Merge pull request #17 from jasonyang-ee/fix/https

fix: support https connection to garage api
2025-09-13 16:49:32 +07:00 · 2025-09-01 15:57:43 +08:00 · 2025-09-01 15:57:43 +08:00 · aeedaaa72e
commit aeedaaa72e
parent b2bc905e3c 5f0f200c03
2 changed files with 22 additions and 5 deletions
--- a/8
+++ b/8
@ -21,6 +21,12 @@ RUN make

 FROM scratch

+COPY --from=alpine /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
+COPY --from=ghcr.io/tarampampam/curl:8.6.0 /bin/curl /bin/curl
 COPY --from=backend /app/main /bin/main

-CMD [ "/bin/main" ]
+HEALTHCHECK --interval=5m --timeout=2s --retries=3 --start-period=15s CMD [ \
+    "curl", "--fail", "http://127.0.0.1:3909" \
+]
+
+ENTRYPOINT [ "main" ]
--- a/backend/router/browse.go
+++ b/backend/router/browse.go
@ -331,15 +331,26 @@ func getS3Client(bucket string) (*s3.Client, error) {
 		return nil, fmt.Errorf("cannot get credentials for bucket %s: %w", bucket, err)
 	}

+	// Determine endpoint and whether to disable HTTPS
+	endpoint := utils.Garage.GetS3Endpoint()
+	disableHTTPS := !strings.HasPrefix(endpoint, "https://")
+
+	// AWS config without BaseEndpoint
 	awsConfig := aws.Config{
-		Credentials:  creds,
-		Region:       utils.Garage.GetS3Region(),
-		BaseEndpoint: aws.String(utils.Garage.GetS3Endpoint()),
+		Credentials: creds,
+		Region:      utils.Garage.GetS3Region(),
 	}

+	// Build S3 client with custom endpoint resolver for proper signing
 	client := s3.NewFromConfig(awsConfig, func(o *s3.Options) {
 		o.UsePathStyle = true
-		o.EndpointOptions.DisableHTTPS = true
+		o.EndpointOptions.DisableHTTPS = disableHTTPS
+		o.EndpointResolver = s3.EndpointResolverFunc(func(region string, opts s3.EndpointResolverOptions) (aws.Endpoint, error) {
+			return aws.Endpoint{
+				URL:           endpoint,
+				SigningRegion: utils.Garage.GetS3Region(),
+			}, nil
+		})
 	})

 	return client, nil