Add :private config option

[biinari]

S3 buckets may be setup to have objects as public or private. Public objects can be viewed using their public_url but private objects will just get a 403 Access Denied response.

Use presigned_url if S3 objects are private. Configure this using new :private configuration key, set to true for enabling private object behaviour. Default is false, meaning objects will be assumed to be public.

[KerberosMorphy]

I've tried your solution, works very well except it seems to slow down the process.
For example, I have a wiki page with 9 images, it takes 20 seconds before something appears.
I calculate the time it takes to generate a presign URL from aws-cli, about 700 ms.

[biinari]

@KerberosMorphy that's peculiar. I have tried a wiki page with 9 images and it loads in ~230ms.
In my case I'm running on a 1vCPU, 512MB RAM fargate instance and relying on IAM role for credentials.

I've benchmarked a presign operation with the ruby SDK on a t1.micro and it takes on average 690 microseconds to run. In this case using locally supplied IAM credentials.

Have you checked the difference between running with private option enabled and disabled? Or do you have any further information to reproduce your slow results?

[KerberosMorphy]

@biinari I test it on our staging t2.small instance same as our production and pass through VPC to access S3 bucket.

We use 4.1.1 Redmine from sameersbn/redmine:4.1.1-2 docker image. We have a CloudFront in front of both (prod and staging).

On staging with disabled cache I got a TTFB of 18s for the wiki page itself with 9 thumbnails compare to 120ms without the plugin. So lets say 2s/image.

The request to the thumbnail (redirect 302) have a waiting of 1 to 5s, after that the image from the bucket came pretty quickly.

Wiki Page without thumbsnail or image have a waiting of 400ms,

Wiki Page with 2 images have a waiting of 4s. Still in our 2s/image.

If I time the execution when manually generating a pre-signed url from our server shell:

$ time aws s3 presign s3://bucket.s3.ca-central-1.amazonaws.com/attachments/2020/05/object.png
https//s3...

real    0m0.450s
user    0m0.380s
sys     0m0.060s

I've tried quickly without private before using your solution and I don't remember seeing any major issues with the waiting.

I'm pretty new in the domain so I don't necessarily know which information you could need. Don't hesitate to ask me more.

[antonhedstrom]

Thanks for creating this PR @biinari, it really helped me.

Would be great if it could be merged so we can at least try to avoid yet another fork ;) I am not experiencing the performance issues described above and don't think it should stop a merge, since it is configureable to be activated or not.

Happy coding!