Commit 72f943bd authored by Eliot Berriot's avatar Eliot Berriot
Browse files

Merge branch '932-nginx-proxy' into 'develop'

Resolve "S3 nginx proxy/redirect"

Closes #932

See merge request !916
parents 1c042b42 e82dda30
Updated docs to ensure streaming works when using Minio/S3 and DSub (#932)
......@@ -216,3 +216,15 @@ is applied to the corresponding user account. By default, anonymous requests get
You can disable the rate-limiting feature by adding `THROTTLING_ENABLED=false` to your ``.env`` file and restarting the
services. If you are using the Funkwhale API in your project or app and want to know more about the limits, please consult https://docs.funkwhale.audio/swagger/.
Broken audio streaming when using S3/Minio and DSub [manual action required]
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Some Subsonic clients, such as DSub, are sending an Authorization headers which was forwarded
to the S3 storage when streaming, causing some issues. If you are using S3 or a compatible storage
such as Minio, please add the following in your nginx ``~ /_protected/media/(.+)`` location::
# Needed to ensure DSub auth isn't forwarded to S3/Minio, see #932
proxy_set_header Authorization "";
And reload your nginx process.
......@@ -91,6 +91,8 @@ server {
# media files in a S3 bucket
# location ~ /_protected/media/(.+) {
# internal;
# # Needed to ensure DSub auth isn't forwarded to S3/Minio, see #932
# proxy_set_header Authorization "";
# proxy_pass $1;
# }
......
......@@ -136,6 +136,8 @@ server {
# media files in a S3 bucket
# location ~ /_protected/media/(.+) {
# internal;
# # Needed to ensure DSub auth isn't forwarded to S3/Minio, see #932
# proxy_set_header Authorization "";
# proxy_pass $1;
# }
......
......@@ -124,8 +124,10 @@ http {
# location ~ /_protected/media/(.+) {
# internal;
# resolver 127.0.0.11;
# # Needed to ensure DSub auth isn't forwarded to S3/Minio, see #932
# proxy_set_header Authorization "";
# proxy_set_header X-Remote-URL "$1";
# proxy_pass $1;
# add_header X-Remote-URL "$1";
# }
location /_protected/music {
......
......@@ -42,6 +42,8 @@ Replace the ``location /_protected/media`` block with the following::
location ~ /_protected/media/(.+) {
internal;
# Needed to ensure DSub auth isn't forwarded to S3/Minio, see #932
proxy_set_header Authorization "";
proxy_pass $1;
}
......@@ -77,9 +79,9 @@ This URL is actually be visible by the client, but contains a signature valid on
no one can reuse this URL or share it publicly to distribute unauthorized content.
.. note::
If you are using Amazon S3, you will need to set your ``AWS_S3_REGION_NAME`` in the ``.env`` file to
use this feature.
use this feature.
.. note::
......@@ -142,9 +144,10 @@ in your ``funkwhale.template`` under the ``location ~/_protected/media/(.+)`` se
.. code-block:: shell
location ~ /_protected/media/(.+) {
resolver 1.1.1.1;
internal;
proxy_pass $1;
resolver 1.1.1.1;
internal;
proxy_set_header Authorization "";
proxy_pass $1;
}
No Images or Media Loading
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment