how to generate share url permanent?

[timchenxiaoyu]

now ,the url only 7 minute valid，how to change this?

[nitisht]

@timchenxiaoyu Presigned URLs are valid only for a maximum of 7 days. This is mandated by S3 Spec (Ref: http:https://docs.aws.amazon.com/AmazonS3/latest/API/sigv4-query-string-auth.html).

For permanent sharing you can consider buckets policies - https://docs.minio.io/docs/minio-client-complete-guide#policy

[deekoder]

Please lets us know if you have any other questions.

[timchenxiaoyu]

even I set buckets policies, I cannot still get permanent url,how to solve this?

[nitisht]

Once you set the policy on a bucket like

mc policy public myminio/bucketname

You can use the URL: miniohost:9000/bucketname/object to access the object

[timchenxiaoyu]

#mc policy public minio/test

Access permission for minio/test is set to public

#wget http:https://10.39.0.45:9000/test/types-of-mounts.png

it's ok now .ths.
I send url wget http:https://10.39.0.45:9000/minio/test/types-of-mounts.png before,so i'm wrong

[nitisht]

You need to remove minio, so the URL should be

http:https://10.39.0.45:9000/test/types-of-mounts.png

[timchenxiaoyu]

yes, you are right ,ths

[FoxUSA]

@nitisht
I don't know if this is a counter example or a different method. If I use the s3.getSignedUrl I can generate urls that are longer than 7 days.
JS Code

var urlParams= {"Bucket":"opennote","Key":"ovoay3yj5uky.png","Expires":77760000}
s3.getSignedUrl("getObject",urlParams,function(err,data){console.dir(err);console.dir(data)})

This gives a signature of ?AWSAccessKeyId=tests&Expires=1595816882&Signature=HQbjEiQUrqW87ShZSjVVOeHnz0o%3D
Which is valid for 900 days from now.

S3 and Minio accepts this signature and display the object

Why does it work?

[harshavardhana]

S3 and Minio accepts this.
Why does it work?

This is a presigned URL but it is not permanent @FoxUSA

[FoxUSA]

@harshavardhana
Its way over 7 days. I could set it to 90,000 days or 999,999,999 days. So it essentially is permanent.

Signature

?AWSAccessKeyId=tests&Expires=86401517971856&Signature=OcP7k9X%2FSa4ZS6Ql65p0FOsyNfs%3D

Epoch time sets that signature to expire in the year 2739925.

[harshavardhana]

Its way over 7 days. I could set it to 90,000 days or 999,999,999 days. So it essentially is permanent.

Signature

?AWSAccessKeyId=tests&Expires=86401517971856&Signature=OcP7k9X%2FSa4ZS6Ql65p0FOsyNfs%3D
Epoch time sets that signature to expire in the year 2739925.

Yes only in AWS Signature v2 (legacy), AWS Signature v4 has limited it to maximum of 7 days.

[Arkemlar]

It would be good if somebody point out in docs that polycy prefix should not start with slash / when you type it in via web intrerface, got fooled by that slash hard before checked policies via mc.

[harshavardhana]

It would be good if somebody point out in docs that polycy prefix should not start with slash / when you type it in via web intrerface, got fooled by that slash hard before checked policies via mc.

UI is being revamped you won't be allowed to type incorrect values.

[woodgear]

how should i do this via sdk(js)?

mc policy public myminio/bucketname

[kannappanr]

@woodgear Here is the policy

 {
  "Statement": [
   {
    "Action": [
     "s3:GetBucketLocation",
     "s3:ListBucket",
     "s3:ListBucketMultipartUploads"
    ],
    "Effect": "Allow",
    "Principal": {
     "AWS": "*"
    },
    "Resource": "arn:aws:s3:::mybucketname",
    "Sid": ""
   },
   {
    "Action": [
     "s3:AbortMultipartUpload",
     "s3:DeleteObject",
     "s3:GetObject",
     "s3:ListMultipartUploadParts",
     "s3:PutObject"
    ],
    "Effect": "Allow",
    "Principal": {
     "AWS": "*"
    },
    "Resource": "arn:aws:s3:::mybucketname/*",
    "Sid": ""
   }
  ],
  "Version": "2012-10-17"
 }

Replace mybucketname with the appropriate bucket name

[modbender]

All I did create a new location in nginx something like /bucketname and in the block add root to the local path for the bucket folder.