diff --git a/abra.sh b/abra.sh index ab108aa..a0e0892 100755 --- a/abra.sh +++ b/abra.sh @@ -1,7 +1,7 @@ # Set any config versions here # Docs: https://docs.coopcloud.tech/maintainers/handbook/#manage-configs export ABRA_ENTRYPOINT_VERSION=v5 -export NGINX_CONF_VERSION=v4 +export NGINX_CONF_VERSION=v6 export PG_BACKUP_VERSION=v3 environment() { diff --git a/compose.yml b/compose.yml index 5542457..64c8bdf 100644 --- a/compose.yml +++ b/compose.yml @@ -31,7 +31,8 @@ x-common-env: &common-env DRIVE_BASE_URL: "https://${DOMAIN}" # Media STORAGES_STATICFILES_BACKEND: django.contrib.staticfiles.storage.StaticFilesStorage - AWS_S3_ENDPOINT_URL: https://${DOMAIN}/media/ + AWS_S3_ENDPOINT_URL: http://minio:9000 + AWS_S3_DOMAIN_REPLACE: https://minio.lasuite-drive.cctest.autonomic.zone # AWS_S3_ACCESS_KEY_ID supplied via secret (this is same MINIO_ROOT_USER) # AWS_S3_SECRET_ACCESS_KEY supplied via secret (this is same as MINIO_ROOT_PASSWORD) MEDIA_BASE_URL: https://${DOMAIN} @@ -90,6 +91,8 @@ services: - "traefik.enable=false" - "coop-cloud.${STACK_NAME}.timeout=${TIMEOUT:-120}" - "coop-cloud.${STACK_NAME}.version=0.2.4+v4.0.0" + environment: + <<: [ *common-env ] healthcheck: test: ["CMD", "curl", "-f", "http://localhost:8080"] interval: 15s @@ -195,7 +198,7 @@ services: createbuckets: # image: minio/mc - image: minio/minio:RELEASE.2025-05-24T17-08-30Z + image: minio/minio:RELEASE.2025-09-07T16-13-09Z environment: *minio-env entrypoint: > sh -c " @@ -217,7 +220,7 @@ services: - backend minio: - image: minio/minio:RELEASE.2025-05-24T17-08-30Z + image: minio/minio:RELEASE.2025-09-07T16-13-09Z environment: *minio-env healthcheck: test: ["CMD", "mc", "ready", "local"] @@ -226,14 +229,15 @@ services: retries: 300 networks: - backend + - proxy command: minio server /data entrypoint: ["/usr/bin/docker-entrypoint.sh"] volumes: - minio:/data - deploy: - labels: - backupbot.backup: "${ENABLE_BACKUPS:-true}" - entrypoint: /abra-entrypoint.sh +# deploy: +# labels: +# backupbot.backup: "${ENABLE_BACKUPS:-true}" +# entrypoint: /abra-entrypoint.sh configs: - source: abra_entrypoint target: /abra-entrypoint.sh @@ -241,6 +245,22 @@ services: secrets: - minio_rp - minio_ru + deploy: + labels: + - "traefik.enable=true" + - "traefik.docker.network=proxy" + - "traefik.http.routers.minio.rule=Host(`${MINIO_DOMAIN}`)" + - "traefik.http.routers.minio.entrypoints=web-secure" + - "traefik.http.routers.minio.tls=true" + - "traefik.http.routers.minio.tls.certresolver=${LETS_ENCRYPT_ENV}" + - "traefik.http.services.minio.loadbalancer.server.port=9000" + - "traefik.http.middlewares.minio-cors.headers.accessControlAllowOriginList=https://${DOMAIN}" + - "traefik.http.middlewares.minio-cors.headers.accessControlAllowMethods=GET,POST,PUT,DELETE,OPTIONS" + - "traefik.http.middlewares.minio-cors.headers.accessControlAllowHeaders=*" + - "traefik.http.middlewares.minio-cors.headers.accessControlExposeHeaders=ETag,Content-Length" + - "traefik.http.middlewares.minio-cors.headers.accessControlMaxAge=600" + - "traefik.http.middlewares.minio-cors.headers.addVaryHeader=true" + - "traefik.http.routers.minio.middlewares=minio-cors" web: image: nginx:1.25 diff --git a/nginx.conf.tmpl b/nginx.conf.tmpl index a9a924e..0d19a95 100644 --- a/nginx.conf.tmpl +++ b/nginx.conf.tmpl @@ -61,6 +61,24 @@ server { proxy_set_header Host minio:9000; } + # Proxy auth for media-preview + location /media/preview/ { + # Auth request configuration + auth_request /media-auth; + auth_request_set $authHeader $upstream_http_authorization; + auth_request_set $authDate $upstream_http_x_amz_date; + auth_request_set $authContentSha256 $upstream_http_x_amz_content_sha256; + + # Pass specific headers from the auth response + proxy_set_header Authorization $authHeader; + proxy_set_header X-Amz-Date $authDate; + proxy_set_header X-Amz-Content-SHA256 $authContentSha256; + + # Get resource from Minio + proxy_pass http://minio:9000/drive-media-storage/; + proxy_set_header Host minio:9000; + } + location /media-auth { proxy_pass http://docs_backend/api/v1.0/items/media-auth/; proxy_set_header X-Forwarded-Proto https;