无法查看 aws s3 上的文件(403 Forbidden) [英] Unable to view files on aws s3 (403 Forbidden)
问题描述
我可以使用 django-storages 上传到 AWS S3 &boto3 但无法查看(403 Forbidden).
I am able to upload to AWS S3 using django-storages & boto3 but can't view (403 Forbidden).
并且我已成功设置存储桶并将静态文件传输到 Amazon S3.
And I have successfully set up buckets and transferred my static files to Amazon S3.
但是,当我尝试加载 S3 文件时,我收到了 403 Forbidden 消息.
However when I try to load the S3 files, I get a 403 Forbidden message.
这是我的 settings.py 文件中的内容:
Here is what is in my settings.py file:
# AWS s3 (image storage)
AWS_ACCESS_KEY_ID = 'XXX' # XXX replaced with the actual key
AWS_SECRET_ACCESS_KEY = 'YYY' # YYY replaced with the actual key
# sensitive data will be replaced with environment variables when page is public
AWS_STORAGE_BUCKET_NAME = 'diceart-static'
AWS_S3_CUSTOM_DOMAIN = 's3.eu-west-2.amazonaws.com/%s' % AWS_STORAGE_BUCKET_NAME
AWS_S3_OBJECT_PARAMETERS = {
'CacheControl': 'max-age=86400',
}
AWS_LOCATION = 'static'
AWS_DEFAULT_ACL = None
AWS_BUCKET_ACL = None
AWS_QUERYSTRING_AUTH = False
STATICFILES_DIRS = [
os.path.join(BASE_DIR, 'static'),
]
STATIC_URL = 'https://%s/%s/' % (AWS_S3_CUSTOM_DOMAIN, AWS_LOCATION)
STATICFILES_STORAGE = 'storages.backends.s3boto3.S3Boto3Storage'
DEFAULT_FILE_STORAGE = 'storages.backends.s3boto3.S3Boto3Storage'
所以当我跑步时
python manage.py collectstatic
一切正常!我可以看到我上传到 Amazon S3 的所有文件.我还可以看到程序化访问的时间,所以我知道一切正常.
Everything worked! And I could see all of my files uploaded to Amazon S3. I can also see the time of the programmatic access of this so I know it all worked.
这是我希望为 S3 文件提供服务的 html 模板文件的内容:
Here is the contents of my html template file where I'm hoping to serve the S3 files:
{% extends 'dice/base.html' %}
{% load crispy_forms_tags %}
{% load static %}
{% block content %}
<form method="post" enctype="multipart/form-data">
{% csrf_token %}
{{ form|crispy }}
{% if not uploaded_file_url %}
<button type="submit" class="btn btn-success mt-2">Upload</button>
{% endif %}
</form>
{% if uploaded_file_url %}
<p>File uploaded at: <a href="{{ uploaded_file_url }}">{{ uploaded_file_url }}</a></p>
<img src="{{ uploaded_file_url }}">
{% endif %}
<p><a href="{% url 'index' %}">Return to home</a></p>
<p>Have a picture of a cat:</p>
<p><img src="{% static 'cat.jpg' %}"></p>
{% endblock %}
这里的关键是倒数第二行:
The key bit here is the penultimate line:
<p><img src="{% static 'cat.jpg' %}"></p>
上面的代码与用户文件上传有关,我暂时不使用 S3.
The code above relates to user file uploads, which I am not doing using S3 for the time being.
现在当页面加载时它没有错误并且相关的行显示如下:
Now when the page loads it does so without error and the relevant line shows like this:
<img src="https://s3.eu-west-2.amazonaws.com/diceart-static/static/cat.jpg">
并根据我的 S3 存储桶检查它似乎匹配:
And checking this against my S3 bucket it appears to match:
https://s3.eu-west-2.amazonaws.com/diceart-static/static/cat.jpg
但是我收到 403 Forbidden 错误并且没有图像加载.
But I get a 403 Forbidden error and no image loads.
