end/officeconvert
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix AWS S3 startup for production deployments
Docker server image / build-and-push (push) Successful in 1m7s
Details

Browse Source 
Pass S3_REGION and S3_PUBLIC_USE_SSL through compose, treat blank public
SSL as unset, and skip CreateBucket when IAM only allows access to an
existing bucket.
This commit is contained in:
Elijah Duffy
2026-06-17 11:55:53 -07:00
parent 1756a4a0f8
commit 26cd0ef071
4 changed files with 13 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files
python/packages/server/src/officeconvert_server/config.py
+2 -2
View File
@@ -31,10 +31,10 @@ class ServerConfig:
def load_server_config() -> ServerConfig:
"""Load server configuration from environment variables."""
s3_secure = os.getenv("S3_USE_SSL", "false").lower() == "true"
public_ssl_env = os.getenv("S3_PUBLIC_USE_SSL")
public_ssl_env = os.getenv("S3_PUBLIC_USE_SSL", "").strip()
s3_public_secure = (
public_ssl_env.lower() == "true"
if public_ssl_env is not None
if public_ssl_env
else s3_secure
)
region_env = os.getenv("S3_REGION", "").strip()
python/packages/server/src/officeconvert_server/storage.py
+7 -4
View File
@@ -86,16 +86,19 @@ class S3Store:
def ensure_bucket(self, bucket_name: str) -> None:
"""Create a bucket if it does not already exist.
Uses CreateBucket only, not HeadBucket. Some S3-compatible stores
(including SeaweedFS) mishandle or over-restrict HeadBucket; the MinIO
client's bucket_exists() maps non-NoSuchBucket errors to failures.
Idempotent create covers the same contract with fewer round trips.
Tries CreateBucket first (idempotent on SeaweedFS and when the caller
owns the bucket). AWS production IAM often grants object access only on
a pre-provisioned bucket; in that case CreateBucket returns
AccessDenied even though HeadBucket succeeds.
"""
try:
self._client.make_bucket(bucket_name)
except S3Error as exc:
if exc.code in ("BucketAlreadyOwnedByYou", "BucketAlreadyExists"):
return
if exc.code in ("AccessDenied", "Forbidden"):
if self._client.bucket_exists(bucket_name):
return
raise
def presigned_put_url(self, bucket_name: str, object_key: str, *, ttl_seconds: int) -> str: