Minio doesn't work

[onedr0p]

I'm trying to connect to my local minio instance but this is not able to connect. I get an error but the popup message is truncated.

I'm able to connect to my minio instance using other Android apps like FolderSync.

[tomekit]

Thanks for creating this issue. Can I ask you to have a look in the logs section (please find instructions how to access logs: #16 (comment)) and post the error message?

Are you trying to reach your Minio over http or https? Currently only https is supported.
Another issue might be related to SSL cert alone. Are you using self-signed / untrusted certificate? If, so it will be required to import it to your Android device: https://proxyman.io/posts/2020-09-29-Install-And-Trust-Self-Signed-Certificate-On-Android-11
Enforcing secure SSL connection is the default route that we've taken. Perhaps on local/internal networks we could loosen up the security a bit given the user consent.

We will be looking to support (around ~Jan 2023):

• plaintext HTTP for MinIO (only for non-public IPs).
• implement dynamic SSL certificate pinning which would allow you to whitelist the "unknown" certificate.

[onedr0p]

I'm using SSL on a subdomain e.g. https://s3.domain.tld with a valid certificate from Acme.

I see what the issue is. You are adding the bucket name as a subdomain to the s3 URL so it looks like this https://bucket.s3.domain.tld which isn't a good idea. This requires a wildcard cert, wildcard DNS and special settings in minio which not many people do.

I feel like this would have been caught if you tested this locally, I find it weird to paywall a broken feature like this, was it ever tested?

[tomekit]

You're indeed right. Behind the scenes we're using AWS S3 SDK client which by default uses the DNS addressing instead of path style addressing.

We haven't captured this issue, as we're using MinIO over IPv4 which actually makes AWS client to use path style addressing.

This is something we shall be able to fix relatively fast. I will let you know personally once it's fixed.

Speaking of bugs and pricing model. Software has bugs regardless if it's free or behind the payment.
You've managed to find a bug in an area which happen to be available for Pro users.
Our pricing model was subject to change over the time and we've gradually been loosening it up.
Initially only Backblaze was free (this whole idea started with Backblaze and their B2 API, but we've decided to migrate to S3 protocol) and the remaining back-ends were requiring Pro previously.

In Sep/Oct 2022 we've decided to make all major external back-ends free and only charge for self-hosted or custom S3.
If we've made it free from start then we wouldn't be able to make it "paid" feature later, even though as you say perhaps there wasn't enough QA in that area.
We're small team, PhotoSync app is just a start of something bigger. Our recent focus is cross-platform S3Drive: https://play.google.com/store/apps/details?id=com.s3.drive.file.explorer.storage.cloud.manager (currently pretty experimental and low featured). Over the next few months we plan actually to merge back all PhotoSync features into S3Drive which will eventually supersede PhotoSync.

I would like you to thank you again for reporting this. Please find the promo code for Pro version over e-mail which certainly isn't worth your effort, but hopefully some small gratitude.

[onedr0p]

Thanks for the response. I didn't mean to sound crass, I know software isn't bug free as I'm sure there are probably more. It was just discouraging seeing this feature locked behind a paywall that wasn't properly implemented or tested well. Anyways hope you get it all sorted.

I'll be sure to update my review on the play store shortly.

[tomekit]

This is now fixed with the release of 1.5.8 which is now live. In other words, by default path-based addressing is used for MinIO.
I hope this resolves your issue.

[onedr0p]

Hi, I'm still having issues connecting to the bucket I created.

The method I used to create the bucket, username and password I documented here.

https://onedr0p.github.io/home-ops/notes/s3-buckets.html#minio

Logs from photosync

[2022-12-31 16:34:19]: AmazonClientException: com.amazonaws.services.s3.model.AmazonS3Exception: Method Not Allowed (Service: Amazon S3; Status Code: 405; Error Code: 405 Method Not Allowed; Request ID: null), S3 Extended Request ID: null
[2022-12-31 16:34:03]: AmazonClientException: com.amazonaws.services.s3.model.AmazonS3Exception: Method Not Allowed (Service: Amazon S3; Status Code: 405; Error Code: 405 Method Not Allowed; Request ID: null), S3 Extended Request ID: null
[2022-12-31 16:18:35]: Finished ScheduleFileUploadsWorker
[2022-12-31 16:18:35]: Iterating upload check, lastExecutionFileUploadedCount: 0
[2022-12-31 16:18:35]: ScheduleFileUploadsWorker::doWork
[2022-12-31 16:18:35]: BatteryNotLowWorker: triggerDiffSyncLast20Minutes
[2022-12-31 16:14:35]: Finished ScheduleFileUploadsWorker
[2022-12-31 16:14:35]: Iterating upload check, lastExecutionFileUploadedCount: 0
[2022-12-31 16:14:35]: ScheduleFileUploadsWorker::doWork

[tomekit]

Hi, I didn't have much time today to follow the instructions exactly, however I've created test user and bucket using your IAM policy on MinIO sandbox and I can connect using PhotoSync just fine.

Access key ID: test-bucket-write-2
Secret: test-bucket-write-2
Bucket name: test-bucket-write-2
Endpoint: https://play.minio.io

Policy: https://play.minio.io:9443/policies/dGVzdC1idWNrZXQtd3JpdGUtMg==

I will have a look on your instructions in more detail next year !

[tomekit]

Hi again and Happy New Year !

I've tried the script on some test instance:

tomek@tomek-hp:/tmp$ mc alias set minio "https://miniotest.syncaware.com" "minioadmin" "minioadmin"
Added `minio` successfully.

tomek@tomek-hp:/tmp$ export BUCKET_NAME="test-bucket-local-minio"
tomek@tomek-hp:/tmp$ export BUCKET_PASSWORD="$(openssl rand -hex 20)"
tomek@tomek-hp:/tmp$ mc admin user add minio "${BUCKET_NAME}" "${BUCKET_PASSWORD}"
Added user `test-bucket-local-minio` successfully.

tomek@tomek-hp:/tmp$ mc mb "minio/${BUCKET_NAME}"
Bucket created successfully `minio/test-bucket-local-minio`.

tomek@tomek-hp:/tmp$ cat <<EOF > /tmp/user-policy.json
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Action": [
                "s3:ListBucket",
                "s3:PutObject",
                "s3:GetObject",
                "s3:DeleteObject"
            ],
            "Effect": "Allow",
            "Resource": ["arn:aws:s3:::${BUCKET_NAME}/*", "arn:aws:s3:::${BUCKET_NAME}"],
            "Sid": ""
        }
    ]
}
EOF
tomek@tomek-hp:/tmp$ mc admin policy add minio "${BUCKET_NAME}-private" /tmp/user-policy.json
Added policy `test-bucket-local-minio-private` successfully.

tomek@tomek-hp:/tmp$ mc admin policy set minio "${BUCKET_NAME}-private" "user=${BUCKET_NAME}"
Policy `test-bucket-local-minio-private` is set on user `test-bucket-local-minio`

I've then printed out the: ${BUCKET_PASSWORD} and used below details in the app:

Access key ID: test-bucket-local-minio
Secret: df7dc7b448e7a30d57848db8ea051cf0e4fd8b72
Bucket name: test-bucket-local-minio
Endpoint: https://miniotest.syncaware.com

Everything went fine. I've then removed: s3:PutObject from the policy and when tried to upload file got this:

[2023-01-02 10:14:13]: Exception, file: /storage/emulated/0/Pictures/IMG_20221206_114131.jpg; AmazonS3Exception: com.amazonaws.services.s3.model.AmazonS3Exception: Access Denied. (Service: Amazon S3; Status Code: 403; Error Code: AccessDenied; Request ID: 1736765D1A86AD77), S3 Extended Request ID:

Is it possible that: 405 Method Not Allowed is coming from some proxy you might be using?

Perhaps proxy doesn't let the PUT HTTP method?

[tomekit]

Since I haven't heard from you for quite a while, I am going to close this issue for now.