Support for DNS style S3 Bucket naming #4681
Comments
|
@adevress, Minio doesn't support DNS style. The reason behind that is that we want Minio to be simple with the least possible knobs. Any reason why you need DNS style ? |
|
@vadmeste Some of the tools I would like to use, including some proprietary one support only DNS style naming unfortunatly. To my understanding, DNS style naming should not have a big cost in term of complexity for minio. Adding a simple parameter name of the style "--server-name=mys3.mydomain.com" would allow you to resolve any query of the style "mybucket.mys3.mydomain.com" by looking into the HTTP Host header no ? |
|
@adevress all the softwares/client-libs we have seen till now support a "path-style" config which would send requests as path-style instead of virtual host style. I suspect your software might also allow such a config, can you check? Would you mind sharing the name of the software? We can check too. |
|
The software itself: objectiveFS ( https://objectivefs.com/ ) log structure filesystem constructed on a S3 backend. |
|
objectiveFS does not support path-style: @adevress we'll discuss about how to go about this and let you know. |
|
@krishnasrinivas @vadmeste thanks guys |
|
@adevress for now we are not going to support virtual-host-style. All AWS-SDKs and most S3-clients we have seen support path-style. It would be easy for ObjectiveFS to support path-style if they use AWS-SDKs. |
|
@krishnasrinivas I understand your decision but this is regrettable. All other major S3 implementations including Amazon itself, RadosGW and Pithos support DNS Bucket styl. Path style addressing start to be marked as deprecated in several toolkit including the official AWS Java toolkit itself. I think minio should consider to implement it in future, I can contribute to that if needed. |
|
@adevress let me check if we can accept your contribution if you implement it. |
|
@adevress - we will have a discussion and update this thread. There are a few moving parts to consider before taking on this feature and doing it right. So give us some more time to get back to you about this. |
|
Would it be theoretically possible to do this at a reverse proxy (a la |
|
You can do it with nginx but the s3 protocol doesn't like url rewrites. |
Using a proxy or doing any path rewrite cause issue with the S3 auth system. |
|
DNS style bucket naming requires manual intervention on the part of user, IMO this defeats the simplicity we are aiming for with Minio. Minio is simple enough to deploy and forget with no more additional DNS entries to be made, /etc/hosts to managed (NOTE: which all will require root access on the host system). Not just that each bucket needs to be resolvable to the host system through DNS and present on the host system. (NOTE: Remove bucket requires removal of entries from the DNS as well). It is possible for Minio to implement this feature but at the cost of deployment complexity which is the main hindrance of not doing it, in-fact we had this working 2yrs+ ago - but we choose the path towards simplicity and not complicate Minio deployments. AWS S3 supports DNS style bucket naming because they choose to make bucket globally unique which is also a sort of a hindrance on users part that we would have to choose a unique bucketName and cannot use simple communicable names anymore. |
|
@harshavardhana I do agree in keeping Minio simple, it is pretty easy to get up and running without any manual steps. However for "public" buckets it is nice to have custom/vanity dns names that are user facing. i.e for static websites. One idea would allow the bucket to have an optional setting for a dns name and it would be up to the deployer to put a nginx proxy with the correct settings infront as well as changes on whatever dns server. I personally don't have a current use case though, just thought I would provide some input. Not really sure how hard that would be to implement or if it is even worth that added complexity. |
The only real mandatory user intervention is to add a "wildcard" DNS entry to the minio server. This is travial to do with most DNS provider nowadays, and not more complicated than a "standard" A entry which need anyway to be done for any decent usage.
I don't think you need to manage /etc/hosts nor root access to simply get the server name. A simple config parameter will do the job.
It is not possible to "cheat" with a nginx. |
We could potentially leverage DNS wildcard here but we would need to provide this like an optionally configured behavior, only available when you have a fully qualified DNS provider and a resolvable DNS pointing back to the server where minio is running or proxy. Additional problems you might have to know is that if you have a TLS requirement (which is probably the case here with publicly facing minio server) then bucket names such as
This i was thinking aloud when you do not have a DNS provider. From what i read it would mean that if you do have a fully qualified DNS and also a wildcard setup this feature can kick in.
This is correct assessment @adevress I personally think this is a niche requirement, proprietary implementations not supporting path style is perhaps not a good reason to do this as i explained forcing DNS style can lead to TLS errors with incompatible bucket names. Knowing all these details in a deployment is not only hard and in-fact wrong to expect from our users. With all this information internally we will asses the situation and take a call. Thanks for your inputs @adevress @rmb938 |
It is for this reason that the official S3 has a rule for that
I personnally think you should not see it as a feature to support a proprietary implementation. Amazon S3 supports v4 signature and DNS-style-bucket everywhere now and already started to deprecate path-style-bucket and v2 signature, all of their newer sites simply do not support it at all. This is going to impact minio if you do not support it. |
Yes correct i do know why it doesn't work - you should look at makeTargetURL() code on how minio-go handles for all S3 endpoints and providers intelligently based on all the current restrictions. This is the whole reason to implement our own SDKs since AWS SDKs do a poor job at automatically managing these gritty details.
This is an incorrect assessment i couldn't find anywhere that is listed as deprecated in their docs in-fact
But since you personally vested in this feature we will consider this for discussion - think through all the details of deployment and usage. Thanks for chiming in for your side of the argument here @adevress |
|
We discussed this internally and agreed to proceed on implementing DNS style bucket names
|
Awesome ! Thank you very much guys for your reactivity and your efficiency. |
|
I'm glad this feature was implemented but I'm curious... @adevress you said Amazon "already started to deprecate path-style-bucket". Do you have a link about that? I can't find anything. If anything it seems more S3 clients (e.g. ChronoSync) are supporting path style access, either making it the default or adding an option for it, because it makes using S3-compatible storage much easier. |
There was just an official announcement:
|
|
The latest news seems to be that they'll continue to support path-style routing for older buckets, which sounds like good news as far as continued tool/SDK support for path-style routing. (A bit annoying for anyone trying to write tools that work with both, though.)
https://aws.amazon.com/blogs/aws/amazon-s3-path-deprecation-plan-the-rest-of-the-story/ |
|
FWIW MinIO already supports DNS style buckets so either way, the AWS S3 plan seems fine either way. |
|
But not by default, right? And depending on what you're running Minio behind, there might be firewall / vhost / etc. issues with enabling it. |
|
What matters is there is a simple a way to enable it. |
|
This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs. |
1 similar comment
|
This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs. |
Simple question regarding Bucket addressing convention and minio 👍
AWS S3 defines two way to address a bucket : http://docs.aws.amazon.com/AmazonS3/latest/dev/UsingBucket.html
Path style. With something like http://server.adress/%(bucket)
Name / DNS style. With something like http://%(bucket).server.adress/
Is Minio supporting the DNS / Name style ? I do not find any documentation related to that.
If not, do you plan to support it in future ?
Adev
The text was updated successfully, but these errors were encountered: