gotosocial/docs/configuration/storage.md

# Storage

## Settings

```yaml
##########################
##### STORAGE CONFIG #####
##########################

# Config pertaining to storage of user-created uploads (videos, images, etc).

# String. Type of storage backend to use.
# Examples: ["local", "s3"]
# Default: "local" (storage on local disk)
storage-backend: "local"

# String. Directory to use as a base path for storing files.
# Make sure whatever user/group gotosocial is running as has permission to access
# this directory, and create new subdirectories and files within it.
# Only required when running with the local storage backend.
# Examples: ["/home/gotosocial/storage", "/opt/gotosocial/datastorage"]
# Default: "/gotosocial/storage"
storage-local-base-path: "/gotosocial/storage"

# String. API endpoint of the S3 compatible service.
# Only required when running with the s3 storage backend.
#
# If your endpoint contains the bucket name, all files will be put into a
# subdirectory with the name of `storage-s3-bucket`
#
# Examples: ["minio:9000", "s3.nl-ams.scw.cloud", "s3.us-west-002.backblazeb2.com"]
# Default: ""
storage-s3-endpoint: ""

# Bool. If data stored in S3 should be proxied through GoToSocial instead of redirecting to a presigned URL.
#
# Default: false
storage-s3-proxy: false
# Bool. Use SSL for S3 connections.
#
# Only set this to 'false' when testing locally.
#
# Default: true
storage-s3-use-ssl: true

# String. Access key part of the S3 credentials.
# Consider setting this value using environment variables to avoid leaking it via the config file
# Only required when running with the s3 storage backend.
# Examples: ["AKIAJSIE27KKMHXI3BJQ","miniouser"]
# Default: ""
storage-s3-access-key: ""
# String. Secret key part of the S3 credentials.
# Consider setting this value using environment variables to avoid leaking it via the config file
# Only required when running with the s3 storage backend.
# Examples: ["5bEYu26084qjSFyclM/f2pz4gviSfoOg+mFwBH39","miniopassword"]
# Default: ""
storage-s3-secret-key: ""
# String. Name of the storage bucket.
#
# If you have already encoded your bucket name in the storage-s3-endpoint, this
# value will be used as a directory containing your data.
#
# The bucket must exist prior to starting GoToSocial
#
# Only required when running with the s3 storage backend.
# Examples: ["gts","cool-instance"]
# Default: ""
storage-s3-bucket: ""
```

### AWS S3 Bucket Configuration

#### Bucket Created
GoToSocial by default creates signed URL's which means we dont need to change anything major on the policies of the bucket.
Here are the steps to follow for bucket creation

1. Login to AWS -> select S3 as service.
2. click Create Bucket
3. Provide a unique name and avoid adding "." in the name
4. Do not change the public access settings (Let them be on "block public access" mode)

#### AWS ACCESS KEY Configuration

1. In AWS Console -> IAM (under Security, Identity, & Compliance)
2. Add a user with programatic api's access
3. We recommend setting up below listed policy, replace <bucketname> with your buckets name

```json
{
    "Statement": [
        {
            "Effect": "Allow",
            "Action": "s3:ListAllMyBuckets",
            "Resource": "arn:aws:s3:::*"
        },
        {
            "Effect": "Allow",
            "Action": "s3:*",
            "Resource": [
                "arn:aws:s3:::<bucket_name>",
                "arn:aws:s3:::<bucket_name>/*"
            ]
        }
    ]
}
```

4. Provide the values in config above
  
  * storage-s3-endpoint -> should be your bucket location say `s3.ap-southeast-1.amazonaws.com`
  * storage-s3-access-key -> Access key you obtained for the user created above
  * storage-s3-secret-key -> Secret key you obtained for the user created above
  * storage-s3-bucket -> Keep this as the <bucketname> that you created just now.


#### Migrating data from local storage to AWS s3 bucket

This step is only needed if you have a running instance. Ignore this if you are setting up a fresh instance. 
We have provided [s3cmd](https://github.com/s3tools/s3cmd) command for the copy operation.

```bash
s3cmd sync --add-header="Cache-Control:public, max-age=315576000, immutable" ./ s3://<bucket name>
```


### Migrating between backends

Currently, migration between backends is freely possible. To do so, you only
have to move the directories (and their contents) between the different implementations.

One way to do so, is by utilizing the [MinIO
Client](https://docs.min.io/docs/minio-client-complete-guide.html). The
migration process might look something like this:

```bash
# 1. Change the GoToSocial configuration to the new backend (and restart)
# 2. Register the S3 Backend with the MinIO client
mc alias set scw https://s3.nl-ams.scw.cloud
# 3. Mirror the folder structure to the remote bucket
mc mirror /gotosocial/storage/ scw/example-bucket/
# 4. Aaaand we're done!
```

If you want to migrate back, switch around the arguments of the `mc mirror` command.
Update docs with better config + installation instructions (#300) * start reworking some documentation * fuller documentation + better docs structure 2021-11-14 16:54:23 +01:00			`# Storage`

			`## Settings`

			```yaml
			`##########################`
			`##### STORAGE CONFIG #####`
			`##########################`

			`# Config pertaining to storage of user-created uploads (videos, images, etc).`
Implement Cobra CLI tooling, Viper config tooling (#336) * start pulling out + replacing urfave and config * replace many many instances of config * move more stuff => viper * properly remove urfave * move some flags to root command * add testrig commands to root * alias config file keys * start adding cli parsing tests * reorder viper init * remove config path alias * fmt * change config file keys to non-nested * we're more or less in business now * tidy up the common func * go fmt * get tests passing again * add note about the cliparsing tests * reorganize * update docs with changes * structure cmd dir better * rename + move some files around * fix dangling comma 2021-12-07 13:31:39 +01:00
			`# String. Type of storage backend to use.`
			`# Examples: ["local", "s3"]`
			`# Default: "local" (storage on local disk)`
			`storage-backend: "local"`

			`# String. Directory to use as a base path for storing files.`
			`# Make sure whatever user/group gotosocial is running as has permission to access`
[feature] S3 support (#674) * feat: vendor minio client * feat: introduce storage package with s3 support * feat: serve s3 files directly this saves a lot of bandwith as the files are fetched from the object store directly * fix: use explicit local storage in tests * feat: integrate s3 storage with the main server * fix: add s3 config to cli tests * docs: explicitly set values in example config also adds license header to the storage package * fix: use better http status code on s3 redirect HTTP 302 Found is the best fit, as it signifies that the resource requested was found but not under its presumed URL 307/TemporaryRedirect would mean that this resource is usually located here, not in this case 303/SeeOther indicates that the redirection does not link to the requested resource but to another page * refactor: use context in storage driver interface 2022-07-03 12:08:30 +02:00			`# this directory, and create new subdirectories and files within it.`
			`# Only required when running with the local storage backend.`
Implement Cobra CLI tooling, Viper config tooling (#336) * start pulling out + replacing urfave and config * replace many many instances of config * move more stuff => viper * properly remove urfave * move some flags to root command * add testrig commands to root * alias config file keys * start adding cli parsing tests * reorder viper init * remove config path alias * fmt * change config file keys to non-nested * we're more or less in business now * tidy up the common func * go fmt * get tests passing again * add note about the cliparsing tests * reorganize * update docs with changes * structure cmd dir better * rename + move some files around * fix dangling comma 2021-12-07 13:31:39 +01:00			`# Examples: ["/home/gotosocial/storage", "/opt/gotosocial/datastorage"]`
			`# Default: "/gotosocial/storage"`
Remove unnecessary storage config variables (#344) * rewire config to not use extraneous serve vars * rename 'file' to 'local' for consistency * use Type and Size again 2021-12-20 15:19:53 +01:00			`storage-local-base-path: "/gotosocial/storage"`
[feature] S3 support (#674) * feat: vendor minio client * feat: introduce storage package with s3 support * feat: serve s3 files directly this saves a lot of bandwith as the files are fetched from the object store directly * fix: use explicit local storage in tests * feat: integrate s3 storage with the main server * fix: add s3 config to cli tests * docs: explicitly set values in example config also adds license header to the storage package * fix: use better http status code on s3 redirect HTTP 302 Found is the best fit, as it signifies that the resource requested was found but not under its presumed URL 307/TemporaryRedirect would mean that this resource is usually located here, not in this case 303/SeeOther indicates that the redirection does not link to the requested resource but to another page * refactor: use context in storage driver interface 2022-07-03 12:08:30 +02:00
			`# String. API endpoint of the S3 compatible service.`
			`# Only required when running with the s3 storage backend.`
[docs] document the migration between local and s3 (#692) 2022-07-08 12:07:03 +02:00			`#`
			`# If your endpoint contains the bucket name, all files will be put into a`
			# subdirectory with the name of `storage-s3-bucket`
			`#`
[feature] S3 support (#674) * feat: vendor minio client * feat: introduce storage package with s3 support * feat: serve s3 files directly this saves a lot of bandwith as the files are fetched from the object store directly * fix: use explicit local storage in tests * feat: integrate s3 storage with the main server * fix: add s3 config to cli tests * docs: explicitly set values in example config also adds license header to the storage package * fix: use better http status code on s3 redirect HTTP 302 Found is the best fit, as it signifies that the resource requested was found but not under its presumed URL 307/TemporaryRedirect would mean that this resource is usually located here, not in this case 303/SeeOther indicates that the redirection does not link to the requested resource but to another page * refactor: use context in storage driver interface 2022-07-03 12:08:30 +02:00			`# Examples: ["minio:9000", "s3.nl-ams.scw.cloud", "s3.us-west-002.backblazeb2.com"]`
			`# Default: ""`
			`storage-s3-endpoint: ""`

[feature] S3: add config flag to proxy S3 media (#1014) * S3: add config value "proxy" for not redirecting Signed-off-by: Mara Sophie Grosch <littlefox@lf-net.org> * S3: document new config value "proxy" * S3: add new config value "proxy" to test scripts Signed-off-by: Mara Sophie Grosch <littlefox@lf-net.org> 2022-11-11 12:03:18 +01:00			`# Bool. If data stored in S3 should be proxied through GoToSocial instead of redirecting to a presigned URL.`
			`#`
			`# Default: false`
			`storage-s3-proxy: false`
[docs] Add s3 ssl variable to storage docs (#1294) * update storage docs * add use ssl to example/config.yaml 2023-01-08 06:28:58 -05:00			`# Bool. Use SSL for S3 connections.`
			`#`
			`# Only set this to 'false' when testing locally.`
			`#`
			`# Default: true`
			`storage-s3-use-ssl: true`
[feature] S3: add config flag to proxy S3 media (#1014) * S3: add config value "proxy" for not redirecting Signed-off-by: Mara Sophie Grosch <littlefox@lf-net.org> * S3: document new config value "proxy" * S3: add new config value "proxy" to test scripts Signed-off-by: Mara Sophie Grosch <littlefox@lf-net.org> 2022-11-11 12:03:18 +01:00
[feature] S3 support (#674) * feat: vendor minio client * feat: introduce storage package with s3 support * feat: serve s3 files directly this saves a lot of bandwith as the files are fetched from the object store directly * fix: use explicit local storage in tests * feat: integrate s3 storage with the main server * fix: add s3 config to cli tests * docs: explicitly set values in example config also adds license header to the storage package * fix: use better http status code on s3 redirect HTTP 302 Found is the best fit, as it signifies that the resource requested was found but not under its presumed URL 307/TemporaryRedirect would mean that this resource is usually located here, not in this case 303/SeeOther indicates that the redirection does not link to the requested resource but to another page * refactor: use context in storage driver interface 2022-07-03 12:08:30 +02:00			`# String. Access key part of the S3 credentials.`
			`# Consider setting this value using environment variables to avoid leaking it via the config file`
			`# Only required when running with the s3 storage backend.`
			`# Examples: ["AKIAJSIE27KKMHXI3BJQ","miniouser"]`
			`# Default: ""`
			`storage-s3-access-key: ""`
			`# String. Secret key part of the S3 credentials.`
			`# Consider setting this value using environment variables to avoid leaking it via the config file`
			`# Only required when running with the s3 storage backend.`
			`# Examples: ["5bEYu26084qjSFyclM/f2pz4gviSfoOg+mFwBH39","miniopassword"]`
			`# Default: ""`
