Feature Request: Enable Proxy S3 Data #75
Comments
|
Buckets should be set to private, therefore no further proxy is required https://gokapi.readthedocs.io/en/latest/setup.html#cloudstorage |
|
all right, thanks for the feedback - got your idea. the idea was just to not provide any public bucket endpoint. |
|
@Forceu - Can we reopen this? Our company S3 is apparently closed off to anyone not "inside" our network. So if I want to allow end-users (customers) who are not on our VPN to download files, it doesn't work. Fx with our internal mozilla/send deployment, which is also backed by our S3, it is downloading through the app:
But we can't use mozilla/send, because it is discontinued, and even the timvisee version is not supported very well. We also don't want anyone to be able to upload files in the version we expose to customers. Only the employees should be able to upload files, get a link, and send that link to customers. That's why we chose Gokapi :) But sadly now I discover that our S3 is totally private, and that GoKapi isn't proxying the download through itself. Is there any way we can make the download go "through" GoKapi instead of being directed to S3?
|
|
That was quite an easy addition as well. Added in fe3616f, Gokapi will proxy the download now if the env variable I will leave this open, as I will add this option to the setup UI as well, and close the issue once it is added. |
|
@Forceu - Thank you very much. What a G. hope you have a great weekend man |
Forceu
added
enhancement
|
Added in 97368ca |
|
@Forceu - We finally got a public URL for the gokapi service for the company. So now I can access the site, even while off VPN. So if I disable my VPN (can no longer access our S3 instance) and try to download a file via the site, it just hangs. It is trying to access the S3 bucket directly from "my connection" instead of "gokapi's connection" if that makes sense. I thought fe3616f would allow the user to download the file "through" gokapi. So if they had access to Gokapi, but not the S3 instance, they could still download files. This is probably a bad explanation, but I hope you understand what I mean. I assumed the application would passthru (much like proxying) the data stream within the code and just 'serve' the file itself |
|
Have you enabled the setting in the setup? By default it is turned off |
|
@Forceu - haha, good question. I think so, but let me double-check on monday, just to be safe. |
|
@Forceu - Now it works! Thanks for making me double-check. I had set it as an env variable, but that wasn't working (maybe I did it wrong). Changing aws:
Bucket: redacted
Region: us-east-1
KeyId: redacted
KeySecret: redacted
Endpoint: redacted
ProxyDownload: true # <-- added this |
Hi,
in order to avoid exposing s3 bucket to the public, a simple (optional) proxy would be nice:
e.g. https://github.com/maltegrosse/go-minio-indexer/blob/master/controllers/list.go#L30
The text was updated successfully, but these errors were encountered: