search

colinmeinke / ghost-storage-adapter-s3

An AWS S3 storage adapter for Ghost
Other
182 stars 87 forks source link

Does this work for Ghost 3? #82

Open sudo8com opened 3 years ago

sudo8com commented 3 years ago

I am getting access denied when connected to S3 and CloudFront

Error ID: ghost_1 | ba4e8df0-3e9d-11eb-875f-3bf6d4f677d6 ghost_1 | ghost_1 | Error Code: ghost_1 | AccessDenied ghost_1 | ghost_1 | ---------------------------------------- ghost_1 | ghost_1 | InternalServerError: Access Denied ghost_1 | at new GhostError (/var/lib/ghost/versions/3.40.1/node_modules/@tryghost/errors/lib/errors.js:10:26) ghost_1 | at _private.prepareError (/var/lib/ghost/versions/3.40.1/core/server/web/shared/middlewares/error-handler.js:53:19) ghost_1 | at Layer.handle_error (/var/lib/ghost/versions/3.40.1/node_modules/express/lib/router/layer.js:71:5) ghost_1 | at trim_prefix (/var/lib/ghost/versions/3.40.1/node_modules/express/lib/router/index.js:315:13) ghost_1 | at /var/lib/ghost/versions/3.40.1/node_modules/express/lib/router/index.js:284:7 ghost_1 | at Function.process_params (/var/lib/ghost/versions/3.40.1/node_modules/express/lib/router/index.js:335:12) ghost_1 | at next (/var/lib/ghost/versions/3.40.1/node_modules/express/lib/router/index.js:275:10) ghost_1 | at Layer.handle_error (/var/lib/ghost/versions/3.40.1/node_modules/express/lib/router/layer.js:67:12) ghost_1 | at trim_prefix (/var/lib/ghost/versions/3.40.1/node_modules/express/lib/router/index.js:315:13) ghost_1 | at /var/lib/ghost/versions/3.40.1/node_modules/express/lib/router/index.js:284:7 ghost_1 | at Function.process_params (/var/lib/ghost/versions/3.40.1/node_modules/express/lib/router/index.js:335:12) ghost_1 | at next (/var/lib/ghost/versions/3.40.1/node_modules/express/lib/router/index.js:275:10) ghost_1 | at /var/lib/ghost/versions/3.40.1/node_modules/express/lib/router/index.js:635:15 ghost_1 | at next (/var/lib/ghost/versions/3.40.1/node_modules/express/lib/router/index.js:260:14) ghost_1 | at next (/var/lib/ghost/versions/3.40.1/node_modules/express/lib/router/route.js:127:14) ghost_1 | at /var/lib/ghost/versions/3.40.1/core/server/api/shared/http.js:124:17 ghost_1 | ghost_1 | AccessDenied: Access Denied ghost_1 | at Request.extractError (/var/lib/ghost/node_modules/aws-sdk/lib/services/s3.js:700:35) ghost_1 | at Request.callListeners (/var/lib/ghost/node_modules/aws-sdk/lib/sequential_executor.js:106:20) ghost_1 | at Request.emit (/var/lib/ghost/node_modules/aws-sdk/lib/sequential_executor.js:78:10) ghost_1 | at Request.emit (/var/lib/ghost/node_modules/aws-sdk/lib/request.js:688:14) ghost_1 | at Request.transition (/var/lib/ghost/node_modules/aws-sdk/lib/request.js:22:10) ghost_1 | at AcceptorStateMachine.runTo (/var/lib/ghost/node_modules/aws-sdk/lib/state_machine.js:14:12) ghost_1 | at /var/lib/ghost/node_modules/aws-sdk/lib/state_machine.js:26:10 ghost_1 | at Request. (/var/lib/ghost/node_modules/aws-sdk/lib/request.js:38:9) ghost_1 | at Request. (/var/lib/ghost/node_modules/aws-sdk/lib/request.js:690:12) ghost_1 | at Request.callListeners (/var/lib/ghost/node_modules/aws-sdk/lib/sequential_executor.js:116:18) ghost_1 | at Request.emit (/var/lib/ghost/node_modules/aws-sdk/lib/sequential_executor.js:78:10) ghost_1 | at Request.emit (/var/lib/ghost/node_modules/aws-sdk/lib/request.js:688:14) ghost_1 | at Request.transition (/var/lib/ghost/node_modules/aws-sdk/lib/request.js:22:10) ghost_1 | at AcceptorStateMachine.runTo (/var/lib/ghost/node_modules/aws-sdk/lib/state_machine.js:14:12) ghost_1 | at /var/lib/ghost/node_modules/aws-sdk/lib/state_machine.js:26:10 ghost_1 | at Request. (/var/lib/ghost/node_modules/aws-sdk/lib/request.js:38:9)

iozz commented 3 years ago

Same for me.

