songnguxyz
commented
4 months ago Closed songnguxyz closed 4 months ago
songnguxyz
commented
4 months ago songnguxyz
commented
4 months ago Know that this instance uses CloudFlare R2 and everything has been installed correctly through every step.
edwardspec
commented
4 months ago
Client error:GET https://[BUCKET_NAME].[CF_ACCOUNT_CODE].r2.cloudflarestorage.com/?prefix=%2Ftemp%2F&delimiter=&encoding-type=urlresulted in a403 Forbiddenresponse:
Are you sure that endpoint should contain bucket name?
Documentation here - https://developers.cloudflare.com/r2/api/s3/api/ - suggests https://<ACCOUNT_ID>.r2.cloudflarestorage.com with no bucket name in it.
songnguxyz
commented
4 months ago
Client error:GET https://[BUCKET_NAME].[CF_ACCOUNT_CODE].r2.cloudflarestorage.com/?prefix=%2Ftemp%2F&delimiter=&encoding-type=url`resulted in a403 Forbiddenresponse:`Are you sure that the endpoint should contain the bucket name? Documentation here - https://developers.cloudflare.com/r2/api/s3/api/ - suggests
https://<ACCOUNT_ID>.r2.cloudflarestorage.comwith no bucket name in it.
It's not supposed to do that, but the request in the exception does contain the bucket name while it shouldn't, and I also believe that I have set everything up correctly, within the latest stable version of MW.
edwardspec
commented
4 months ago Please try the following in LocalSettings.php:
$wgFileBackends['s3']['use_path_style_endpoint'] = true;Tried and it got the path right, but:
Aws\S3\Exception\S3Exception from line 196 of /var/www/songngu_stud_usr/data/www/songngu.studio/vendor/aws/aws-sdk-php/src/WrappedHttpHandler.php: Error executing "ListObjects" on "https://[CF_ACC_ID].r2.cloudflarestorage.com/[R2_BUCKET_NAME]/?prefix=metawiki%2Ftemp%2F&delimiter=&encoding-type=url"; AWS HTTP error: Client error: `GET https://[CF_ACC_ID].r2.cloudflarestorage.com/[R2_BUCKET_NAME]/?prefix=metawiki%2Ftemp%2F&delimiter=&encoding-type=url` resulted in a `403 Forbidden` response:
<?xml version="1.0" encoding="UTF-8"?><Error><Code>AccessDenied</Code><Message>Access Denied</Message></Error>
AccessDenied (client): Access Denied - <?xml version="1.0" encoding="UTF-8"?><Error><Code>AccessDenied</Code><Message>Access Denied</Message></Error>
#0 /var/www/songngu_stud_usr/data/www/songngu.studio/vendor/aws/aws-sdk-php/src/WrappedHttpHandler.php(97): Aws\WrappedHttpHandler->parseError(Array, Object(GuzzleHttp\Psr7\Request), Object(Aws\Command), Array)
#1 /var/www/songngu_stud_usr/data/www/songngu.studio/vendor/guzzlehttp/promises/src/Promise.php(204): Aws\WrappedHttpHandler->Aws\{closure}(Array)
#2 /var/www/songngu_stud_usr/data/www/songngu.studio/vendor/guzzlehttp/promises/src/Promise.php(169): GuzzleHttp\Promise\Promise::callHandler(2, Array, NULL)
#3 /var/www/songngu_stud_usr/data/www/songngu.studio/vendor/guzzlehttp/promises/src/RejectedPromise.php(42): GuzzleHttp\Promise\Promise::GuzzleHttp\Promise\{closure}(Array)
#4 /var/www/songngu_stud_usr/data/www/songngu.studio/vendor/guzzlehttp/promises/src/TaskQueue.php(48): GuzzleHttp\Promise\RejectedPromise::GuzzleHttp\Promise\{closure}()
#5 /var/www/songngu_stud_usr/data/www/songngu.studio/vendor/guzzlehttp/guzzle/src/Handler/CurlMultiHandler.php(159): GuzzleHttp\Promise\TaskQueue->run()
#6 /var/www/songngu_stud_usr/data/www/songngu.studio/vendor/guzzlehttp/guzzle/src/Handler/CurlMultiHandler.php(184): GuzzleHttp\Handler\CurlMultiHandler->tick()
#7 /var/www/songngu_stud_usr/data/www/songngu.studio/vendor/guzzlehttp/promises/src/Promise.php(248): GuzzleHttp\Handler\CurlMultiHandler->execute(true)
