Support `Virtual Hosted Style` s3 complicated storage servers.

[zzjin]

Description

When using latest 3.0.0 release. I cannot set storage s3 to use "Vitual Hosted Style" accessed.

config:

storage:
  s3:
    accesskey: xxx
    secretkey: xxx
    region: no-use
    regionendpoint: https://bucket-name.oss-ap-1.internal.example.com
    bucket: bucket-name

I have one s3 complicated storage server that onyl support access buckets via Virtual Hosted Style access.

When push to registry, shows this error:

s3aws: SecondLevelDomainForbidden: Please use virtual hosted style to access.

Change config to neither:

    regionendpoint: https://bucket-name.oss-ap-1.internal.example.com
    bucket: ''

nor

    regionendpoint: https://oss-ap-1.internal.example.com
    bucket: 'bucket-name'

all do not work.

How can I configure storage s3 to use Virtual Hosted Style access? Maybe related to: https://github.com/distribution/distribution/pull/3131

---

Also tested with latest codes using redirect middleware, but still not work

storage:
  s3:
    accesskey: xxx
    secretkey: xxx
    region: no-use
    regionendpoint: https://oss-ap-1.internal.example.com
    bucket: bucket-name
middleware:
  storage:
    - name: redirect
      options:
        baseurl: https://bucket-name.oss-ap-1.internal.example.com

[milosgajdos]

That should be enabled by setting forcepathstyle in S3 driver to false, which should be the default 🤔

https://github.com/distribution/distribution/blob/ba2841b0ce1e09ab7cacddc0a003d5daac5c5a85/registry/storage/driver/s3-aws/s3.go#L208

[zzjin]

That should be enabled by setting forcepathstyle in S3 driver to false, which should be the default 🤔

https://github.com/distribution/distribution/blob/ba2841b0ce1e09ab7cacddc0a003d5daac5c5a85/registry/storage/driver/s3-aws/s3.go#L208

There seems be some kind of bug when enable this:

storage:
  s3:
    region: no-use
    regionendpoint: https://bucket-name.oss-ap-1.internal.example.com
    bucket: bucket-name
    forcepathstyle: false

witch result in error still exists.

It seems that registry push objects to s3://bucket-name/bucket-name/${regsitry_info}, but still get object from s3://bucket-name/${registry_name}.

As I cannot set bucket to empty string, there is no more method to test it.

[ben-wangz]

That should be enabled by setting forcepathstyle in S3 driver to false, which should be the default 🤔 https://github.com/distribution/distribution/blob/ba2841b0ce1e09ab7cacddc0a003d5daac5c5a85/registry/storage/driver/s3-aws/s3.go#L208

There seems be some kind of bug when enable this:

storage:
  s3:
    region: no-use
    regionendpoint: https://bucket-name.oss-ap-1.internal.example.com
    bucket: bucket-name
    forcepathstyle: false

witch result in error still exists.

It seems that registry push objects to s3://bucket-name/bucket-name/${regsitry_info}, but still get object from s3://bucket-name/${registry_name}.

As I cannot set bucket to empty string, there is no more method to test it.

Is this issue solved? I have the same problem.

[dxg0716]

me too, I have the same problem. so aws-sdk-go version is too low?

[milosgajdos]

If you are setting regionendpoint, you must set forcepathstyle: true

See here:

• https://github.com/distribution/distribution/issues/4528#issuecomment-2531732819

[InterFelix]

If you are setting regionendpoint, you must set forcepathstyle: true

This seems to not be true as per @evanebb 's reply in #4534 . I have a usecase where my S3 storage (Huawei Oceanstor Pacific) setup only supports VirtualHost style access. However, setting forcepathstyle to false explicitly still results in the registry using PathStyle (at least for some requests). I'm using v2.8.3 through Harbor. I've validated the application of the config by switching the config (with forcepathstyle = false) to a different bucket. The switch to the new bucket worked, but PathStyle is still used.

[milosgajdos]

I'm using v2.8.3 through Harbor.

Yeha, that wont work with 2.8.3. You need to switch to v3