search

ali-sdk / ali-oss

Aliyun OSS(Object Storage Service) JavaScript SDK for the Browser and Node.js
https://www.alibabacloud.com/help/doc-detail/52834.htm
MIT License
1.95k stars 577 forks source link

How to use with custom domain? #773

Open atonamy opened 4 years ago

atonamy commented 4 years ago

I created custom domain through CDN then I try to use it with ali-oss:

const oss = new OSS({
  region: 'oss-cn-zhangjiakou',
  accessKeyId: 'XXXXXXXXXXXXXXXXX',
  accessKeySecret: 'XXXXXXXXXXXXXX',
  bucket: 'some-bucket',
  cname: true
})

when I simply try to access my object info:

const res = await oss.head('some/object')

I getting error:

UnknowError: Unknow error, status: 400 at requestError (/code/node_modules/ali-oss/lib/client.js:427:15) at request (/code/node_modules/ali-oss/lib/client.js:260:22) at _tickCallback (internal/process/next_tick.js:68:7)

If I remove cname parameter everything works without any issue. But in my OSS Managment Console I can see that url is custom one but oss.head return not custom url just standard one if I don't use cname parameter.

PeterRao commented 4 years ago

you should set endpoint. e.g.

const store = oss({
      accessKeyId: 'xxx',
      accessKeySecret: 'xxx',
      endpoint: 'foo.bar.com',
      cname: true
    });
ricky11 commented 4 years ago

Same problem, I get 403 error

If i remove endpoint, and cname then its okay.

the endpoint is correct, and cname is true, and secure: true. Endpoint is binded to aliyun cdn, and is working. The problem only happen with .HEAD, I can do .PUT, .GET, etc.

{ UnknowError: Unknow error, status: 403 at requestError (/code/node_modules/ali-oss/lib/client.js:428:15) at request (/code/node_modules/ali-oss/lib/client.js:261:22) at _tickCallback (internal/process/next_tick.js:68:7) name: 'UnknowError', status: 403,

PeterRao commented 4 years ago

Same problem, I get 403 error

If i remove endpoint, and cname then its okay.

the endpoint is correct, and cname is true, and secure: true. Endpoint is binded to aliyun cdn, and is working. The problem only happen with .HEAD, I can do .PUT, .GET, etc.

{ UnknowError: Unknow error, status: 403 at requestError (/code/node_modules/ali-oss/lib/client.js:428:15) at request (/code/node_modules/ali-oss/lib/client.js:261:22) at _tickCallback (internal/process/next_tick.js:68:7) name: 'UnknowError', status: 403,

Can you give me requestid.

ricky11 commented 4 years ago

thank you for re-opening, the request id is :

{ UnknowError: Unknow error, status: 403 at requestError (/code/node_modules/ali-oss/lib/client.js:428:15) at request (/code/node_modules/ali-oss/lib/client.js:261:22) at _tickCallback (internal/process/next_tick.js:68:7) name: 'UnknowError', status: 403, requestId: '5EC38F110D92D93DAB7D6B7F', host: '', params: { object: '#zipFiles/5eb542b949b1740009384ee8/1.jpg et al.zip', bucket: 'sinxxsend', method: 'HEAD', subres: undefined, timeout: undefined, ctx: undefined, successStatuses: [ 200, 304 ] } }

ricky11 commented 4 years ago

Another request id 👍 requestId: '5EC398159EB6B2B145B5342A',

By the way how can you search from the request id???? you have access to the all oss requests?

PeterRao commented 4 years ago

Another request id 👍 requestId: '5EC398159EB6B2B145B5342A',

By the way how can you search from the request id???? you have access to the all oss requests?

I am OSS team member, request id can help us to search error log. We can't access to the all oss request, only get the error log from backend server.

ricky11 commented 4 years ago

Okay thats good.

because somebody on alibaba team told me ali-oss sdk for NODE is not 'official'

Please try search this requst id also for HEAD error 403. '5EC399F3ECDBD05A41D101B3'

I think the problem is the CNAME with CDN .HEAD cannot work with CDN domain name?

the problem is only .HEAD api, i dont know why... how to solve this.

BELOW IS RESPONSE FROM TECH SUPPORT.

This is response i got from the support team which i try to solve for more than 2 weeks.

When 【endpoint】parameter is set to a domain linked to a CDN service address. The return code is 【403】

When 【endpoint】 parameter is set to a domain linked to the OSS service address directly. The return code 【200】

Kindly verify. Meanwhile, we will check further on whether it is possible forward head request properly in this case. We wish to apologize for the inconvenience. As a client already specified the "bucket" parameter. May we ask how come it is required to route the request to take domain endpoint first?

The SDK behavior is correct. The issue is caused by when request reaches CDN service and get redirected to the OSS endpoint. Its request method 'HEAD' will change.

Last time we checked 'GET' is working properly still. Kindly verify.

Meanwhile, let us check if there's an alternative solution in this regard.

PeterRao commented 4 years ago

I get error code 'InvalidAccessKeyId'.

Could you can join DingTalk Group, If this is not a bug, I think using dingding is more efficient and safe

ricky11 commented 4 years ago

Hello

It would be better if we the developer can get this correct code back, but we get UNKOWNERROR, this is the problem , if i get the error INVALID ACCESS KEYID, then i can debug it more.

i use 2 kind of key for testing. 1) Context Securityid in function compute 2) Root Key

1) Context will fail all the time for HEAD, but will pass for GET,PUT, etc. (with CNAME) 2) Root Key will also fail for HEAD WITH CNAME, but will 200 status without CNAME

So i dont think the real problem is the KEY. but it would be better if my log also show INVALIDACCESKEYID.

ricky11 commented 4 years ago

I get error code 'InvalidAccessKeyId'.

Could you can join DingTalk Group, If this is not a bug, I think using dingding is more efficient and safe

What is the ding group name?

PeterRao commented 4 years ago

I get error code 'InvalidAccessKeyId'. Could you can join DingTalk Group, If this is not a bug, I think using dingding is more efficient and safe

What is the ding group name?

https://github.com/ali-sdk/ali-oss#qa

PeterRao commented 4 years ago

Hello

It would be better if we the developer can get this correct code back, but we get UNKOWNERROR, this is the problem , if i get the error INVALID ACCESS KEYID, then i can debug it more.

i use 2 kind of key for testing.

  1. Context Securityid in function compute
  2. Root Key
  3. Context will fail all the time for HEAD, but will pass for GET,PUT, etc. (with CNAME)
  4. Root Key will also fail for HEAD WITH CNAME, but will 200 status without CNAME

So i dont think the real problem is the KEY. but it would be better if my log also show INVALIDACCESKEYID.

Hello, ricky11. When you use headObject from cdn. cdn will getObject from oss first. But it will cause SignatureDoesNotMatch. store.get('xxx', { headers: { Range: 'bytes=0-0' } }).then(res => { console.log(res); }) this is temporary solution. I will feedback to our oss team and cdn team, see if they have a better solution

ricky11 commented 4 years ago

Ok Thank you, For now i will remove the custom domain for head.

wwwumr commented 4 years ago

同样的问题,head 403报错,提供几个request-id: 5F3E9BC75DCE1A393232DE46 5F3E9BBD5DCE1A393277BF46 5F3E9BBA5DCE1A39326AB746 5F3E9F9EB9FD8B323959D43C 5F3EA0CD7CAA7537388B6C1A 希望早日解决

ricky11 commented 3 years ago

Hi @PeterRao is this head issue with cdn resolved? as you said May 2020 you will send feedback to cdn team to solve it.

PeterRao commented 3 years ago

必须在CDN控制台增加 Ali-Swift-Fwd-Head: on 的回源请求头。 The Ali-Swift-Fwd-Head: on return request header must be added to the CDN console.

image

Abyssknight commented 1 year ago

@PeterRao 还是不行