Reputation: 161
Nginx confg issue - couldn't connect to S3 compatible storage from NodeJS test program
This is my first quetion on StackOverflow. I have a requirement to provision LB, and proxy layer in DMZ for the clients to reach a backend S3 compatible storage to read buckets. I am using multiple instances of Nginx for this: one instance for LB (node 1), and two instances (node 2,3) as reverse proxy. LB (node 1) listens on https 443 and has a CA signed cert, and is visible on internet. Node 2,3 are listening on http 80, and will fwd requests to backend S3 compatible storage listens on https with self-signed certs.
When I use a test NodeJS program, from with in DMZ layer, to directly connect to the S3 compatible storage, I could read and list buckets using AWS client, with accessKeyId and secretAccessKey.
But when I use the same test NodeJS program, from internet, with same accessKeyId and secretAccessKey, and trying to connect to node 1 (eventually reach backend S3 compatile storage), I am getting the following error:
{"message":"The request signature we calculated does not match the signature you provided.
Check your AWS Secret Access Key and signing method.
For more information, see REST Authentication and SOAP Authentication for details.",
"code":"SignatureDoesNotMatch",
"region":null,
"time":"2018-12-18T12:34:28.313Z",
"requestId":"2899219037",
"statusCode":403,"retryable":false,
"retryDelay":14.04655267301651}
I tried multiple ways to understand and solve this. It looks like my Nginx config is not passing http headers correctly. But I didn't explicitly config anything to hide http headers, and my understanding is that, all headers will pass through unless we explicitly block them.
Other than reaching to S3 compatible backend storage, the calls are going through Nginx. I have even tested to reach another host instead of S3 compatible storage (with self-signed cert), it worked well.
Pl suggest any solution. Let me know any info I may need to add to this question.
srinivas
Upvotes: 1
Views: 977
Answers (1)
Reputation: 161
Resolved.
In my case what fixed the issue is setting up Host as header.
location /something {
...
proxy_set_header Host $http_host;
...
}
My understanding is, Host is used as part of signature generation / verification. It is stripped by Nginx by default, and setting this up explicitly resolved it.
Upvotes: 4
Related Questions
- S3 presigned URL NGINX reverse proxy error - SignatureDoesNotMatch
- Nginx reverse proxy to private aws s3 bucket bad gateaway
- nginx s3 gateway handshake failure
- How to use nginx as proxy to s3 aws?
- Nginx to serve contents of S3 files in browser
- Nginx proxy Amazon S3 resources
- s3fs volume exposed via nginx
- Proxying PUT HTTP requests to AWS S3 fails
- AWS s3 api error: specified bucket does not exist
- Using S3 as a fallback with nginx fails on first "few" loads