			`storage-s3-secret-key: ""`
			`# String. Name of the storage bucket.`
			`#`
			`# If you have already encoded your bucket name in the storage-s3-endpoint, this`
			`# value will be used as a directory containing your data.`
			`#`
			`# The bucket must exist prior to starting GoToSocial`
			`#`
			`# Only required when running with the s3 storage backend.`
			`# Examples: ["gts","cool-instance"]`
			`# Default: ""`
			`storage-s3-bucket: ""`
Implement Cobra CLI tooling, Viper config tooling (#336) * start pulling out + replacing urfave and config * replace many many instances of config * move more stuff => viper * properly remove urfave * move some flags to root command * add testrig commands to root * alias config file keys * start adding cli parsing tests * reorder viper init * remove config path alias * fmt * change config file keys to non-nested * we're more or less in business now * tidy up the common func * go fmt * get tests passing again * add note about the cliparsing tests * reorganize * update docs with changes * structure cmd dir better * rename + move some files around * fix dangling comma 2021-12-07 13:31:39 +01:00			```
[docs] document the migration between local and s3 (#692) 2022-07-08 12:07:03 +02:00
[docs] AWS S3 config details added (#1300) * AWS S3 config details added It was interesting to note that since presigned urls are used buckets dont need to be exposed publically. this was an interesting change compared to other mastodon specific s3 bucket guides hence documented here for correct directions. * Update storage.md 1. Added AWS identified to make it clear its aws specific. 2. Adjusted text around data migration * updation as requested Refining the doc as per request. 2023-01-06 19:02:40 +05:30			`### AWS S3 Bucket Configuration`

			`#### Bucket Created`
			`GoToSocial by default creates signed URL's which means we dont need to change anything major on the policies of the bucket.`
			`Here are the steps to follow for bucket creation`

			`1. Login to AWS -> select S3 as service.`
			`2. click Create Bucket`
			`3. Provide a unique name and avoid adding "." in the name`
			`4. Do not change the public access settings (Let them be on "block public access" mode)`

			`#### AWS ACCESS KEY Configuration`

			`1. In AWS Console -> IAM (under Security, Identity, & Compliance)`
			`2. Add a user with programatic api's access`
			`3. We recommend setting up below listed policy, replace <bucketname> with your buckets name`

			```json
			`{`
			`"Statement": [`
			`{`
			`"Effect": "Allow",`
			`"Action": "s3:ListAllMyBuckets",`
			`"Resource": "arn:aws:s3:::*"`
			`},`
			`{`
			`"Effect": "Allow",`
			`"Action": "s3:*",`
			`"Resource": [`
			`"arn:aws:s3:::<bucket_name>",`
			`"arn:aws:s3:::<bucket_name>/*"`
			`]`
			`}`
			`]`
			`}`
			```

			`4. Provide the values in config above`

			* storage-s3-endpoint -> should be your bucket location say `s3.ap-southeast-1.amazonaws.com`
			`* storage-s3-access-key -> Access key you obtained for the user created above`
			`* storage-s3-secret-key -> Secret key you obtained for the user created above`
			`* storage-s3-bucket -> Keep this as the <bucketname> that you created just now.`



			`#### Migrating data from local storage to AWS s3 bucket`

			`This step is only needed if you have a running instance. Ignore this if you are setting up a fresh instance.`
			`We have provided [s3cmd](https://github.com/s3tools/s3cmd) command for the copy operation.`

			```bash
			`s3cmd sync --add-header="Cache-Control:public, max-age=315576000, immutable" ./ s3://<bucket name>`
			```


[docs] document the migration between local and s3 (#692) 2022-07-08 12:07:03 +02:00			`### Migrating between backends`

			`Currently, migration between backends is freely possible. To do so, you only`
			`have to move the directories (and their contents) between the different implementations.`

			`One way to do so, is by utilizing the [MinIO`
			`Client](https://docs.min.io/docs/minio-client-complete-guide.html). The`
			`migration process might look something like this:`

			```bash
			`# 1. Change the GoToSocial configuration to the new backend (and restart)`
			`# 2. Register the S3 Backend with the MinIO client`
			`mc alias set scw https://s3.nl-ams.scw.cloud`
			`# 3. Mirror the folder structure to the remote bucket`
			`mc mirror /gotosocial/storage/ scw/example-bucket/`
			`# 4. Aaaand we're done!`
			```

			If you want to migrate back, switch around the arguments of the `mc mirror` command.