nginx s3 gateway handshake failure

Question

I am new to nginx and trying to setup a nginx proxy in front of an s3 bucket using this repo.

Based on the repo, my settings file (name --> my.settings) looks like -

S3_BUCKET_NAME=my-s3-bucket
S3_SERVER=s3.amazonaws.com
S3_REGION=us-east-1
S3_ACCESS_KEY_ID=myaccesskey
S3_SECRET_KEY=mysecretkey
S3_SERVER_PORT=443
S3_SERVER_PROTO=https
S3_STYLE=path
S3_DEBUG=true
AWS_SIGS_VERSION=4

I built the image as suggested in the repo using -

docker build -f Dockerfile.oss -t nginx-oss-s3-gateway .

and when I run the image using - docker run -p8080:80 --env-file ./my.settings nginx-oss-s3-gateway

the image starts up fine as expected. I attempt to send a request to retrieve an object from the bucket - curl -v http://localhost:8080/index.html and I get back a HTTP 404. I look at nginx container that is running and see this -

2021/05/12 02:39:17 [error] 58#58: *1 peer closed connection in SSL handshake while SSL 
handshaking to upstream, client: 172.17.0.1, server: , request: "GET /index.html HTTP/1.1", 
upstream: "https://52.217.165.200:443/mys3bucket/index.html", host: "localhost:8080"
172.17.0.1 - - [12/May/2021:02:39:17 +0000] "GET /index.html HTTP/1.1" 404 146 "-" "curl/7.64.1" "-"
2021/05/12 02:39:17 [info] 58#58: *1 client 172.17.0.1 closed keepalive connection

I tried adding ssl_verify_client off; to the nginx.conf and reloading the config, but that was not helpful.

I have a feeling this is because nginx is unable to verify aws s3 certificate? in which case, should I be importing the s3 cert to a trust store and pointing to nginx config? I am trying to avoid certificate pinning by downloading a specific cert.

Any advice on how to resolve this?

nginx s3 gateway handshake failure

Answers (1)

Related Questions