S3 compatible storage not fully usable

[zerodayace]

Due to missing options in the advanced section (compared to other sync providers) self hosted S3 compatible storages
are not fully usable.
The missing options I refer to are "use path style" for buckets and ignore TLS errors.

The path style option is necessary for S3 compatible storages. The TLS option would be good for issues like #5513 and / or for development purposes.

Environment

Joplin version: 2.4.12
Platform: Windows 11
OS specifics:

[laurent22]

Isn't it what the s3 url is for? As for the tls check I'd accept a PR for it

[zerodayace]

The S3 endpoint is for specifying an alternative endpoint but S3 defaults to dns subdomains for buckets, therefore a pathstyle Is normally possible for S3 compatible endpoints. Example: Normal S3: bucket.endpoint. S3 compatible like Minio: endpoint/bucket

…

________________________________ From: Laurent ***@***.***> Sent: Sunday, October 24, 2021 11:55:18 PM To: laurent22/joplin ***@***.***> Cc: iFrozenPhoenix ***@***.***>; Author ***@***.***> Subject: Re: [laurent22/joplin] S3 compatible storage not fully usable (Issue #5623) Isn't it what the s3 url is for? As for the tls check I'd accept a PR for it — You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub<#5623 (comment)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/AITUPUU6D3ZEQBV7TESCFPTUIR6ENANCNFSM5GTYZCSQ>.

[leematos]

I think my PR actually exposes path style so that's halfway to a solution: #5312

I think if this TLS field is exposed that would enable http? https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/clients/client-s3/interfaces/s3clientconfig.html#tls

[zerodayace]

@leematos
Unfortunately it seems that there is no "tls skip verify" option in the aws s3 client apis, at least I haven't found it after reading the docs now, so the only alternative would be to just use plain http. The ref you mentioned would allow this.
But this would be completely insecure as the headers (Aceess and Secrets keys) are unencrypted and vulnerable for men in the middle attacks.
Due to the mentioned reasons I would not recommend to expose this setting. As a workaround the self signed certificate can be imported to the local certificate store (OS).

I have tested the S3 pathStyle changes but couldn't connect successfully (v2.6.6 on windows). But I can confirm that the path style is probably working because the endpoint was found. I received the following error 'Error. Please check that URL, username, password, etc. are correct and that the sync target is accessible. The reported error was:'.
After looking at the code I found a possible reason. In the following line the regions are fixed to the predefined regions of amazon. I personally use other region definitions, maybe some other cloud providers also have their own region definitions.

joplin/packages/lib/SyncTargetAmazonS3.js

Line 52 in 4ad4fde

UseArnRegion: true, // override the request region with the region inferred from requested resource's ARN.

I'm unsure if this is the reason that the connection is not working because of the missing error context. Are there eventually log files that can help to investigate the error? If yes, could you provide a location where I can find them?

[github-actions]

Hey there, it looks like there has been no activity on this issue recently. Has the issue been fixed, or does it still require the community's attention? This issue may be closed if no further activity occurs. You may comment on the issue and I will leave it open. Thank you for your contributions.

[zerodayace]

You can close it in my opinion. Mit freundlichen Grüßen / Kind regards

…

________________________________ From: github-actions[bot] ***@***.***> Sent: Thursday, January 13, 2022 5:04:26 PM To: laurent22/joplin ***@***.***> Cc: iFrozenPhoenix ***@***.***>; Author ***@***.***> Subject: Re: [laurent22/joplin] S3 compatible storage not fully usable (Issue #5623) Hey there, it looks like there has been no activity on this issue recently. Has the issue been fixed, or does it still require the community's attention? This issue may be closed if no further activity occurs. You may comment on the issue and I will leave it open. Thank you for your contributions. — Reply to this email directly, view it on GitHub<#5623 (comment)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/AITUPUSPDCRMFWV6TQYFZZ3UV3ZYVANCNFSM5GTYZCSQ>. You are receiving this because you authored the thread.Message ID: ***@***.***>

[leematos]

@iFrozenPhoenix -- Sorrry I missed your earlier reply. That's actually interesting. I can't recall if 2.6.10 has this set or not, but it may have been the source of the problem that someone else was having: #5875 (comment)

[github-actions]

Hey there, it looks like there has been no activity on this issue recently. Has the issue been fixed, or does it still require the community's attention? This issue may be closed if no further activity occurs. You may comment on the issue and I will leave it open. Thank you for your contributions.

[github-actions]

Closing this issue after a prolonged period of inactivity. If this issue is still present in the latest release, feel free to create a new issue with up-to-date information.