diff --git a/docs/installation.rst b/docs/installation.rst index 8c13c82..67fb598 100644 --- a/docs/installation.rst +++ b/docs/installation.rst @@ -167,6 +167,11 @@ If you omit the keys or the endpoint URL, then Takahē will try to use implicit authentication for them. The keys, if included, should be urlencoded, as AWS secret keys commonly contain eg + characters. +With the above examples, Takahē connects to an S3 bucket using **HTTPS**. If +you wish to connect to an S3 bucket using **HTTP** (for example, to connect to +an S3 API endpoint on a private network), replace `s3` in the examples above +with `s3-insecure`. + Your S3 bucket *must* be set to allow publically-readable files, as Takahē will set all files it uploads to be ``public-read``. We randomise uploaded file names to prevent enumeration attacks. diff --git a/takahe/settings.py b/takahe/settings.py index 93ad285..f06f8f4 100644 --- a/takahe/settings.py +++ b/takahe/settings.py @@ -432,7 +432,7 @@ if SETUP.MEDIA_BACKEND: if parsed.hostname is not None: port = parsed.port or 443 GS_CUSTOM_ENDPOINT = f"https://{parsed.hostname}:{port}" - elif parsed.scheme == "s3": + elif (parsed.scheme == "s3") or (parsed.scheme == "s3-insecure"): STORAGES["default"]["BACKEND"] = "core.uploads.TakaheS3Storage" AWS_STORAGE_BUCKET_NAME = parsed.path.lstrip("/") AWS_QUERYSTRING_AUTH = False @@ -441,8 +441,14 @@ if SETUP.MEDIA_BACKEND: AWS_ACCESS_KEY_ID = parsed.username AWS_SECRET_ACCESS_KEY = urllib.parse.unquote(parsed.password) if parsed.hostname is not None: - port = parsed.port or 443 - AWS_S3_ENDPOINT_URL = f"https://{parsed.hostname}:{port}" + if parsed.scheme == "s3-insecure": + s3_default_port = 80 + s3_scheme = "http" + else: + s3_default_port = 443 + s3_scheme = "https" + port = parsed.port or s3_default_port + AWS_S3_ENDPOINT_URL = f"{s3_scheme}://{parsed.hostname}:{port}" if SETUP.MEDIA_URL is not None: media_url_parsed = urllib.parse.urlparse(SETUP.MEDIA_URL) AWS_S3_CUSTOM_DOMAIN = media_url_parsed.hostname