Why Configure File Uploads?
Setting up file storage enables important features in Formbricks, including:- Adding images to surveys (questions, backgrounds, logos)
- ‘File Upload’ and ‘Picture Selection’ question types
- Project logos and branding
- Custom organization logos in emails
- Survey background images from uploads
If file uploads are not configured, the above features will be disabled and users won’t be able to upload
files or images.
Storage Options
Formbricks supports S3-compatible storage with two main configurations:1. External S3-Compatible Storage
Use cloud storage services for production deployments:- AWS S3 (Amazon Web Services)
- DigitalOcean Spaces
- Wasabi
- StorJ
- Any S3-compatible storage service
2. Bundled MinIO Storage (Self-Hosted)
Important: MinIO requires a dedicated subdomain to function properly. You must configure a subdomain
like
files.yourdomain.com
that points to your server. MinIO will not work without this subdomain setup.- Runs in a Docker container alongside Formbricks
- Provides full S3 API compatibility
- Requires minimal additional configuration
Configuration Methods
Option 1: One-Click Setup Script
When using the Formbricks installation script, you’ll be prompted to configure file uploads:External S3-Compatible Storage
Choose this option for AWS S3, DigitalOcean Spaces, or other cloud providers:Bundled MinIO Storage
Choose this option for a self-hosted S3-compatible storage that runs alongside Formbricks:Critical Requirement: Before proceeding, ensure you have configured a subdomain (e.g.,
files.yourdomain.com
) that points to your server’s IP address. MinIO will not function without this
subdomain setup.- Generate secure MinIO credentials
- Create the storage bucket
- Configure SSL certificates for the files subdomain
- Configure Traefik routing for the subdomain
Option 2: Manual Environment Variables
Add the following environment variables to yourdocker-compose.yml
or .env
file:
For S3-Compatible Storage
AWS S3 vs. third‑party S3: When using AWS S3 directly, leave
S3_ENDPOINT_URL
unset and
set S3_FORCE_PATH_STYLE=0
(or omit). For most third‑party S3‑compatible providers (e.g., MinIO,
DigitalOcean Spaces, Wasabi, Storj), you typically must set S3_ENDPOINT_URL
to the provider’s endpoint and
set S3_FORCE_PATH_STYLE=1
.Provider-Specific Examples
AWS S3
DigitalOcean Spaces
MinIO (Self-Hosted)
Compatibility requirement: S3 POST Object support
Formbricks uses the S3 POST Object operation (presigned POST) for uploads. Your object storage provider must support this operation. Providers that do not implement POST Object are not compatible with Formbricks uploads. For example, Backblaze B2’s S3‑compatible API currently does not support POST Object and therefore will not work with Formbricks file uploads.Bundled MinIO Setup
When using the bundled MinIO option through the setup script, you get:Automatic Configuration
- Storage Service: MinIO running in a Docker container
- Credentials: Auto-generated secure access keys
- Bucket: Automatically created
formbricks-uploads
bucket - SSL: Automatic certificate generation for the files subdomain
Access Information
After setup, you’ll see:DNS Requirements
Critical for MinIO: The subdomain configuration is mandatory for MinIO to function. Without proper
subdomain DNS setup, MinIO will fail to work entirely.
- Main domain:
yourdomain.com
points to your server IP - Files subdomain:
files.yourdomain.com
points to your server IP (this is required for MinIO to work) - Firewall: Ports 80 and 443 are open in your server’s firewall
- DNS propagation: Allow time for DNS changes to propagate globally
Docker Compose Configuration
For manual setup, update yourdocker-compose.yml
:
Security Considerations
IAM User Permissions
When using AWS S3 or S3-compatible storage providers, ensure that the IAM user associated with yourS3_ACCESS_KEY
and S3_SECRET_KEY
credentials has the necessary permissions to interact with your bucket. Without proper permissions, file uploads and retrievals will fail.
The following IAM policy grants the minimum required permissions for Formbricks to function correctly. This policy is also used in the bundled MinIO integration:
Replace
your-bucket-name
with your actual S3 bucket name. The first statement grants object-level
operations (upload, retrieve, and delete files), while the second statement allows listing bucket contents.S3 Bucket Policy
In addition to IAM user permissions, configure your S3 bucket with a least-privileged bucket policy to ensure security:- Scoped Public Read Access: Only allow public read access to specific prefixes where needed
- Restricted Write Access: Only your Formbricks instance should be able to upload files
- CORS Configuration: Allow requests from your Formbricks domain
Replace
your-bucket-name
with your actual bucket name and arn:aws:iam::123456789012:user/formbricks-service
with the ARN of your IAM user. This policy allows public read access only to specific paths while restricting write access to your Formbricks service user.MinIO Security
When using bundled MinIO:- Credentials are auto-generated and secure
- Access is restricted through Traefik proxy
- CORS is automatically configured
- Rate limiting is applied to prevent abuse
- A bucket policy with the least privileges is applied to the bucket
Troubleshooting
Common Issues
Files not uploading:- Check that S3 credentials are correct
- Verify bucket exists and is accessible
- Ensure bucket permissions allow uploads from your server
- Check network connectivity to S3 endpoint
- We use S3 presigned URLs for uploads. Make sure your CORS policy allows presigned URL uploads; otherwise, uploads will fail. Some providers (e.g., Hetzner’s object storage) require a specific CORS configuration. If you’re using the bundled MinIO setup, this is already configured for you.
- Verify bucket has public read access
- Check CORS configuration allows requests from your domain
- Ensure S3_ENDPOINT_URL is correctly set for third-party services
- Verify subdomain DNS: Ensure
files.yourdomain.com
points to your server IP (this is the most common issue) - Check DNS propagation: Use tools like
nslookup
ordig
to verify DNS resolution - Verify ports: Ensure ports 80 and 443 are open in your firewall
- SSL certificate: Check that SSL certificate generation completed successfully
- Container logs: Check Docker container logs:
docker compose logs minio
Testing Your Configuration
To test if file uploads are working:- Admin Panel: Try uploading a project logo in the project settings
- Survey Editor: Attempt to add a background image to a survey
- Question Types: Create a ‘File Upload’ or ‘Picture Selection’ question
- Check Logs: Monitor container logs for any storage-related errors