Nix fails to follow redirects

[yu-re-ka]

warning: error: unable to download 'https://cache.cyberchaos.dev/musl/nar/zgh590rfmf9gq1n02yvhja3zmvhxfryd.nar': HTTP error 307 (curl error: Couldn't connect to server); retrying in 334 ms

[yuka@m1:~]$ curl https://cache.cyberchaos.dev/musl/nar/l532wss41p018cx18k80zij2z6nxrdv7.nar -v
[...]
< HTTP/2 307 
< location: http://127.0.0.1:3900/attic/23d1d0a2-2b0e-46ab-8345-b1985b44161b.chunk?x-id=GetObject&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=GK448edf5de88c655c737e0e78%2F20230428%2Fgarage%2Fs3%2Faws4_request&X-Amz-Date=20230428T012509Z&X-Amz-Expires=600&X-Amz-SignedHeaders=host&X-Amz-Signature=94f291a7a3c78000f68248abbd1968a2d3d01105143e991162f221cee6607f40
< x-attic-cache-visibility: public
< content-length: 0
< date: Fri, 28 Apr 2023 01:25:09 GMT
< 
* Connection #0 to host cache.cyberchaos.dev left intact

[yu-re-ka]

Nevermind, just realized that for this to work my object storage has to be publicly reachable.

[adamcstephens]

It would be nice to use the local garage server or gateway, yet still have a way to point clients to find the downloads :)

[wlcx]

To leave a note for future travellers and expand on the above, if:

• You have attic server set up with a local s3-compatible backend such as garage
• You are seeing unable to download 'https://<server>/<cachename>/<whatever>.nar': HTTP error 307 (curl error: Couldn't connect to server) when trying to use nix with your cache configured
• Your attic config has storage.endpoint as something like http://localhost:<someport>

Your problem is that your s3 backend needs to be publicly accessible, and configured as a public url. Attic returns 307 redirects to presigned urls - you can see this by using curl, authorized with the netrc file attic use should have installed:

curl --netrc-file /home/$USER/.config/nix/netrc <the url from above>

You'll see a 307 redirect to the localhost url configured in storage.endpoint with a bunch of auth signatures.