[bug]: "Access to the bucket 'uploads' is forbidden. Check permissions." on a new self hosted installation

Alt791350 commented 1 month ago

Is there an existing issue for this?

[X] I have searched the existing issues

Current behavior

When I setup a new self hosted instance (following the documentation at https://docs.plane.so/self-hosting/methods/docker-compose ), I can't upload a profile picture. Diving into the logs I see the following in the API logs:

Checking bucket...
Access to the bucket 'uploads' is forbidden. Check permissions.
Cache Cleared

All services are running (expect for migration), I can go into the Minio admin panel, log in and everything.

I expected the setup to automatically setup a Minio bucket or the documentation explaining how to setup Minio if it needs any manually setup.

Steps to reproduce

Follow the documentation at https://docs.plane.so/self-hosting/methods/docker-compose
Go through the initial setup.
Go to your profile setting.
Try upload a profile picture.
See the error "Something went wrong please try again later."
Check the API docker logs and see the Access to the bucket 'uploads' is forbidden. Check permissions..

Environment

Production

Browser

Mozilla Firefox

Variant

Self-hosted (community edition)

Version

master (commit 707570c)

OS

Ubuntu 22.04.3 (server) LTS

pablohashescobar commented 4 weeks ago

@Alt791350, are you using a minio server externally or the one that comes with the plane itself ?

Alt791350 commented 3 weeks ago

@pablohashescobar The one that comes with Plane itself.

akshat5302 commented 3 weeks ago

Hey @Alt791350,

Could you confirm if you're setting up using recommended edition or community-edition

Also, did you modify the plane.env for minio/aws specific variables? Please share your plane.env with us. Feel free to replace secrets with ***

Alt791350 commented 3 weeks ago

Hey @Alt791350,

Could you confirm if you're setting up using recommended edition or community-edition

Also, did you modify the plane.env for minio/aws specific variables? Please share your plane.env with us. Feel free to replace secrets with ***

Thanks for the reply. I'm using the community-edition. I will try the recommended edition as well.

This is the plane.env. I kept everything as default as possible to see if it was a user error or not. (the exposed passwords are default and I didn't change them, I wanted to make sure it worked before I changed variables)

I didn't change anything in the docker-compose.yml as well.

APP_RELEASE=stable

WEB_REPLICAS=1
SPACE_REPLICAS=1
ADMIN_REPLICAS=1
API_REPLICAS=1

NGINX_PORT=1245
WEB_URL=http://192.168.1.10:1245
DEBUG=0
SENTRY_DSN=
SENTRY_ENVIRONMENT=production
CORS_ALLOWED_ORIGINS=http://192.168.1.10:1245

#DB SETTINGS
PGHOST=plane-db
PGDATABASE=plane
POSTGRES_USER=plane
POSTGRES_PASSWORD=plane
POSTGRES_DB=plane
POSTGRES_PORT=5432
PGDATA=/var/lib/postgresql/data
DATABASE_URL=

# REDIS SETTINGS
REDIS_HOST=plane-redis
REDIS_PORT=6379
REDIS_URL=

# Secret Key
SECRET_KEY=****

# DATA STORE SETTINGS
USE_MINIO=1
AWS_REGION=
AWS_ACCESS_KEY_ID=access-key
AWS_SECRET_ACCESS_KEY=secret-key
AWS_S3_ENDPOINT_URL=http://plane-minio:9000
AWS_S3_BUCKET_NAME=uploads
MINIO_ROOT_USER=access-key
MINIO_ROOT_PASSWORD=secret-key
BUCKET_NAME=uploads
FILE_SIZE_LIMIT=5242880

# Gunicorn Workers
GUNICORN_WORKERS=1

# UNCOMMENT `DOCKER_PLATFORM` IF YOU ARE ON `ARM64` AND DOCKER IMAGE IS NOT AVAILABLE FOR RESPECTIVE `APP_RELEASE`
# DOCKER_PLATFORM=linux/amd64

Alt791350 commented 3 weeks ago

@akshat5302 I just tested it with the recommended edition and that seems to work fine. I'm not getting the error in the docker logs of the plane-api container.

Checking bucket...
Bucket 'uploads' does not exist. Creating bucket...
Bucket 'uploads' created successfully.
Public read access policy set for bucket 'uploads'.

Alt791350 commented 3 weeks ago

I also just tried the preview branch but I got the same error as on the master branch.

Checking bucket...
Access to the bucket 'uploads' is forbidden. Check permissions.

Alt791350 commented 3 weeks ago

So I just tried installing Plane community edition on my Windows development system to see if that works and that worked immediatly out of the box.

The server that has the issue is a Ubuntu 22.04.3 server. Is there anything special I have to do on this OS to make it work?

sypion commented 1 week ago

Hi there! I just started experiencing this issue after recently updating. How can I switch to the "recommended edition" to see if this resolves it?

Edit: Resolved the issue by bringing back the AWS variables into my .env and docker-compose.

moiz-qureshi commented 1 week ago

Hi there! I just started experiencing this issue after recently updating. How can I switch to the "recommended edition" to see if this resolves it?

Edit: Resolved the issue by bringing back the AWS variables into my .env and docker-compose.

Can you clarify what you mean bu bringing back AWS variables? I am experiencing the exact same thing.

sypion commented 1 week ago

Hi there! I just started experiencing this issue after recently updating. How can I switch to the "recommended edition" to see if this resolves it? Edit: Resolved the issue by bringing back the AWS variables into my .env and docker-compose.

Can you clarify what you mean bu bringing back AWS variables? I am experiencing the exact same thing.

Ensure these variables are in your plane.env file:

AWS_REGION=
AWS_ACCESS_KEY_ID=access-key
AWS_SECRET_ACCESS_KEY=secret-key
AWS_S3_ENDPOINT_URL=http://plane-minio:9000
AWS_S3_BUCKET_NAME=uploads

And these environment variables are in your docker-compose.yaml:

    - AWS_REGION=${AWS_REGION:-""}
    - AWS_ACCESS_KEY_ID=${AWS_ACCESS_KEY_ID:-"access-key"}
    - AWS_SECRET_ACCESS_KEY=${AWS_SECRET_ACCESS_KEY:-"secret-key"}
    - AWS_S3_ENDPOINT_URL=${AWS_S3_ENDPOINT_URL:-http://plane-minio:9000}
    - AWS_S3_BUCKET_NAME=${AWS_S3_BUCKET_NAME:-uploads}
    - MINIO_ROOT_USER=${MINIO_ROOT_USER:-"access-key"}
    - MINIO_ROOT_PASSWORD=${MINIO_ROOT_PASSWORD:-"secret-key"}
    - BUCKET_NAME=${BUCKET_NAME:-uploads}

makeplane / plane