Skip to content

Fix for self hosted S3 self signed URLs #499

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
lmarini wants to merge 3 commits into
base: illinois-chat
Choose a base branch
from
Open

Fix for self hosted S3 self signed URLs #499

lmarini wants to merge 3 commits into from

Conversation

@lmarini
Copy link
Collaborator

@lmarini lmarini commented Dec 3, 2025
edited
Loading

This fixes the S3 self signed URLs when running all containers in docker compose for self hosted.

Before the URLs were being signed with the internal docker service name minio and then they would failed when being validated against localhost. Now we can provide a MINIO_PUBLIC_ENDPOINT in cases where the internal and external urls are different.

I am honestly not sure if this is the best strategy, but it seems to work locally. Not tested on dev yet and it could use some more testing on localhost using the current dev environment where MINIO_PUBLIC_ENDPOINT should not be necessary.

@lmarini
Create Keycloak issuer URL based on deployment. Needed for self hoste…
46c3c29 
…d when all containers are running in docker and we are using internal docker service names.
@lmarini
Include option for Docker service name when connecting to local Postg…
45b20b3 
…resql.
@lmarini
Fixing presigned minio urls for local deployment in docker and using …
ff238af 
…docker network.

Added console logs for s3 configs to make it easier to debug.
@vercel
Copy link

vercel bot commented Dec 3, 2025

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Preview Comments Updated (UTC)
uiuc-chat-frontend Ready Ready Preview Comment Dec 3, 2025 6:08pm

longshuicy
longshuicy reviewed Jan 5, 2026
View reviewed changes
Copy link
Collaborator

@longshuicy longshuicy left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What would be the best way to test this PR? Should I build this branch locally into an image? I recall the self-hosted setup is linked via git submodules just wonder if there's any tricks.

src/utils/s3Client.ts
console.log('[s3Client] AWS_SECRET:', process.env.AWS_SECRET ? '***' + '*'.repeat(Math.min(process.env.AWS_SECRET.length - 4, 8)) + process.env.AWS_SECRET.slice(-4) : 'undefined')
console.log('[s3Client] LOCAL_MINIO:', process.env.LOCAL_MINIO)
console.log('[s3Client] MINIO_ENDPOINT:', process.env.MINIO_ENDPOINT)
console.log('[vyriadMinioClient] S3_BUCKET_NAME:', process.env.S3_BUCKET_NAME)
Copy link
Collaborator

@longshuicy longshuicy Jan 5, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should we remove those logs that prints out secret?

src/utils/s3Client.ts
console.log('[vyriadMinioClient] MINIO_ENDPOINT:', process.env.MINIO_ENDPOINT)
console.log('[vyriadMinioClient] MINIO_REGION:', process.env.MINIO_REGION)
console.log('[vyriadMinioClient] S3_BUCKET_NAME:', process.env.S3_BUCKET_NAME)

Copy link
Collaborator

@longshuicy longshuicy Jan 5, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Same should we remove those console logs?

Copy link
Collaborator Author

@lmarini lmarini Jan 5, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I left that there because they might be useful for debugging, but when I last was paying attention to the logs I think some of them show up multiple times (instead of just at startup). If they just show up at startup it might behelpful to leave them there.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@longshuicy longshuicy longshuicy left review comments

@drshika drshika Awaiting requested review from drshika

@rohan-uiuc rohan-uiuc Awaiting requested review from rohan-uiuc

At least 1 approving review is required to merge this pull request.

Assignees

@lmarini lmarini

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@lmarini @longshuicy