`OBJECTSTORE_S3_SSL` does not work as documented #2308

vbrandl · 2024-10-08T20:12:09Z

The documentation for OBJECTSTORE_S3_SSL states that it defaults to true:

(default: true): Whether or not SSL/TLS should be used to communicate with object storage server

I would assume, not setting OBJECTSTORE_S3_SSL at all would cause Nextcloud to connect to my S3 bucket via HTTPS.

I use the following compose.yml for testing.

services:
  nextcloud:
    image: nextcloud
    volumes:
      - ./data/nextcloud:/var/www/html
    environment:
      - SQLITE_DATABASE=/tmp/nc.db
      - NEXTCLOUD_ADMIN_USER=admin
      - NEXTCLOUD_ADMIN_PASSWORD=this-is-not-a-password
      - NEXTCLOUD_TRUSTED_DOMAINS=example.com

      - OBJECTSTORE_S3_BUCKET=${OBJECTSTORE_S3_BUCKET}
      - OBJECTSTORE_S3_HOST=${OBJECTSTORE_S3_HOST}
      - OBJECTSTORE_S3_PORT=${OBJECTSTORE_S3_PORT}
      - OBJECTSTORE_S3_KEY=${OBJECTSTORE_S3_KEY}
      - OBJECTSTORE_S3_SECRET=${OBJECTSTORE_S3_SECRET}
        #- OBJECTSTORE_S3_SSL=true

If i start a new instance like this, I get the following config.php:

objectstore' =>
  array (
    'class' => '\\OC\\Files\\ObjectStore\\S3',
    'arguments' =>
    array (
      'bucket' => '<snip>',
      'region' => '',
      'hostname' => '<snip>',
      'port' => '443',
      'storageClass' => '',
      'objectPrefix' => 'urn:oid:',
      'autocreate' => false,
      'use_ssl' => false,
      'use_path_style' => false,
      'legacy_auth' => false,
      'key' => '<snip>',
      'secret' => '<snip>',
    ),
  ),

use_ssl is set to false but I would expect it to be true.

Now I delete ./data/nextcloud, uncomment - OBJECTSTORE_S3_SSL=true in compose.yml and start the compose project again and use_ssl in config.php will be set to true.

So the documentation does not match how the image actually behaves.

The text was updated successfully, but these errors were encountered:

According to the documentation, both `OBJECTSTORE_S3_SSL` and `OBJECTSTORE_S3_AUTOCREATE` should default to `true`. Currently, when these environment variables are not set, they default to `false`. (See nextcloud#2308). With this fix, both values will be `true` if they are * not set * the empty string * any string that is not equal to `false` when converted to lowercase This should now match the documented behavior.

According to the documentation, both `OBJECTSTORE_S3_SSL` and `OBJECTSTORE_S3_AUTOCREATE` should default to `true`. Currently, when these environment variables are not set, they default to `false`. (See nextcloud#2308). This fix works, because `strtolower(false)` returns the empty string. So when `OBJECTSTORE_S3_SSL` is not set and `getenv('OBJECTSTORE_S3_SSL')` returns `false`, the check `strtolower($use_ssl) !== 'false'` will evaluate to `true`. With this fix, both values will be `true` if they are * not set * the empty string * any string that is not equal to `false` when converted to lowercase This should now match the documented behavior.

joshtrichards · 2024-10-09T13:00:32Z

Hi @vbrandl - You're absolutely right. This intersects with #1948, an older report I was just recently reviewing (and that got overlooked).

Thanks for the PR as well!

According to the documentation, both `OBJECTSTORE_S3_SSL` and `OBJECTSTORE_S3_AUTOCREATE` should default to `true`. Currently, when these environment variables are not set, they default to `false`. (See nextcloud#2308). This fix works, because `strtolower(false)` returns the empty string. So when `OBJECTSTORE_S3_SSL` is not set and `getenv('OBJECTSTORE_S3_SSL')` returns `false`, the check `strtolower($use_ssl) !== 'false'` will evaluate to `true`. With this fix, both values will be `true` if they are * not set * the empty string * any string that is not equal to `false` when converted to lowercase This should now match the documented behavior. Signed-off-by: Valentin Brandl <[email protected]>

According to the documentation, both `OBJECTSTORE_S3_SSL` and `OBJECTSTORE_S3_AUTOCREATE` should default to `true`. Currently, when these environment variables are not set, they default to `false`. (See #2308). This fix works, because `strtolower(false)` returns the empty string. So when `OBJECTSTORE_S3_SSL` is not set and `getenv('OBJECTSTORE_S3_SSL')` returns `false`, the check `strtolower($use_ssl) !== 'false'` will evaluate to `true`. With this fix, both values will be `true` if they are * not set * the empty string * any string that is not equal to `false` when converted to lowercase This should now match the documented behavior. Signed-off-by: Valentin Brandl <[email protected]>

vbrandl mentioned this issue Oct 8, 2024

Fix initialization of autocreate and use_ssl #2309

Merged

This comment has been minimized.

Sign in to view

joshtrichards added bug feature: auto config (environment variables) Auto configuring via environment variables 2. developing 3. to review and removed 2. developing labels Oct 9, 2024

joshtrichards added this to the Nextcloud 30.0.2 milestone Oct 9, 2024

joshtrichards linked a pull request Oct 10, 2024 that will close this issue

Secrets handling via entrypoint #2280

Open

joshtrichards removed a link to a pull request Oct 10, 2024

Secrets handling via entrypoint #2280

Open

J0WI closed this as completed in #2309 Oct 24, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

`OBJECTSTORE_S3_SSL` does not work as documented #2308

`OBJECTSTORE_S3_SSL` does not work as documented #2308

vbrandl commented Oct 8, 2024 •

edited

Loading

This comment has been minimized.

joshtrichards commented Oct 9, 2024

OBJECTSTORE_S3_SSL does not work as documented #2308

OBJECTSTORE_S3_SSL does not work as documented #2308

Comments

vbrandl commented Oct 8, 2024 • edited Loading

This comment has been minimized.

joshtrichards commented Oct 9, 2024

`OBJECTSTORE_S3_SSL` does not work as documented #2308

`OBJECTSTORE_S3_SSL` does not work as documented #2308

vbrandl commented Oct 8, 2024 •

edited

Loading