Configuring S3 Minio for Peertube

Hi! Help to set up Minio and Peertube correctly.

On a local network on a separate server, I configured Minio as Standalone. Everything works for me, and TLS is also configured.
This server is fully accessible on the Internet, here is the link https://s3.ustim.ru
I have created a public Bucket and a user with read/write rights.

The Peertube configuration file is configured as follows:

object_storage:
  enabled: true

  # Without protocol, will default to HTTPS
  endpoint: 's3.ustim.ru' # 's3.amazonaws.com' or 's3.fr-par.scw.cloud' for example

  region: 'ru-sochi-1'

  # Set this ACL on each uploaded object
  upload_acl: 'public-write'

  credentials:
    # You can also use AWS_ACCESS_KEY_ID env variable
    access_key_id: 'username'
    # You can also use AWS_SECRET_ACCESS_KEY env variable
    secret_access_key: 'XXXXXXXX'

  # Maximum amount to upload in one request to object storage
  max_upload_part: 2GB

  streaming_playlists:
    bucket_name: 'video.ustim'

    # Allows setting all buckets to the same value but with a different prefix
    prefix: 'streaming-playlists/' # Example: 'streaming-playlists:'

    # Base url for object URL generation, scheme and host will be replaced by this URL
    # Useful when you want to use a CDN/external proxy
    base_url: '' # Example: 'https://mirror.example.com'

  # Same settings but for webtorrent videos
  videos:
    bucket_name: 'video.ustim'
    prefix: 'videos/'
    base_url: ''

I also tried to add NGINX to the configuration file

    # Use this in tandem with fuse-mounting i.e. https://docs.joinpeertube.org/#/admin-remote-storage
    # to serve files directly from a public bucket without proxying.
    # Assumes you have buckets named after the storage subdirectories, i.e. 'videos', 'redundancy', etc.

    set $cdn https://s3.ustim.ru/;
    rewrite ^/static/webseed/(.*)$ $cdn/videos/$1 redirect;
    rewrite ^/static/(.*)$         $cdn/$1        redirect;

When I add a video, after processing it is moved to S3 storage. But when I run the video in the instance, the video doesn’t work. Here is the result


Hello,

You need to configure minio to use the virtual host bucket style. Path request style is not supported: https://github.com/Chocobozzz/PeerTube/issues/4455

For Mini, I have these settings, I also made a proxy for the basket

server {
  listen 80;
  listen [::]:80;
  server_name s3.ustim.ru;

  location /.well-known/acme-challenge/ {
    default_type "text/plain";
    root /var/www/certbot;
  }
  location / { return 301 https://$host$request_uri; }
}

server {
  listen 443 ssl http2;
  listen [::]:443 ssl http2;

  server_name s3.ustim.ru;

# To allow special characters in headers
 ignore_invalid_headers off;
 # Allow any size file to be uploaded.
 # Set to a value such as 1000m; to restrict file size to a specific value
 client_max_body_size 0;
 # To disable buffering
 proxy_buffering off;

 location / {
   proxy_set_header X-Real-IP $remote_addr;
   proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
   proxy_set_header X-Forwarded-Proto $scheme;
   proxy_set_header Host $http_host;

   proxy_connect_timeout 300;
   # Default is HTTP/1, keepalive is only enabled in HTTP/1.1
   proxy_http_version 1.1;
   proxy_set_header Connection "";
   chunked_transfer_encoding off;

   proxy_pass http://192.168.1.15:34283; # If you are using docker-compose this would be the hostname i.e. minio

   # Health Check endpoint might go here. See https://www.nginx.com/resources/wiki/modules/healthcheck/
   # /minio/health/live;
 }

 # Proxy requests to the bucket "photos" to MinIO server running on port 9000
 location /video.ustim/ {
   proxy_set_header X-Real-IP $remote_addr;
   proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
   proxy_set_header X-Forwarded-Proto $scheme;
   proxy_set_header Host $http_host;

   proxy_connect_timeout 300;
   # Default is HTTP/1, keepalive is only enabled in HTTP/1.1
   proxy_http_version 1.1;
   proxy_set_header Connection "";
   chunked_transfer_encoding off;

   proxy_pass http://192.168.1.15:9000;
 }


  ##
  # Certificates
  # you need a certificate to run in production. see https://letsencrypt.org/
  ##
  ssl_certificate     /etc/letsencrypt/live/s3.ustim.ru/fullchain.pem;
  ssl_certificate_key /etc/letsencrypt/live/s3.ustim.ru/privkey.pem;

  location ^~ '/.well-known/acme-challenge' {
    default_type "text/plain";
    root /var/www/certbot;
  }
}