PREFIX=ente/
+S3_PREFIX=
 EOT
    echo "==> IMPORTANT: S3 storage configuration required"
-    echo "    1. Edit the file at /app/data/config/s3.env.template"
+    echo "==> Please configure your S3 storage as follows:"
-    echo "    2. Fill in your S3 credentials"
+    echo "1. Log into your Cloudron dashboard"
-    echo "    3. Rename the file to s3.env"
+    echo "2. Go to the app's configuration page"
-    echo "    4. Restart the app"
+    echo "3. Edit the file /app/data/config/s3.env"
-    
+    echo "4. Restart the app"
    # Create test S3 configuration for Wasabi
    echo "==> Creating S3 configuration for testing with Wasabi"
    cat > /app/data/config/s3.env <<EOT
 # S3 Configuration for Ente with Wasabi
 S3_ENDPOINT=https://s3.eu-central-2.wasabisys.com
 S3_REGION=eu-central-2
 S3_BUCKET=ente-due-ren
 S3_ACCESS_KEY=RPPVSNEIYST6Y3U04NHG
 S3_SECRET_KEY=aPdHB4fkvQAuJUqPhneoIDcHEHee9cvP2j0nKSly
 S3_PREFIX=ente/
 EOT
    echo "==> Test S3 configuration created for Wasabi"
    # Mark initialization as complete
    touch /app/data/.initialized
    echo "==> Initialization complete"
 fi
-# Check if s3.env exists
+# Check if configuration exists
-if [[ ! -f /app/data/config/s3.env ]]; then
+if [ ! -f "/app/data/config/s3.env" ]; then
-    echo "==> ERROR: S3 configuration not found"
+    echo "==> First run - creating configuration template"
-    echo "    Please configure S3 storage by editing /app/data/config/s3.env.template"
+    mkdir -p /app/data/config
-    echo "    and renaming it to s3.env, then restart the app."
+    
-    exit 1
+    # Create a template S3 configuration file
    echo "==> Creating S3 configuration template"
    cat > /app/data/config/s3.env.template <<EOT
 # S3 Configuration for Ente
 # Please copy this file to s3.env and fill in your S3 credentials
 # S3 endpoint URL (example: https://s3.amazonaws.com or https://s3.eu-central-2.wasabisys.com)
 S3_ENDPOINT=https://your-s3-endpoint
 # S3 region (example: us-east-1)
 S3_REGION=your-region
 # S3 bucket name
 S3_BUCKET=your-bucket-name
 # S3 access key
 S3_ACCESS_KEY=your-access-key
 # S3 secret key
 S3_SECRET_KEY=your-secret-key
 # Optional: prefix for objects within the bucket (example: ente/)
 S3_PREFIX=
 EOT
    # Create an empty s3.env file to prevent errors
    touch /app/data/config/s3.env
    # Display an important notice about S3 configuration
    echo "==> IMPORTANT: S3 storage configuration required"
    echo "==> Please configure your S3 storage as follows:"
    echo "1. Log into your Cloudron dashboard"
    echo "2. Go to the app's configuration page"
    echo "3. Edit the file /app/data/config/s3.env"
    echo "4. Restart the app"
 else
    echo "==> Using existing S3 configuration"
 fi
-# Load S3 environment variables
+# Check if s3.env is empty
-source /app/data/config/s3.env
+if [ ! -s "/app/data/config/s3.env" ]; then
    echo "==> WARNING: S3 configuration file is empty. The app will not function correctly until configured."
    echo "==> Please refer to the template at /app/data/config/s3.env.template for instructions."
 fi
-# Print S3 configuration (without sensitive values)
+# Source S3 configuration
 if [ -f /app/data/config/s3.env ]; then
    echo "==> Sourcing S3 configuration from /app/data/config/s3.env"
    source /app/data/config/s3.env
 fi
 # Display S3 configuration (masking sensitive values)
 echo "==> S3 Configuration:"
 echo "Endpoint: ${S3_ENDPOINT}"
 echo "Region: ${S3_REGION}"
 echo "Bucket: ${S3_BUCKET}"
-echo "Prefix: ${S3_PREFIX:-ente/}"
+echo "Prefix: ${S3_PREFIX:-}"
 # Create museum.yaml for proper S3 configuration
 echo "==> Creating museum.yaml configuration"
@ -139,7 +172,7 @@ cat > /app/data/config/museum.yaml <<EOT
 s3:
    are_local_buckets: false
    use_path_style_urls: true
-    b2-eu-cen:
+    s3-storage:
        key: ${S3_ACCESS_KEY}
        secret: ${S3_SECRET_KEY}
        endpoint: ${S3_ENDPOINT}
@ -155,7 +188,7 @@ sed -i \
    -e "s|%%S3_BUCKET%%|${S3_BUCKET}|g" \
    -e "s|%%S3_ACCESS_KEY%%|${S3_ACCESS_KEY}|g" \
    -e "s|%%S3_SECRET_KEY%%|${S3_SECRET_KEY}|g" \
-    -e "s|%%S3_PREFIX%%|${S3_PREFIX:-ente/}|g" \
+    -e "s|%%S3_PREFIX%%|${S3_PREFIX:-}|g" \
    /app/data/config/config.yaml
 # Set storage type to S3 in config
@ -537,7 +570,7 @@ export REMOTE_STORAGE_REGION="${S3_REGION}"
 export REMOTE_STORAGE_BUCKET="${S3_BUCKET}"
 export REMOTE_STORAGE_ACCESS_KEY="${S3_ACCESS_KEY}"
 export REMOTE_STORAGE_SECRET_KEY="${S3_SECRET_KEY}"
-export REMOTE_STORAGE_PREFIX="${S3_PREFIX:-ente/}"
