S3browser not working in custom build

Help
1

1. Caddy version (caddy version): v2.3.0

2. How I run Caddy:

a. System environment:

Ubuntu 20.04 LTS x64
Intel Xeon 2 GHz
Docker version 19.03.8, build afacb8b7f0
docker-compose version 1.26.2, build eefe0d31

Dockerfile to build caddy

FROM caddy:2.3.0-builder AS builder

RUN xcaddy build v2.3.0 \
  --with github.com/lucaslorentz/caddy-docker-proxy/plugin/v2@latest \
  --with github.com/techknowlogick/caddy-s3browser

FROM caddy:2.3.0

COPY --from=builder /usr/bin/caddy /usr/bin/caddy

ENTRYPOINT ["/usr/bin/caddy"]

CMD ["docker-proxy"]

b. Command:

 export CADDY_DATA_DIR=/var/containerdata/caddy
 export CDN_DATA_DIR=/var/containerdata/cdn

 export S3_SITENAME="blabla"
 export S3_ENDPOINT="localhost:9000"
 export S3_REGION="" # optional
 export S3_BUCKET=cdn
 export S3_PROTO=https
 export S3_SECURE=true
 export S3_REFRESH=5m
 export S3_REFRESH_SECRET="" # A key to protect the refresh api (optional)
 export S3_DEBUG=true
 export S3_SIGNED_URL_REDIRECT=false
 export S3_SORT_ALGORITHM=case-insensitive
 
 docker-compose up -d

c. Service/unit/compose file:

---
version: "3.8"

configs:
  caddy-basic-content:
    file: ./Caddyfile
    labels:
      caddy:

services:
  caddy:
#    image: "caddy/caddy:latest"
#    image: "lucaslorentz/caddy-docker-proxy:2.3.4-alpine"
    image: docker.nexus.mydomain.com:8084/caddy:customcaddy
    deploy:
      replicas: 1
      placement:
        constraints: [node.role == manager]
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - "/var/run/docker.sock:/var/run/docker.sock:ro"
      - "$CADDY_DATA_DIR:/data"
      - "$CDN_DATA_DIR:/var/www/cdn"
    networks:
      - my-network
networks:
  my-network:
    external: true
    name: my-network

d. My complete Caddyfile or JSON config:

cdn.mydomain.com {
route {
        s3browser {
                site_name "${S3_SITENAME}" # S3 Browser
                endpoint "${S3_ENDPOINT}"
                region "${S3_REGION}"
                key "${S3_KEY}"
                secret "${S3_SECRET}"
                secure ${S3_SECURE} # true
                bucket "${S3_BUCKET}"
                refresh_interval "${S3_REFRESH}" # 5m
                refresh_api_secret "${S3_REFRESH_SECRET}"
                debug "${S3_DEBUG}" # false
                signed_url_redirect ${S3_SIGNED_URL_REDIRECT} # false
                sort_algorithm ${S3_SORT_ALGORITHM} # none
        }
}

3. The problem I’m having:

s3browser does not seem to work?

[ERROR]  Removing invalid block: parsing caddyfile tokens for 'route': Caddyfile:17 - Error during parsing: unrecognized directive: s3browser
cdn.mydomain.com {
	route {
		s3browser {
			site_name ${S3_SITENAME}
			endpoint ${S3_ENDPOINT}
			region ${S3_REGION}
			key ${S3_KEY}
			secret ${S3_SECRET}
			secure ${S3_SECURE}
			bucket ${S3_BUCKET}
			refresh_interval ${S3_REFRESH}
			refresh_api_secret ${S3_REFRESH_SECRET}
			debug ${S3_DEBUG}
			signed_url_redirect ${S3_SIGNED_URL_REDIRECT}
			sort_algorithm ${S3_SORT_ALGORITHM}
		}
	}
}

4. Error messages and/or full log output:

5. What I already tried:

I tried to understand if I have to adapt my own Dockerfile based on the s3browser Dockerfile.
Tried different commands but none worked.

What bothers me is that the s3browser’s Dockerfile contains those lines:

RUN \
    xcaddy build --with github.com/techknowlogick/caddy-s3browser=/tmp/caddy-s3browser && \
    /usr/bin/caddy version && \
    /usr/bin/caddy list-modules | grep s3browser &&

and although building with xcaddy works, caddy list-modules does not contain s3browser. I assume the maintainer knows what he’s doing, but I don’t understand it.

What is my goal?

I want to serve files from a self-hosted minio (s3 compatible) docker swarm service, to save aws s3 costs. The files should be publicly downloadable, so I need the s3browser.

6. Links to relevant resources:

2

First thing I noticed, the environment variable syntax is incorrect. The $ goes inside the braces:

I’m trying to build that plugin myself, and I’m not seeing the handler module registered in list-modules either, so you’ll need to ask for help by opening an issue on that project.

3

I’ve found a solution to the s3browser problem:

Add a @master to the xcaddy command: --with github.com/techknowlogick/caddy-s3browser@master This way s3browser is listed in the modules.

Now I am successfully loading the file browser (I see the message “Served by S3 Browser via Caddy”).
Only problem is, I don’t see any files. That’s because I’ve configured s3browser to connect to “Minio gateway s3 (…insert-backblaze-endpoint…)”, which in turn pulls data from backblaze (s3 compatible api).

There seems to be an authentication problem, and I have no clue how to solve this:
When I expose minio directly via caddy, I try to load the minio browser and get the message:

<Error>
<Code>InvalidRequest</Code>
<Message>
The authorization mechanism you have provided is not supported. Please use AWS4-HMAC-SHA256.
</Message>
<Resource>/</Resource>
<RequestId/>
<HostId>...</HostId>
</Error>

Not sure where to start looking. At backblaze? At Minio? At s3browser?
Somehow I should change the signature from v2 to v4 (ruby - The authorization mechanism you have provided is not supported. Please use AWS4-HMAC-SHA256 - Stack Overflow) but this seems to be not configurable.

1 Like
4

Nice! I guess you should still open an issue to ask the maintainer to tag a release though, so that @master is not necessary.

I don’t think I can help here, I don’t use AWS. Best place to ask is to open an issue on the plugin’s repo :+1:

5

I’ve opened following issues:

6

This topic was automatically closed after 30 days. New replies are no longer allowed.