diff --git a/changes/changelog.d/932.bugfix b/changes/changelog.d/932.bugfix
new file mode 100644
index 0000000000000000000000000000000000000000..76b7c40f4519603f56463df6abcaefb00ec6f4fd
--- /dev/null
+++ b/changes/changelog.d/932.bugfix
@@ -0,0 +1 @@
+Updated docs to ensure streaming works when using Minio/S3 and DSub (#932)
diff --git a/changes/notes.rst b/changes/notes.rst
index 4a9d1eddb243dbb1bf0a7904767e9917623db663..8477649411d04244d3aba68ec9876a0bc699436d 100644
--- a/changes/notes.rst
+++ b/changes/notes.rst
@@ -216,3 +216,15 @@ is applied to the corresponding user account. By default, anonymous requests get
You can disable the rate-limiting feature by adding `THROTTLING_ENABLED=false` to your ``.env`` file and restarting the
services. If you are using the Funkwhale API in your project or app and want to know more about the limits, please consult https://docs.funkwhale.audio/swagger/.
+
+Broken audio streaming when using S3/Minio and DSub [manual action required]
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+Some Subsonic clients, such as DSub, are sending an Authorization headers which was forwarded
+to the S3 storage when streaming, causing some issues. If you are using S3 or a compatible storage
+such as Minio, please add the following in your nginx ``~ /_protected/media/(.+)`` location::
+
+ # Needed to ensure DSub auth isn't forwarded to S3/Minio, see #932
+ proxy_set_header Authorization "";
+
+And reload your nginx process.
diff --git a/deploy/docker.nginx.template b/deploy/docker.nginx.template
index d3a7fc9a67866811eb0568872129b336b99e7c11..ced42201a076645831a70d1037c23ba53a2c9641 100644
--- a/deploy/docker.nginx.template
+++ b/deploy/docker.nginx.template
@@ -91,6 +91,8 @@ server {
# media files in a S3 bucket
# location ~ /_protected/media/(.+) {
# internal;
+ # # Needed to ensure DSub auth isn't forwarded to S3/Minio, see #932
+ # proxy_set_header Authorization "";
# proxy_pass $1;
# }
diff --git a/deploy/nginx.template b/deploy/nginx.template
index 1dc6de6da6d03a1e55662188ce58aaa32b25a46e..32c9254e204c4ff2baab405c58a19288d0f9f661 100644
--- a/deploy/nginx.template
+++ b/deploy/nginx.template
@@ -136,6 +136,8 @@ server {
# media files in a S3 bucket
# location ~ /_protected/media/(.+) {
# internal;
+ # # Needed to ensure DSub auth isn't forwarded to S3/Minio, see #932
+ # proxy_set_header Authorization "";
# proxy_pass $1;
# }
diff --git a/docker/nginx/conf.dev b/docker/nginx/conf.dev
index 95560b6d839010df0525d87c979e1635ae77edcb..1807dc08827d043335bbe881c354cbeb655e4727 100644
--- a/docker/nginx/conf.dev
+++ b/docker/nginx/conf.dev
@@ -124,8 +124,10 @@ http {
# location ~ /_protected/media/(.+) {
# internal;
# resolver 127.0.0.11;
+ # # Needed to ensure DSub auth isn't forwarded to S3/Minio, see #932
+ # proxy_set_header Authorization "";
+ # proxy_set_header X-Remote-URL "$1";
# proxy_pass $1;
- # add_header X-Remote-URL "$1";
# }
location /_protected/music {
diff --git a/docs/admin/external-storages.rst b/docs/admin/external-storages.rst
index 45fed68ab2284697e3379e73070347dfac2143b5..a986351e727771c6e1f85aaa29f16223b50b040c 100644
--- a/docs/admin/external-storages.rst
+++ b/docs/admin/external-storages.rst
@@ -42,6 +42,8 @@ Replace the ``location /_protected/media`` block with the following::
location ~ /_protected/media/(.+) {
internal;
+ # Needed to ensure DSub auth isn't forwarded to S3/Minio, see #932
+ proxy_set_header Authorization "";
proxy_pass $1;
}
@@ -77,9 +79,9 @@ This URL is actually be visible by the client, but contains a signature valid on
no one can reuse this URL or share it publicly to distribute unauthorized content.
.. note::
-
+
If you are using Amazon S3, you will need to set your ``AWS_S3_REGION_NAME`` in the ``.env`` file to
- use this feature.
+ use this feature.
.. note::
@@ -142,9 +144,10 @@ in your ``funkwhale.template`` under the ``location ~/_protected/media/(.+)`` se
.. code-block:: shell
location ~ /_protected/media/(.+) {
- resolver 1.1.1.1;
- internal;
- proxy_pass $1;
+ resolver 1.1.1.1;
+ internal;
+ proxy_set_header Authorization "";
+ proxy_pass $1;
}
No Images or Media Loading