+export REMOTE_STORAGE_PREFIX="${S3_PREFIX:-}"
 # Change ownership to cloudron user
 chown -R cloudron:cloudron /app/data
@ -601,7 +634,7 @@ if find "$SERVER_DIR" -name "museum" -type f -executable | grep -q .; then
        --storage.s3.bucket="${S3_BUCKET}" \
        --storage.s3.accessKey="${S3_ACCESS_KEY}" \
        --storage.s3.secretKey="${S3_SECRET_KEY}" \
-        --storage.s3.prefix="${S3_PREFIX:-ente/}" \
+        --storage.s3.prefix="${S3_PREFIX:-}" \
        --storage.s3.forcePathStyle=true \
        --storage.s3.areLocalBuckets=false \
        --storage.type="s3" \
@ -614,46 +647,28 @@ elif [ -d "$SERVER_DIR/cmd/museum" ]; then
    echo "==> Found Museum source in cmd/museum, running with go run"
    cd "$SERVER_DIR"
-    # Instead of modifying go.mod, set environment variables for compatibility
+    # Set environment variables for compatibility
    echo "==> Setting Go environment variables for compatibility"
    export GOFLAGS="-modfile=/app/data/go/go.mod -mod=mod -modcacherw"
    # Use local toolchain to avoid downloading required version
    export GOTOOLCHAIN=local
-    # For Wasabi specific settings
+    # Launch the server with S3 configuration
-    if [[ "${S3_ENDPOINT}" == *"wasabi"* ]]; then
+    echo "==> Starting Museum server with S3 configuration"
-        echo "==> Detected Wasabi S3 endpoint, adjusting settings"
+    cd "$SERVER_DIR" && \
-        echo "==> Adding -mod=mod to go run to ignore version mismatch"
+    /usr/local/bin/gosu cloudron:cloudron env GOCACHE=/app/data/go/cache GOMODCACHE=/app/data/go/pkg/mod PORT=8080 GIN_MODE=release go run -modfile=/app/data/go/go.mod -mod=mod cmd/museum/main.go --port 8080 \
-        cd "$SERVER_DIR" && \
+        --storage.s3.endpoint="${S3_ENDPOINT}" \
-        /usr/local/bin/gosu cloudron:cloudron env GOCACHE=/app/data/go/cache GOMODCACHE=/app/data/go/pkg/mod PORT=8080 GIN_MODE=release go run -modfile=/app/data/go/go.mod -mod=mod cmd/museum/main.go --port 8080 \
+        --storage.s3.region="${S3_REGION}" \
-            --storage.s3.endpoint="${S3_ENDPOINT}" \
+        --storage.s3.bucket="${S3_BUCKET}" \
-            --storage.s3.region="${S3_REGION}" \
+        --storage.s3.accessKey="${S3_ACCESS_KEY}" \
-            --storage.s3.bucket="${S3_BUCKET}" \
+        --storage.s3.secretKey="${S3_SECRET_KEY}" \
-            --storage.s3.accessKey="${S3_ACCESS_KEY}" \
+        --storage.s3.prefix="${S3_PREFIX:-}" \
-            --storage.s3.secretKey="${S3_SECRET_KEY}" \
+        --storage.s3.forcePathStyle=true \
-            --storage.s3.prefix="${S3_PREFIX:-ente/}" \
+        --storage.s3.areLocalBuckets=false \
-            --storage.s3.forcePathStyle=true \
+        --storage.type="s3" \
-            --storage.s3.areLocalBuckets=false \
+        --config.path="/app/data/config/museum.yaml" \
-            --storage.type="s3" \
+        --database.sslmode="disable" \
-            --config.path="/app/data/config/museum.yaml" \
+        --log.level=debug > /app/data/logs/museum-server.log 2>&1 &
            --database.sslmode="disable" \
            --log.level=debug > /app/data/logs/museum-server.log 2>&1 &
    else
        cd "$SERVER_DIR" && \
        /usr/local/bin/gosu cloudron:cloudron env GOCACHE=/app/data/go/cache GOMODCACHE=/app/data/go/pkg/mod PORT=8080 GIN_MODE=release go run -modfile=/app/data/go/go.mod -mod=mod cmd/museum/main.go --port 8080 \
            --storage.s3.endpoint="${S3_ENDPOINT}" \
            --storage.s3.region="${S3_REGION}" \
            --storage.s3.bucket="${S3_BUCKET}" \
            --storage.s3.accessKey="${S3_ACCESS_KEY}" \
            --storage.s3.secretKey="${S3_SECRET_KEY}" \
            --storage.s3.prefix="${S3_PREFIX:-ente/}" \
            --storage.s3.forcePathStyle=true \
            --storage.s3.areLocalBuckets=false \
            --storage.type="s3" \
            --config.path="/app/data/config/museum.yaml" \
            --database.sslmode="disable" \
            --log.level=debug > /app/data/logs/museum-server.log 2>&1 &
    fi
    SERVER_PID=$!
    echo "==> Museum server started with PID $SERVER_PID"
@ -709,7 +724,7 @@ else
            --storage.s3.bucket="${S3_BUCKET}" \
            --storage.s3.accessKey="${S3_ACCESS_KEY}" \
            --storage.s3.secretKey="${S3_SECRET_KEY}" \
-            --storage.s3.prefix="${S3_PREFIX:-ente/}" \
+            --storage.s3.prefix="${S3_PREFIX:-}" \
            --storage.s3.forcePathStyle=true \
            --storage.s3.areLocalBuckets=false \
            --storage.type="s3" \