No logs on Docker

[cecchisandrone]

Hi,

I'm trying to start it with docker-compose:

s3tftpd:
    image: hanazuki/s3tftpd:0.2.2
    command: s3tftpd -v 8 --debug-api s3://bucket
    environment:
      - AWS_ACCESS_KEY
      - AWS_SECRET_KEY
    restart: always
    ports:
      - "69:69/udp"

But it doesn't log anything. What can I do?

[hanazuki]

What if you actually perform some get or put using tftp client? The Docker image also uses socket activation, and so the server process starts up when the first request is received (this is not good as it's confusing).

Currently I don't use Docker to deploy s3tftpd, so thank you for your testing!

[cecchisandrone]

Client: tftp server GET file.txt .

Server:

root@cicd ~/cicd-infrastructure # ./up-dev.sh s3tftpd
Starting cicd-infrastructure_s3tftpd_1 ... done
Attaching to cicd-infrastructure_s3tftpd_1
s3tftpd_1                     | <2>S3URI must have 's3' scheme
cicd-infrastructure_s3tftpd_1 exited with code 1

It's strange because I put s3://. Btw should it be the full bucket name (with AWS region) or just the short name? Where should I specify the region in that case?

[hanazuki]

Ah, the image is made to work when invoked as docker run hanazuki/s3tftpd -v 8 s3://..., so if you run the image from Compose, the docker-compose.yml should look like this:

version: '3'

services:
  s3tftpd:
    image: hanazuki/s3tftpd:0.2.2
    command: -v 8 --debug-api s3://bucket  # <- NB this should not contain "s3tftpd"
    environment:
      - AWS_ACCESS_KEY
      - AWS_SECRET_KEY
      - AWS_REGION
    restart: always
    ports:
      - "69:69/udp"

[cecchisandrone]

Cool, I changed config according to your comment and it starts now, thanks! I only see the following problem now (I added AWS_REGION=eu-central-1 in docker-compose):

s3tftpd_1                     | <5>Listening on [::]:69
s3tftpd_1                     | <5>Starting server
s3tftpd_1                     | <6>RRQ 172.19.0.1:56017 file.txt
s3tftpd_1                     | <7>GetObject firmware /file.txt
s3tftpd_1                     | <4>S3: 172.19.0.1:56017 MissingRegion: could not find region 

[cecchisandrone]

I even tried to change AWS_REGION to AWS_DEFAULT_REGION (according to awscli doc). Since here you use Go probably AWS_REGION should be correct.

[hanazuki]

The problem reproduces at my end and after some debugging, I realized that the environment variables are not passed to s3tftpd process 😞 .

I just pushed a patch b4bce5240ad5148ae374d8de16e4b7a60e1d8370, which is now available as hanazuki/s3tftpd:testing on Docker Hub. Can you try that image?

[cecchisandrone]

It is taking env variables now. Error is Get "https://<>.s3.eu-central-1.amazonaws.com/file.txt": x509: certificate signed by unknown authority

What could it be? I'm able to download the file directly (it's public)

Take a look at this, seems to be the reason: https://github.com/aws/aws-sdk-go/issues/2322#issuecomment-443502850

[hanazuki]

You are right -- we need CA certificates.

I have implemented --single-port option 4963e15fe60c47cb81dfdf78eab3f3b8b739ef51 to make s3tftpd work behind NAT (Docker's port mapping is a NAT and TFTP uses a random port for each connection, which is not compatible with NAT) and now I can run the testing image with Docker Compose to actually serve files from S3.

Further feedback is so much appreciated as the trick of using a single port for all the connections is not compliant with the standards and I have no idea how interoperable it is with real-world implementations.

docker-compose.yml for reference:

version: '3'

services:
  s3tftpd:
    image: hanazuki/s3tftpd:testing
    command: -v 8 --debug-api s3://bucket
    environment:
      - AWS_ACCESS_KEY_ID
      - AWS_SECRET_ACCESS_KEY
      - AWS_REGION=ap-northeast-1
    restart: always
    ports:
      - "6669:69/udp"

[hanazuki]

Anyway, I have released v0.3.0 with all the changes mentioned in this thread.

[cecchisandrone]

It's working now with version 0.3.0. Thanks for your quick support!