Skip to content

OBJECTSTORE_*_FILE via docker secrets #1726

Closed
Closed
OBJECTSTORE_*_FILE via docker secrets#1726
@lukashartl

Description

@lukashartl
lukashartl
opened on Mar 30, 2022

Hey 👋

I am trying to setup a docker-compose project for nextcloud+postgres+minio (s3).

The relevant part of my docker-compose.yaml looks like this:

services:
  # ...

  app:
    image: nextcloud
    restart: always
    ports:
      - 8080:80
    volumes:
      - next_app:/var/www/html
    environment:
      - POSTGRES_HOST=db
      - POSTGRES_DB_FILE=/run/secrets/postgres_db # works
      - POSTGRES_USER_FILE=/run/secrets/postgres_user # works
      - POSTGRES_PASSWORD_FILE=/run/secrets/postgres_password # works
      - NEXTCLOUD_ADMIN_PASSWORD_FILE=/run/secrets/nextcloud_admin_password # works
      - NEXTCLOUD_ADMIN_USER_FILE=/run/secrets/nextcloud_admin_user # works
      - OBJECTSTORE_S3_HOST=minio
      - OBJECTSTORE_S3_BUCKET=nextcloud
      - OBJECTSTORE_S3_KEY_FILE=/run/secrets/minio_user # not working
      - OBJECTSTORE_S3_SECRET_FILE=/run/secrets/minio_password # not working
      - OBJECTSTORE_S3_PORT=9000
      - OBJECTSTORE_S3_SSL=false
      - OBJECTSTORE_S3_USEPATH_STYLE=true
      - OBJECTSTORE_S3_LEGACYAUTH=true
      - OBJECTSTORE_S3_AUTOCREATE=true
    depends_on:
      - db
      - minio
    secrets:
      - minio_user
      - minio_password
      - nextcloud_admin_password
      - nextcloud_admin_user
      - postgres_db
      - postgres_password
      - postgres_user
# ...

I noticed, that the relevant configuration parameters keep being empty in the generated config.php, because nextcloud does not consider them coming from docker secrets:

docker/23/apache/config/s3.config.php

Lines 1 to 27 in da935d2

<?php
if (getenv('OBJECTSTORE_S3_BUCKET')) {
$use_ssl = getenv('OBJECTSTORE_S3_SSL');
$use_path = getenv('OBJECTSTORE_S3_USEPATH_STYLE');
$use_legacyauth = getenv('OBJECTSTORE_S3_LEGACYAUTH');
$autocreate = getenv('OBJECTSTORE_S3_AUTOCREATE');
$CONFIG = array(
'objectstore' => array(
'class' => '\OC\Files\ObjectStore\S3',
'arguments' => array(
'bucket' => getenv('OBJECTSTORE_S3_BUCKET'),
'key' => getenv('OBJECTSTORE_S3_KEY') ?: '',
'secret' => getenv('OBJECTSTORE_S3_SECRET') ?: '',
'region' => getenv('OBJECTSTORE_S3_REGION') ?: '',
'hostname' => getenv('OBJECTSTORE_S3_HOST') ?: '',
'port' => getenv('OBJECTSTORE_S3_PORT') ?: '',
'objectPrefix' => getenv("OBJECTSTORE_S3_OBJECT_PREFIX") ? getenv("OBJECTSTORE_S3_OBJECT_PREFIX") : "urn:oid:",
'autocreate' => (strtolower($autocreate) === 'false' || $autocreate == false) ? false : true,
'use_ssl' => (strtolower($use_ssl) === 'false' || $use_ssl == false) ? false : true,
// required for some non Amazon S3 implementations
'use_path_style' => $use_path == true && strtolower($use_path) !== 'false',
// required for older protocol versions
'legacy_auth' => $use_legacyauth == true && strtolower($use_legacyauth) !== 'false'
)
)
);
}

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions