I’m trying to set object storage acl to null
because I’m using MinIO object store as backend where acls are not supported. I’m using the official docker image and try to set it via environment variables. This is somehow not working, I still get an error when changing a private video to public. Any suggestions on this?
Can you share PEERTUBE_OBJECT_STORAGE_UPLOAD_ACL_PRIVATE
and PEERTUBE_OBJECT_STORAGE_UPLOAD_ACL_PUBLIC
env?
And paste the peertube error?
Hi @Chocobozzz thanks for your reply!
I’ve set the acl env vars to an empty string for now:
root@peertube1-peertube-86996b855d-d64hj:/app# env | grep ACL
PEERTUBE_OBJECT_STORAGE_UPLOAD_ACL_PRIVATE=
PEERTUBE_OBJECT_STORAGE_UPLOAD_ACL_PUBLIC=
I also tried null
and public-read
for both values - with no difference.
The error message I get is:
Backend returned code 500, errorMessage is: A header you provided implies functionality that is not implemented ()
Can you try PEERTUBE_OBJECT_STORAGE_UPLOAD_ACL_PRIVATE=""
? (same for public)
Still the same error with
root@peertube1-peertube-86996b855d-wn28l:/app# env|grep ACL
PEERTUBE_OBJECT_STORAGE_UPLOAD_ACL_PRIVATE=""
PEERTUBE_OBJECT_STORAGE_UPLOAD_ACL_PUBLIC=""
set.
Can you try to add
object_storage:
upload_acl:
public: null # Set to null here because we can't using env variables
private: null
In your container, in /app/support/docker/production/config/production.yaml
? Then restart the container
@Chocobozzz that worked, thanks a lot!
I removed the ACL environment variables and patched the change on pod startup into production.yaml
file you mentioned. My instance is running in a Kubernetes cluster and changes in the container won’t survive a restart.
It was just to know if the fix I’ll push would fix the issue.
You can also create a production.yaml
in your docker-volume/config
that should override default configuration.
We have a similar issue with PeerTube on k8s and Minio as S3 storage backend. When trying to change a video from private to public or the other way round, we get:
Cannot apply function on playlist-dev/hls/d18e2222-6daa-41d5-acfd-9fa848a54c79 prefix in bucket playlist-dev: no files listed.
EDIT: Got it working. Putting both ACL configs in env to ""
is not sufficient, you really need to set it in production.yaml
to null
.
Maybe can somebody share a bucket policy for minio that fits to this scenario?
I’m using this bucket policy:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": [
"*"
]
},
"Action": [
"s3:GetBucketLocation"
],
"Resource": [
"arn:aws:s3:::peertube"
]
},
{
"Effect": "Allow",
"Principal": {
"AWS": [
"*"
]
},
"Action": [
"s3:GetObject"
],
"Resource": [
"arn:aws:s3:::peertube/*"
]
}
]
}
Cheers!