Update S3 to use world-readable files

2024-11-21 14:51:02 +00:00 · 2022-12-01 09:43:36 -07:00 · 2022-12-01 09:43:36 -07:00 · 4344fdad9a
commit 4344fdad9a
parent 676dda0cb6
2 changed files with 7 additions and 2 deletions
--- a/docs/installation.rst
+++ b/docs/installation.rst
@ -84,9 +84,12 @@ be provided from the first boot.
    fully-qualified URL prefix that serves that directory.

  * If it is set to ``gcs://``, it must be in the form ``gcs://bucket-name``
-    (note the two slashes if you just want a bucket name)
+    (note the two slashes if you just want a bucket name). Your bucket must
+    be set to world-readable and have individual object permissions disabled.

-  * If it is set to ``s3://``, it must be in the form ``s3://access-key:secret-key@endpoint-url/bucket-name``
+  * If it is set to ``s3://``, it must be in the form
+    ``s3://access-key:secret-key@endpoint-url/bucket-name``. Your bucket must
+    permit publically-readable files to be uploaded.

 * ``TAKAHE_MAIN_DOMAIN`` should be the domain name (without ``https://``) that
  will be used for default links (such as in emails). It does *not* need to be
--- a/takahe/settings.py
+++ b/takahe/settings.py
@ -304,6 +304,8 @@ if SETUP.MEDIA_BACKEND:
    elif parsed.scheme == "s3":
        DEFAULT_FILE_STORAGE = "storages.backends.s3boto3.S3Boto3Storage"
        AWS_STORAGE_BUCKET_NAME = parsed.path.lstrip("/")
+        AWS_QUERYSTRING_AUTH = False
+        AWS_DEFAULT_ACL = "public-read"
        if parsed.username is not None:
            AWS_ACCESS_KEY_ID = parsed.username
            AWS_SECRET_ACCESS_KEY = urllib.parse.unquote(parsed.password)