Add S3_SECURE setting

It controls whether to use secure (TLS) connection to S3 or not.
2025-04-07 22:25:35 +00:00 · 2024-01-10 12:19:45 +02:00 · 2024-01-10 12:19:45 +02:00 · 42f88f4fb0
commit 42f88f4fb0
parent ae94648efd
5 changed files with 16 additions and 0 deletions
--- a/docker/.env.example
+++ b/docker/.env.example
@ -52,6 +52,7 @@ S3_ENDPOINT=
 S3_REGION=
 S3_SECRET_KEY=
 S3_TIMEOUT=60
+S3_SECURE=True
 SECRET_KEY=---
 SHELL_ENABLED=False
 SIGNAL_CLI_SOCKET=
--- a/hc/lib/s3.py
+++ b/hc/lib/s3.py
@ -34,6 +34,7 @@ def client() -> Minio:
            settings.S3_ACCESS_KEY,
            settings.S3_SECRET_KEY,
            region=settings.S3_REGION,
+            secure=settings.S3_SECURE,
            http_client=PoolManager(timeout=settings.S3_TIMEOUT),
        )

--- a/hc/settings.py
+++ b/hc/settings.py
@ -246,6 +246,7 @@ S3_ENDPOINT = os.getenv("S3_ENDPOINT")
 S3_REGION = os.getenv("S3_REGION")
 S3_BUCKET = os.getenv("S3_BUCKET")
 S3_TIMEOUT = envint("S3_TIMEOUT", "60")
+S3_SECURE = envbool("S3_SECURE", "True")

 # Integrations

--- a/templates/docs/self_hosted_configuration.html-fragment
+++ b/templates/docs/self_hosted_configuration.html-fragment
@ -59,6 +59,7 @@ from environment variables. Below is a list of variables it reads and uses.</p>
 <li><a href="#S3_REGION">S3_REGION</a></li>
 <li><a href="#S3_SECRET_KEY">S3_SECRET_KEY</a></li>
 <li><a href="#S3_TIMEOUT">S3_TIMEOUT</a></li>
+<li><a href="#S3_SECURE">S3_SECURE</a></li>
 <li><a href="#SECRET_KEY">SECRET_KEY</a></li>
 <li><a href="#SHELL_ENABLED">SHELL_ENABLED</a></li>
 <li><a href="#SIGNAL_CLI_SOCKET">SIGNAL_CLI_SOCKET</a></li>
@ -458,6 +459,10 @@ credentials to an S3-compatible service by setting the following environment var
 <h2 id="S3_TIMEOUT"><code>S3_TIMEOUT</code></h2>
 <p>Default: <code>60</code></p>
 <p>Timeout for individual S3 operations, in seconds.</p>
+<h2 id="S3_SECURE"><code>S3_SECURE</code></h2>
+<p>Default: <code>True</code></p>
+<p>Whether to use secure (TLS) connection to S3 or not. To
+use unencrypted HTTP requests, set this value to <code>False</code>.</p>
 <h2 id="SECRET_KEY"><code>SECRET_KEY</code></h2>
 <p>Default: <code>---</code></p>
 <p>A secret key used for cryptographic signing. Should be set to a unique,
--- a/templates/docs/self_hosted_configuration.md
+++ b/templates/docs/self_hosted_configuration.md
@ -61,6 +61,7 @@ from environment variables. Below is a list of variables it reads and uses.
 <li><a href="#S3_REGION">S3_REGION</a></li>
 <li><a href="#S3_SECRET_KEY">S3_SECRET_KEY</a></li>
 <li><a href="#S3_TIMEOUT">S3_TIMEOUT</a></li>
+<li><a href="#S3_SECURE">S3_SECURE</a></li>
 <li><a href="#SECRET_KEY">SECRET_KEY</a></li>
 <li><a href="#SHELL_ENABLED">SHELL_ENABLED</a></li>
 <li><a href="#SIGNAL_CLI_SOCKET">SIGNAL_CLI_SOCKET</a></li>
@ -661,6 +662,13 @@ Default: `60`

 Timeout for individual S3 operations, in seconds.

+## `S3_SECURE` {: #S3_SECURE }
+
+Default: `True`
+
+Whether to use secure (TLS) connection to S3 or not. To
+use unencrypted HTTP requests, set this value to `False`.
+
 ## `SECRET_KEY` {: #SECRET_KEY }

 Default: `---`