Image Upload - 403 Forbidden - Using Recommended S3 Package


#1

I’m running Ghost on a DigitalOcean droplet and followed the recommended Ghost documentation package to use s3 to store my image files, but I have run into some issues despite following the packages documentation and other resources that have helped to debug certain scenarios with limited success. Can anyone help with debugging the source of this bug and steps I might try to resolve? I would love to learn that there is a roadmap to build native support for s3 image storage.

Provided below is my issue setup and process:

Debug Information:

  • OS: Ubuntu, v18.04
  • Node Version: v8.10.0
  • NPM Version: 3.5.2
  • Ghost-CLI Version: 1.9.9
  • Ghost Version: 2.16.3
  • Environment: production

I have run into a very strange bug that I can’t figure out the source of, that was never the problem with a ghost instance I built a few months back.

Setup

I followed the steps of documentation, as well as this commonly referenced blogpost it.ismy.fun/2018/08/26/ghost-custom-storage-module/ and this forum post s3-storage-adapter-and-ghost-2-9-1, but still receive the following errors:

Client-Side:

Uncaught TypeError: Cannot read property 'url' of undefined in vendor.min at editor run

Server-Side:

AccessDenied: Access Denied
    at Request.extractError (/var/www/ghost/content/adapters/storage/s3/node_modules/aws-sdk/lib/services/s3.js:585:35)
    at Request.callListeners (/var/www/ghost/content/adapters/storage/s3/node_modules/aws-sdk/lib/sequential_executor.js:106:20)
    at Request.emit (/var/www/ghost/content/adapters/storage/s3/node_modules/aws-sdk/lib/sequential_executor.js:78:10)
    at Request.emit (/var/www/ghost/content/adapters/storage/s3/node_modules/aws-sdk/lib/request.js:683:14)
    at Request.transition (/var/www/ghost/content/adapters/storage/s3/node_modules/aws-sdk/lib/request.js:22:10)
    at AcceptorStateMachine.runTo (/var/www/ghost/content/adapters/storage/s3/node_modules/aws-sdk/lib/state_machine.js:14:12)
    at /var/www/ghost/content/adapters/storage/s3/node_modules/aws-sdk/lib/state_machine.js:26:10
    at Request.<anonymous> (/var/www/ghost/content/adapters/storage/s3/node_modules/aws-sdk/lib/request.js:38:9)
    at Request.<anonymous> (/var/www/ghost/content/adapters/storage/s3/node_modules/aws-sdk/lib/request.js:685:12)
    at Request.callListeners (/var/www/ghost/content/adapters/storage/s3/node_modules/aws-sdk/lib/sequential_executor.js:116:18)
    at Request.emit (/var/www/ghost/content/adapters/storage/s3/node_modules/aws-sdk/lib/sequential_executor.js:78:10)
    at Request.emit (/var/www/ghost/content/adapters/storage/s3/node_modules/aws-sdk/lib/request.js:683:14)
    at Request.transition (/var/www/ghost/content/adapters/storage/s3/node_modules/aws-sdk/lib/request.js:22:10)
    at AcceptorStateMachine.runTo (/var/www/ghost/content/adapters/storage/s3/node_modules/aws-sdk/lib/state_machine.js:14:12)
    at /var/www/ghost/content/adapters/storage/s3/node_modules/aws-sdk/lib/state_machine.js:26:10
    at Request.<anonymous> (/var/www/ghost/content/adapters/storage/s3/node_modules/aws-sdk/lib/request.js:38:9)

I started by installing this package to /var/www/ghost , which left node_modules folder, which I copied the contents of to /var/www/ghost/content/adapters/storage/s3 . From there I noticed that the folder files only contain a skeleton of the package and that the node_module are missing, so I tried as the forum post mentions to run npm install in .../storage/s3 , but ran into the errors:

npm WARN deprecated travis-deploy-once@5.0.11: We recommend to use Travis Build Stages instead
npm WARN deprecated circular-json@0.3.3: CircularJSON is in maintenance only, flatted is its successor.
npm ERR! Linux 4.15.0-36-generic
npm ERR! argv "/usr/bin/node" "/usr/bin/npm" "install"
npm ERR! node v8.10.0
npm ERR! npm  v3.5.2

npm ERR! Cannot read property 'target' of null

Since I couldn’t build the proper node_modules , I copied the rest of the folder from the initial npm install to a node_modules folder located in .../storage/s3 .

From here, I updated the config.production.json file with the following code:

"paths": {
    "contentPath": "/var/www/ghost/content/"
},
"storage": {
  "active": "s3",
  "s3": {
    "accessKeyId": "*access-key*",
    "secretAccessKey": "*secret-key*",
    "region": "us-east-1",
    "bucket": "*my-app*-blog",
    "forcePathStyle": true
  }
},

The only change to the contentPath was a trailing / , which was suggested by the blogpost. I tried with and without and had the same error.

With the config modified, I updated the bucket policy as stated in the documentation,

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Principal": "*",
            "Action": "s3:ListBucket",
            "Resource": "arn:aws:s3:::*my-app*-blog"
        },
        {
            "Sid": "VisualEditor1",
            "Effect": "Allow",
            "Principal": "*",
            "Action": [
                "s3:PutObject",
                "s3:GetObject",
                "s3:PutObjectVersionAcl",
                "s3:DeleteObject",
                "s3:PutObjectAcl"
            ],
            "Resource": "arn:aws:s3:::*my-app*-blog/*"
        }
    ]
}

closed #2

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.