#8 /var/www/songngu_stud_usr/data/www/songngu.studio/vendor/guzzlehttp/promises/src/Promise.php(224): GuzzleHttp\Promise\Promise->invokeWaitFn()
#9 /var/www/songngu_stud_usr/data/www/songngu.studio/vendor/guzzlehttp/promises/src/Promise.php(269): GuzzleHttp\Promise\Promise->waitIfPending()
#10 /var/www/songngu_stud_usr/data/www/songngu.studio/vendor/guzzlehttp/promises/src/Promise.php(226): GuzzleHttp\Promise\Promise->invokeWaitList()
#11 /var/www/songngu_stud_usr/data/www/songngu.studio/vendor/guzzlehttp/promises/src/Promise.php(269): GuzzleHttp\Promise\Promise->waitIfPending()
#12 /var/www/songngu_stud_usr/data/www/songngu.studio/vendor/guzzlehttp/promises/src/Promise.php(226): GuzzleHttp\Promise\Promise->invokeWaitList()
#13 /var/www/songngu_stud_usr/data/www/songngu.studio/vendor/guzzlehttp/promises/src/Promise.php(62): GuzzleHttp\Promise\Promise->waitIfPending()
#14 /var/www/songngu_stud_usr/data/www/songngu.studio/vendor/aws/aws-sdk-php/src/AwsClientTrait.php(58): GuzzleHttp\Promise\Promise->wait()
#15 /var/www/songngu_stud_usr/data/www/songngu.studio/vendor/aws/aws-sdk-php/src/ResultPaginator.php(138): Aws\AwsClient->execute(Object(Aws\Command))
#16 /var/www/songngu_stud_usr/data/www/songngu.studio/vendor/aws/aws-sdk-php/src/functions.php(52): Aws\ResultPaginator->valid()
#17 /var/www/songngu_stud_usr/data/www/songngu.studio/vendor/aws/aws-sdk-php/src/functions.php(69): Aws\map(Object(Aws\ResultPaginator), Object(Closure))
#18 [internal function]: Aws\flatmap(Object(Aws\ResultPaginator), Object(Closure))
#19 /var/www/songngu_stud_usr/data/www/songngu.studio/extensions/AWS/s3/AmazonS3FileBackend.php(560): Generator->valid()
#20 /var/www/songngu_stud_usr/data/www/songngu.studio/includes/libs/filebackend/FileBackendStore.php(1105): AmazonS3FileBackend->doDirectoryExists('metawiki-sn_-lo...', 'metawiki/temp/', Array)
#21 /var/www/songngu_stud_usr/data/www/songngu.studio/includes/installer/DatabaseUpdater.php(1088): FileBackendStore->directoryExists(Array)
#22 /var/www/songngu_stud_usr/data/www/songngu.studio/maintenance/update.php(203): DatabaseUpdater->setFileAccess()
#23 /var/www/songngu_stud_usr/data/www/songngu.studio/maintenance/includes/MaintenanceRunner.php(703): UpdateMediaWiki->execute()
#24 /var/www/songngu_stud_usr/data/www/songngu.studio/maintenance/run.php(51): MediaWiki\Maintenance\MaintenanceRunner->run()
#25 {main}
GuzzleHttp\Exception\ClientException from line 113 of /var/www/songngu_stud_usr/data/www/songngu.studio/vendor/guzzlehttp/guzzle/src/Exception/RequestException.php: Client error: `GET https://[CF_ACC_ID].r2.cloudflarestorage.com/[R2_BUCKET_NAME]/?prefix=metawiki%2Ftemp%2F&delimiter=&encoding-type=url` resulted in a `403 Forbidden` response:
<?xml version="1.0" encoding="UTF-8"?><Error><Code>AccessDenied</Code><Message>Access Denied</Message></Error>
#0 /var/www/songngu_stud_usr/data/www/songngu.studio/vendor/guzzlehttp/guzzle/src/Middleware.php(69): GuzzleHttp\Exception\RequestException::create(Object(GuzzleHttp\Psr7\Request), Object(GuzzleHttp\Psr7\Response), NULL, Array, NULL)
#1 /var/www/songngu_stud_usr/data/www/songngu.studio/vendor/guzzlehttp/promises/src/Promise.php(204): GuzzleHttp\Middleware::GuzzleHttp\{closure}(Object(GuzzleHttp\Psr7\Response))
#2 /var/www/songngu_stud_usr/data/www/songngu.studio/vendor/guzzlehttp/promises/src/Promise.php(153): GuzzleHttp\Promise\Promise::callHandler(1, Object(GuzzleHttp\Psr7\Response), NULL)
#3 /var/www/songngu_stud_usr/data/www/songngu.studio/vendor/guzzlehttp/promises/src/TaskQueue.php(48): GuzzleHttp\Promise\Promise::GuzzleHttp\Promise\{closure}()
#4 /var/www/songngu_stud_usr/data/www/songngu.studio/vendor/guzzlehttp/guzzle/src/Handler/CurlMultiHandler.php(159): GuzzleHttp\Promise\TaskQueue->run()
#5 /var/www/songngu_stud_usr/data/www/songngu.studio/vendor/guzzlehttp/guzzle/src/Handler/CurlMultiHandler.php(184): GuzzleHttp\Handler\CurlMultiHandler->tick()
#6 /var/www/songngu_stud_usr/data/www/songngu.studio/vendor/guzzlehttp/promises/src/Promise.php(248): GuzzleHttp\Handler\CurlMultiHandler->execute(true)
#7 /var/www/songngu_stud_usr/data/www/songngu.studio/vendor/guzzlehttp/promises/src/Promise.php(224): GuzzleHttp\Promise\Promise->invokeWaitFn()
#8 /var/www/songngu_stud_usr/data/www/songngu.studio/vendor/guzzlehttp/promises/src/Promise.php(269): GuzzleHttp\Promise\Promise->waitIfPending()
#9 /var/www/songngu_stud_usr/data/www/songngu.studio/vendor/guzzlehttp/promises/src/Promise.php(226): GuzzleHttp\Promise\Promise->invokeWaitList()
#10 /var/www/songngu_stud_usr/data/www/songngu.studio/vendor/guzzlehttp/promises/src/Promise.php(269): GuzzleHttp\Promise\Promise->waitIfPending()
#11 /var/www/songngu_stud_usr/data/www/songngu.studio/vendor/guzzlehttp/promises/src/Promise.php(226): GuzzleHttp\Promise\Promise->invokeWaitList()
#12 /var/www/songngu_stud_usr/data/www/songngu.studio/vendor/guzzlehttp/promises/src/Promise.php(62): GuzzleHttp\Promise\Promise->waitIfPending()
#13 /var/www/songngu_stud_usr/data/www/songngu.studio/vendor/aws/aws-sdk-php/src/AwsClientTrait.php(58): GuzzleHttp\Promise\Promise->wait()
#14 /var/www/songngu_stud_usr/data/www/songngu.studio/vendor/aws/aws-sdk-php/src/ResultPaginator.php(138): Aws\AwsClient->execute(Object(Aws\Command))
#15 /var/www/songngu_stud_usr/data/www/songngu.studio/vendor/aws/aws-sdk-php/src/functions.php(52): Aws\ResultPaginator->valid()
#16 /var/www/songngu_stud_usr/data/www/songngu.studio/vendor/aws/aws-sdk-php/src/functions.php(69): Aws\map(Object(Aws\ResultPaginator), Object(Closure))
#17 [internal function]: Aws\flatmap(Object(Aws\ResultPaginator), Object(Closure))
#18 /var/www/songngu_stud_usr/data/www/songngu.studio/extensions/AWS/s3/AmazonS3FileBackend.php(560): Generator->valid()
#19 /var/www/songngu_stud_usr/data/www/songngu.studio/includes/libs/filebackend/FileBackendStore.php(1105): AmazonS3FileBackend->doDirectoryExists('metawiki-sn_-lo...', 'metawiki/temp/', Array)
#20 /var/www/songngu_stud_usr/data/www/songngu.studio/includes/installer/DatabaseUpdater.php(1088): FileBackendStore->directoryExists(Array)
#21 /var/www/songngu_stud_usr/data/www/songngu.studio/maintenance/update.php(203): DatabaseUpdater->setFileAccess()
#22 /var/www/songngu_stud_usr/data/www/songngu.studio/maintenance/includes/MaintenanceRunner.php(703): UpdateMediaWiki->execute()
#23 /var/www/songngu_stud_usr/data/www/songngu.studio/maintenance/run.php(51): MediaWiki\Maintenance\MaintenanceRunner->run()
#24 {main}If R2 responds "403 Forbidden" to a correct request to correct URL, you have something misconfigured on R2 side.
Does "aws s3 ls" command (from AWS CLI) work on your server? (it does exactly the same as this ListObjects operation)
songnguxyz
commented
4 months ago If R2 responds "403 Forbidden" to a correct request to the correct URL, you have something misconfigured on the R2 side.
Does the "aws s3 ls" command (from AWS CLI) work on your server? (it does the same as this ListObjects operation)
I may want to close the issue as I found out the reason:
Cloudflare somehow tries to block the request as either Hotlink Protection or Bot Fight Mode is enabled. Turn that off would fix this.
https://developers.cloudflare.com/waf/tools/scrape-shield/hotlink-protection/#enable-hotlink-protection