diff options
| -rw-r--r-- | docker-compose.yml | 9 | ||||
| -rw-r--r-- | profile-avatar-policy.json | 15 |
2 files changed, 21 insertions, 3 deletions
diff --git a/docker-compose.yml b/docker-compose.yml index f0c716d..c9bd126 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -45,13 +45,16 @@ services: environment: MINIO_ROOT_USER: ${MINIO_ROOT_USER} MINIO_ROOT_PASSWORD: ${MINIO_ROOT_PASSWORD} + volumes: + - ./profile-avatar-policy.json:/config/profile-avatar-policy.json:ro entrypoint: > /bin/sh -c " - mc alias set myminio http://minio:9000 \$MINIO_ROOT_USER \$MINIO_ROOT_PASSWORD && + mc alias set myminio http://minio:9000 $MINIO_ROOT_USER $MINIO_ROOT_PASSWORD && mc mb --ignore-existing myminio/storage && echo 'Created storage bucket' && - mc anonymous set myminio/storage/users/*/profile/avatar_*.webp download && - echo 'Applied custom profile-image policy' && + # Set the JSON policy directly on the bucket + mc anonymous set-json /config/profile-avatar-policy.json myminio/storage && + echo 'Applied anonymous bucket policy' && echo 'MinIO initialization complete' " restart: "no" diff --git a/profile-avatar-policy.json b/profile-avatar-policy.json new file mode 100644 index 0000000..7f2ec04 --- /dev/null +++ b/profile-avatar-policy.json @@ -0,0 +1,15 @@ +{ + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Action": [ + "s3:GetObject" + ], + "Resource": [ + "arn:aws:s3:::storage/users/*/profile/avatar_*.webp" + ], + "Principal": "*" + } + ] +} |