以下是我在 Chrome 开发者工具网络标头中看到的内容:
Here is what I can see in the Chrome developer tools network headers:
Request URL: https://s3.eu-west-2.amazonaws.com/diceart-static/static/cat.jpg
Request Method: GET
Status Code: 403 Forbidden
Remote Address: 52.95.148.64:443
Referrer Policy: no-referrer-when-downgrade
Provisional headers are shown
Referer: https://mysubdomain.pythonanywhere.com/upload2/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36
引用者是加载图像的页面,托管在 Pythonanywhere 上.
The referrer is the page which loads the image, hosted on Pythonanywhere.
现在我不确定的是我的 S3 存储桶的 url.我在网上查的到处都是这个结构
Now something that I am unsure of is the url of my S3 bucket. Everywhere I check online seems to have the structure
https://diceart-static.s3.amazonaws.com
而不是我所拥有的:
https://s3.eu-west-2.amazonaws.com/diceart-static
我认为这可能只是对 AWS url 结构的更改,而不是我上传时的问题,但也许值得一提.
I think this may just be a change to AWS's url structure and not the issue here as my uploads worked, but it is worth mentioning perhaps.
所以基本上我可以通过编程方式上传,但我无法使用 django-storages 和 boto3 查看我的 S3 文件.我在这里错过了什么?
So essentially I can upload programatically but I can't view my S3 files using django-storages and boto3. What am I missing here?
请注意,存储桶不允许公开访问,但我无法更改此设置,因为亚马逊不允许我(?!).我认为这无关紧要,因为我在这里输入了我的凭据,我认为这些凭据会作为标头发送给我以提供访问权限.
Note that there is no public access allowed for the bucket, but I can't change this because Amazon doesn't allow me to(?!). I didn't think this would matter as I'm putting in my credentials here which I thought would be sent as headers to give me access.
推荐答案
我认为这篇文章已经过时,所以有点误导.django-storages 文档不是很好,但是通过反复试验,我认为您真正想要的设置是:
I think that article is dated so is a bit misleading. django-storages docs aren't great, but from some trial and error, I think the settings you actually want are:
AWS_ACCESS_KEY_ID = '<enter key>'
AWS_SECRET_ACCESS_KEY = '<enter key>'
AWS_STORAGE_BUCKET_NAME = 'diceart-static'
AWS_S3_REGION_NAME = 'eu-west-2'
AWS_DEFAULT_ACL = None
AWS_S3_OBJECT_PARAMETERS = {
'CacheControl': 'max-age=86400',
}
AWS_LOCATION = 'static'
STATICFILES_DIRS = [
os.path.join(BASE_DIR, 'static'),
]
STATICFILES_STORAGE = 'storages.backends.s3boto3.S3Boto3Storage'
DEFAULT_FILE_STORAGE = 'storages.backends.s3boto3.S3Boto3Storage'
请注意,我已从设置中删除了 AWS_S3_CUSTOM_DOMAIN 和 STATIC_URL.django-storages 会自动为你构建.
Note that I've removed both AWS_S3_CUSTOM_DOMAIN and STATIC_URL from the settings. Those will be built automatically for you by django-storages.
通过这些设置,您应该仍然可以将您的存储桶权限保留为对公众不可用,并且它仍然可以工作,因为它使用了查询字符串身份验证.
With these settings, you should still be able to leave your bucket permissions as not available to public and it should still work because it uses querystring auth.
虽然上述方法应该可行,但我不确定这是公共网络应用程序的最佳实践".如果您能够取消选中阻止所有公共访问 框并将其关闭,则可以改用这些设置,并且不会使用(或不需要)查询字符串身份验证.
While the above should work, I'm not sure it's a "best practice" for a public web app. If you are able to uncheck the Block all public access box and turn that off, you can use these settings instead, and querystring auth won't be used (or needed).
# ... same as above
# Make default ACL publicly readable
AWS_DEFAULT_ACL = 'public-read'
# Turn off query auth, although not sure this is needed.
AWS_QUERYSTRING_AUTH = False
# ... same as above
这篇关于无法查看 aws s3 上的文件(403 Forbidden)的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
