CODEWITHSUNDEEP
nginxamazon-s3s3fs
rp346
rp346

Reputation: 7058

s3fs volume exposed via nginx

I am mounting S3 bucket to Ubuntu VM with command

root@factory:~# s3fs my-bucket /mnt/s3-bucket -o passwd_file=/etc/.passwd-s3fs -o noatime -o allow_other -o uid=1000 -o gid=1000 -o use_cache=/tmp -o default_acl=public-read-write

This volume gets mounted correctly to VM. Also able to copy files from /mnt/s3-bucket/* to any other location.

root@factory:~# ls -alh /mnt/s3-bucket/
total 56K
drwxrwxrwx 1 ubuntu ubuntu    0 Jan  1  1970 .
drwxr-xr-x 3 root   root   4.0K Jul 19 20:30 ..
-rw-r----- 1 ubuntu ubuntu  50K Jul 22 15:04 controller_1.34.0.tar
drwxr-x--- 1 ubuntu ubuntu    0 Jul 22 15:04 firmware

Don't know why these files are own by ubuntu:ubuntu

I am trying to serve this location through Nginx to download these files.

But when I click on the file name I get 403 Forbidden

Tried to change file permissions 

root@factory:~# chown -R root:root /mnt/s3-bucket
chown: changing ownership of '/mnt/s3-bucket/controller_1.34.0.tar': Input/output error
chown: changing ownership of '/mnt/s3-bucket/fixture_controller_2.1.3.tar': Input/output error
chown: changing ownership of '/mnt/s3-bucket': Input/output error
root@factory:~#

Tried to create file from VM root@factory:~# touch /mnt/s3-bucket/test.txt touch: setting times of '/mnt/s3-bucket/test.txt': No such file or directory

nginx.conf :

server {
    listen         8080 default_server;
    server_name    localhost;
    keepalive_timeout 70;
    gzip on;
    gzip_disable "msie6";
    gzip_vary on;
    gzip_proxied any;
    gzip_comp_level 6;
    gzip_buffers 16 8k;
    gzip_http_version 1.1;
    gzip_types text/plain text/css application/json application/x-javascript application/javascript text/xml application/xml application/xml+rss text/javascript;

    location /s3 {
        alias /mnt/s3-bucket;
        autoindex on;
    }
}

Logs from Nginx : 

2019/07/24 13:45:10 [error] 10777#10777: *2 open() "/mnt/s3-bucket/fixture_controller_2.1.3.tar" failed (13: Permission denied), client: 13.12.18.18, server: localhost, request: "GET /s3/fixture_controller_2.1.3.tar HTTP/1.1", host: "43.3.7.96:8080", referrer: "http://43.3.7.96:8080/s3/"
2019/07/24 13:45:18 [error] 10777#10777: *2 open() "/mnt/s3-bucket/controller_1.34.0.tar" failed (13: Permission denied), client: 13.12.18.18, server: localhost, request: "GET /s3/controller_1.34.0.tar HTTP/1.1", host: "43.3.7.96:8080", referrer: "http://43.3.7.96:8080/s3/"

What I am missing ? How can i server downloadable S3 files through Nginx

Upvotes: 3

Views: 2269

Answers (1)

Neothorn
Neothorn

Reputation: 339

The files inside the S3 bucket are owned by ubuntu:ubuntu because the S3 bucket was mountet with the params -o uid=1000 -o gid=1000. These are the IDs for the user ubuntu and the group ubuntu.

The nginx worker process, which handles http requests, runs as an other user. Usually it's www-data.

If you want to enable nginx to access the files inside the S3 bucket you have to replace uid and gid with the corresponding values for www-data.

id -u www-data displays the uid and id -g www-data displays the gid

Upvotes: 4

Related Questions