Hello, I've encountered a misconfiguration with Minio that prevents me from creating projects. As a result, I can't create my first project, and it practically renders the system unusable.

It's something I'd be willing to explain how to fix (I clearly fixed it in my deployment). I'll leave the details here?, or how would you like to continue?

Hi root, just so I get this correctly, you were facing issues after fresh deployment when creating the project?

And if there is suggestion to make this template better, that's always welcome! Feel free to ping me here

Thank you!

Hi, the problem is very simple, the env of the main service is pointing to the internal url of the minio service, therefore, when creating a project and uploading the image (the first one at least, I didn't upload pictures in the profile creation, but it will probably have the same problem) , it gives a connection error to Minio (because Minio is clearly not accessible from my browser).

The solution would be to make Minio public, with a classic https URL (pointing to port 9000) and then use that URL in the service minio env (changing it from http://minio.internal:9000 to https://new-url.railway)

How to reproduce it:

Basically just deploy the template from scratch, and try to create the first project, it will give you an error when connection to minio.

Solution:

Make minio public accessible and use that public url instead of the internal one.

Be careful with:

Potential security implications of making minio public (I didn't check in detail if the requests to minio contained sensitive data such as credentials)

Feel free to ask me any further questions.

BTW, i just deploy it to test it, but in this couple of days I will use it in a couple of my projects, so I will look into it with a little more care.

hey root, thanks for the explanation and steps to reproduce. Sorry didnt get time yesterday, let me look into it today.

On making minio publicly accessible -> let me look into the docs, there should be a better way to handle this in prod.

hey root, your hunch was right

the plane service's s3 endpoint was pointing at the internal minio url, so the browser could never reach it for the upload. fix was two things:

• made minio public and pointed AWS_S3_ENDPOINT_URL at that public https url instead of the internal one
• added MINIO_API_CORS_ALLOW_ORIGIN set to the plane url so the browser's cross-origin upload is allowed

and on the security -> public endpoint here wont make the files public. the bucket stays private and everything goes through short-lived presigned urls, so nobody can just read/write stuff off a url, uploads work end to end now

appreciate you flagging it 🙌

have updated the template as well, so feel free to deploy it now :)

Thank you very much, I'll review it, deploy it again, and if I have any comments I'll let you know.

Is it normal for this project to be using 3 GB of RAM?

Yeah, it seems that the Docker image contains a lot of microservices and therefore it's on the heavier side.