In SimpleOne, attachment storing is implemented with the usage of the external storage; in our system, we use the S3 protocol of Amazon fulfilled by MinIO service (of course you can use any other service).
Install and configure
This article describes the way how to install and configure the MinIO service. Description of any other services is out of scope.
Role required: admin.
To perform the installation, please complete the steps below:
- Provide a suitable virtual or hardware instance on a remote or local server.
- Download the appropriate package depending on your operating system, unpack and install it and refer to the MinIO documentation for further instructions.
Set the environment variables as follows:
Variable Value MINIO_HOST The host is used for MinIO and is available from outside. MINIO_PORT By default, MinIO uses port 9000 to listen for incoming connections. MINIO_ACCESS_KEY The access key will be used later to log in to the agent interface. MINIO_SECRET_KEY The secret key will be used later to log in to the agent interface. In a productive environment, we recommend keeping the MinIO instance on the dedicated FQDN secured by an SSL certificate and listening to port 443.
Log in to the instance, using the prerequisites set on the previous step, and navigate to the project root directory.
Execute this command:
php yii service/init-cloud-storage
When all the steps are completed, the storage is ready to use.
Configuring the storage
To configure the storage, use the agent interface hosted on the address set in the MINIO_HOST environment variable. To log in, use the prerequisites set in the MINIO_ACCESS_KEY, and MINIO_SECRET_KEY environment variables.
In this interface, you are able to:
- browse attachments
- create buckets.
It is not recommended to edit or delete attachments via this interface; the changes will not be relayed in the interface, resulting in collisions.
Available actions
You can copy an attachment from one bucket to another. Please pay attention to the necessary permissions:
- At least Read-Only permission for the source record.
- Read and Write permissions for the target record.
Rename and delete actions are also available. Attachments can be copied, renamed, and deleted only via API (the SimpleAttachment class).
Secure your attachments depending on your role structure using the ACL engine. For this, you need to:
- Create proper ACL rules covering attachment tables. Generally, these are the Attachments (sys_attachment) and Images (sys_image) tables.
- After that, secure single attachment records with ACL rules if necessary.
- Bind these rules with appropriate roles in your role structure.