No thumbnails and previews with S3 primary storage and encryption

gagaha · January 26, 2017, 5:06pm

Nextcloud version (eg, 10.0.2): 11.0.1
Operating system and version (eg, Ubuntu 16.04): 16.04
Apache or nginx version (eg, Apache 2.4.25): Apache/2.4.18
PHP version (eg, 5.6): 7.0.13
Is this the first time you’ve seen this error and can you replicate it?: No and I can replicate it

The issue you are facing:

I have trouble to get object storage with Ceph S3 as primary storage and Nextcloud server-side encryption for home storage enabled properly working. I can log in and everything is fine but when I upload files they won’t get a thumbnail and I can’t get a preview of them from the Nextcloud web interface. I tried several different file-types but none of them works. The sample files (which I suspect to be not encrypted) have thumbnails and previews. I already tried the setup steps in different order. First S3 as primary storage, then enabling encryption and then the other way around. But I always get the same behaviour. I noticed that files will get thumbnails in the trash bin. I get no log when I upload a file even when log is set to debug mode.
Is this a known issue or am I doing something wrong? Thanks for any help!

The output of your config.php file in /path/to/nextcloud :
{
“system”: {
“passwordsalt”: “REMOVED SENSITIVE VALUE”,
“secret”: “REMOVED SENSITIVE VALUE”,
“trusted_domains”: [
“localhost”
],
“datadirectory”: “/data”,
“logfile”: “/var/log/nextcloud.log”,
“loglevel”: “0”,
“overwrite.cli.url”: “http://localhost”,
“dbtype”: “mysql”,
“version”: “11.0.1.2”,
“dbname”: “nextcloud”,
“dbhost”: “nextcloud_db”,
“dbport”: “”,
“dbtableprefix”: “oc_”,
“dbuser”: “REMOVED SENSITIVE VALUE”,
“dbpassword”: “REMOVED SENSITIVE VALUE”,
“logtimezone”: “UTC”,
“installed”: true,
“instanceid”: “ocsaqvw7qdgx”,
“objectstore”: {
“class”: “OC\Files\ObjectStore\S3”,
“arguments”: {
“bucket”: “nextcloud-test-gabriel”,
“autocreate”: true,
“key”: “REMOVED SENSITIVE VALUE”,
“secret”: “REMOVED SENSITIVE VALUE”,
“hostname”: “REMOVED SENSITIVE VALUE”,
“use_ssl”: true,
“use_path_style”: true
}
}
}
}

The output of your Apache/nginx/system log in /var/log/____:
_:443 172.20.0.1 - - [26/Jan/2017:16:42:02 +0000] "GET /ocs/v2.php/apps/notifications/api/v2/notifications HTTP/1.1" 200 2122 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:50.0) Gecko/20100101 Firefox/50.0" _:443 172.20.0.1 - - [26/Jan/2017:16:42:02 +0000] "PUT /remote.php/webdav/serverwebui.png HTTP/1.1" 201 898 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:50.0) Gecko/20100101 Firefox/50.0" _:443 172.20.0.1 - - [26/Jan/2017:16:42:03 +0000] "PROPFIND /remote.php/webdav/serverwebui.png HTTP/1.1" 207 1760 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:50.0) Gecko/20100101 Firefox/50.0" _:443 172.20.0.1 - - [26/Jan/2017:16:42:04 +0000] "GET /index.php/apps/files/ajax/getstoragestats.php?dir=%2F HTTP/1.1" 200 1147 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:50.0) Gecko/20100101 Firefox/50.0"

gagaha · January 30, 2017, 9:31am

The steps below won’t work as expected. You’ll get proper previews and thumbnails but the reason for that is that encryption is not working. Files will be stored unencrypted after applying those steps.

I found a solution!
After finishing the nextcloud installation DON’T enable encryption or S3 as primary storage.
Create a new folder in the directory where your key-storage-root is located - by default your data directory. Then set www-data as owner:
mkdir /data/keys && chown -R www-data:www-data /data/keys/

Now change the key-storage-root to this folder:
sudo -u www-data php occ encryption:change-key-storage-root keys

Then change the key-storage-root to /
sudo -u www-data php occ encryption:change-key-storage-root /

Now enable primary storage with object store S3 (insert credentials in config.php) but don’t enable encryption yet. You may also remove the previously created ‘keys’ folder.

Change the key-storage-root again to /
sudo -u www-data php occ encryption:change-key-storage-root /

Now you may enable encryption and thumbnails and previews for new files should be ok.

hungnvz · March 5, 2017, 11:29am

I have the same problem.
But when i following this solution, Encryption not work. All file i uploaded in decrypted form.

gagaha · March 7, 2017, 10:23am

Yes you are right. I just found out that the steps I mentioned above seem to break the encryption completely. I’ll change my previous post about the “solution”.
I suspect the thumbnails/previews problem to be mime-type related. Since the files will not be stored with their original name and file-type-extension with S3 as primary storage, the file-type will not be recognized when the file is encrypted.
I tested S3 as external storage with encryption enabled and noticed that previews and thumbnails only work if the file has a file-extension (.jpg/.png …). The files on external storage S3 will get the same name and file-extension as uploaded.

dabuechler · March 22, 2017, 12:37am

I am also experiencing the same problem, and it’s holding up a deployment. When encryption is enabled on an S3 primary storage, the thumbnails appear to be broken in the sync clients, too. I’m guessing that it’s related.

Thank you for your time.

visbits · March 22, 2017, 3:20pm

Any update on this issue? Same problem as well.

tflidd · March 26, 2017, 2:03pm

@oparoz @bjoern
Is this related to the gallery app or core? Where can users open a bug report?

oparoz · March 26, 2017, 4:50pm

If you can’t get previews on the Files app, then it’s an issue with the Preview system in the server.
Please file a bug there, I suspect it behaves like external storage and needs some flag to enable previews.