Closed ajmichels closed 3 years ago
Is it a private wiki? (do anonymous users have "read" permission?)
$wgUploadPath
Not applicable to S3 storage.
$wgImageAuthPath
There is no such configuration option in MediaWiki.
Yes, the wiki is private.
Sorry I mean $wgImgAuthPath
. My understanding is that modifying this path is critical to have "pretty" URLs for these private files. For example, https://mywiki.com/file/somefile.png
instead of https://mywiki.com/img_auth.php/somefile.png
, by way of rewrite in Apache or Nginx.
But honestly, I am not concerned about having the files private, in fact being able to share them would be more useful in our case. And the base MediaWiki configuration seems to allow this if desired. But first I just need to get them working.
Also, I defined $wgAWSBucketDomain
but that doesn't seem to do anything either.
For security reasons, private wikis mark all uploaded S3 objects as "private" (not downloadable from S3 directly). You can override it (making all newly uploaded S3 objects public, i.e. downloadable by anyone without authorization) with the following configuration option:
$wgFileBackends['s3']['privateWiki'] = false;
This is default for public wikis.
$wgImgAuthPath
Will add support for it. (this option was only recently added in MediaWiki 1.35)
$wgImgAuthPath
is now supported.
Thanks for the quick responses.
I discovered that the underlying issue that I was having had to do with Nginx rewrite. Request to img_auth.php
were not getting handled correctly.
That said, once I got it sorted out I tested $wgFileBackends['s3']['privateWiki'] = false;
and found that it doesn't seem to work, at least not in the way that I was expecting.
What I was expecting to have happened is that URLs for images would be represented in the non-secure form, without img_auth.php
, but that wasn't the case. It didn't seem to have any effect at all. I figured this would then allow me to use $wgUploadPath
to specify the absolute path to my CDN, but that doesn't seem to be the case.
Please see the file tests/travis/OldStyleAWSSettings.php
(inside this extension) for an example of how you can override the URL directly.
(specifically the lines that set $wgFileBackends['s3']['containerPaths']
and $wgLocalFileRepo
- you would need to copy them to LocalSettings.php
and fill them with the values that you want).
For this to work, you would need to remove $wgAWSBucketName
from LocalSettings.php (if this variable is missing, then Extension:AWS won't try to set $wgLocalFileRepo
itself).
The situation "viewing the wiki is restricted, but viewing the images is purposely not restricted" is an extremely rare usecase (99,9% wikis won't need this), so there is little point in supporting this setup out-of-the-box.
When I enable the extension all of the URLs for images change to
https://mysite.com/img_auth.php/filename.jpg
. For some reason, this breaks the images. I can access the images in S3 directly via the CloudFront distribution that I created but MediaWiki fails to load them correctly. Images that were upload both before and after the plugin was activated are failing, the former is not surprising but the latter is. They seem to have uploaded to S3 just fine, as I said I can access them directly. Also, it seems that the$wgUploadPath
and$wgImageAuthPath
config values are completely ignored by this extension. When the extension is on these variables have no impact on the image URLs.I am on the latest version of MediaWiki and this extension (master). Running on PHP 7.4