afern247 commented 3 years ago

Can anyone from the dev team confirm if this works for Ghost 3? Or is there another compatible repo?

delaudio commented 3 years ago

same here

afern247 commented 3 years ago

It's funny how the official Ghost docs mention this and it's so out of date... 🤯

iamtk commented 3 years ago

I've had this working using the latest version of Ghost v3 (edit: 3.40.5), although I'm using Digital Ocean's spaces S3 compatible object storage.

delaudio commented 3 years ago

I was able to use it with ghost 3.40.5. It was my fault, I'm new with ghost and I was trying to use it in docker environment with a minIO s3. It wasn't clear to me how and where to install it from the docs. I adapted the steps from https://github.com/robincsamuel/ghost-google-drive and it worked.

sudo8com commented 3 years ago

is there going to be any updates or anyway I can integrate ghost with s3 & cloudfront?

apavamontri commented 3 years ago

I was able to get this to work with Ghost version 3.41.6. I have S3 bucket setup as an origin to CloudFront + custom SSL. I turned on CloudTrail Data Event on S3 bucket and got access logs and found out that when I uploaded image. It made two calls.

1) GetObject to check if image exists. This call returns NoSuchKey error if it is a new image. 2) PutObject to upload image. This call set x-amz-acl header to public-read and it returned AccessDenied error.

So, I set the acl to private in config.production.json file and it works!

My bucket setup

Bucket policy (added via CloudFront)

{
    "Version": "2008-10-17",
    "Id": "PolicyForCloudFrontPrivateContent",
    "Statement": [
        {
            "Sid": "1",
            "Effect": "Allow",
            "Principal": {
                "AWS": "arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity [xxxx]"
            },
            "Action": "s3:GetObject",
            "Resource": "arn:aws:s3:::[bucket]/*"
        }
    ]
}

My config.production.json

...
"storage": {
    "active": "s3",
    "s3": {
      "accessKeyId": "[key]",
      "secretAccessKey": "[secret]",
      "region": "[region]",
      "bucket": "[bucket]",
      "assetHost": "https://[subdomain].example.com", // cloudfront
      "forcePathStyle": true,
      "acl": "private"
    }
  }
...

Hope this help.

booleanhunter commented 3 years ago

@colinmeinke This worked for me. It would be great if we can add some more details in the documentation about what acl does please?

saharshMMC commented 3 years ago

Was able to make it work with latest version as well. I am using helm to deploy and manually add the adapter files.

Helm chart version: 13.0.14
Ghost-CLI version: 1.17.3
Ghost version: 4.7.0
luisda0 commented 2 years ago

It worked for me too, as @booleanhunter said, it would be nice to add more detail about this in the documentation

jimzcc commented 2 years ago

i'm using the bitnami ghost stack, with stack version = "4.44.0-0", not working for me, after modifying the config file, ghost does not even start.

lakshminarasimmanv commented 2 years ago

It's funny how the official Ghost docs mention this and it's so out of date... 🤯

it works, but you gotta do some modifications.

derek-adair commented 3 months ago

It's funny how the official Ghost docs mention this and it's so out of date... 🤯

Ghost has exploded as an organization and is going through some growing pains (IMO). It is definitely insane that a repo that hasn't seen a commit in 6 years is linked by their own docs. The other thing they link is IN READ ONLY MODE. woops. Good luck bringing this to anyones attention it's pretty hard to tell where you can actually affect change on this kind of thing. I brought some pretty obvious best practices to one of their theme repos about a year ago and got ignored and auto closed by their bot.

it works, but you gotta do some modifications.

Hey buddy, you should fork and publish these changes. This is a pretty critical plugin to get dropped.

lakshminarasimmanv commented 3 months ago

Sure, will share them in a couple of days.

derek-adair commented 3 months ago

Fantastic. Let me know and i'll test it out.