Open limbo127 opened 9 years ago
+1 noticed the same, the module builds hash always with a GET, and passes it to S3 API for authentication; APIs receives the hash AND the original request, which instead is an HEAD...they mismatch and the authentication fails
adf0177 was supposed to fix this. Could you confirm if your build has this commit? Also, which region is your S3 in?
+1 I use the latest version (1.1.1) with Ireland region.
@anomalizer Do you have an idea for a quick fix?
@benjaminbarbe I actually managed to "quick fix" it without touching the (great btw) ngx_aws_auth module.
Following this post: http://serverfault.com/questions/347663/nginx-convert-head-to-get-requests
I simply perform an internal redirection converting the HEAD request to GET, it just works like a charm to me .
@benjaminbarbe no quick fix at this point. Let me try to reproduce the issue specifically for HEAD
@andrea-spoldi Yes thank you but the body is still sent. Unfortunately, I can not.
I will give a try to https://gist.github.com/skddc/c7a982226d08acd4e041 or https://gist.github.com/justincormack/948423
@anomalizer Cool, Keep us in touch :smile:
@andrea-spoldi @anomalizer I think it's not the fault of the ngx_aws_auth module. I found this post Proxy cache passes GET instead of HEAD to upstream
The problem came of the combinaison of proxy_cache and proxying to s3. I've updated skddc's gist to make it work : https://gist.github.com/benjaminbarbe/1961db5ffbaad57eff12
@benjaminbarbe have to check but I'm 99,9% sure that proxy_cache module is not used in my config.
I ran into this issue using proxy_cache as well. However, I fixed it rather cleanly using http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_cache_convert_head to just turn the conversion of HEADs to GETs off.
hello, I do a GET request on file without problem, the same with HEAD request does not work, with 403 forbidden error , permission is good on this file, and with same key and standard s3 client, no problem.
127.0.0.1 - - [29/Jan/2015:21:09:46 +0000] "HEAD http://s3.amazonaws.com/nhc.c1/test HTTP/1.1" 403 394 (472) "-" "-" "-"[MISS] [0 / -] - AWS4-HMAC-SHA256 Credential=AKIAJG6NCXFPQGBUZ3YA/20150129/US/s3/aws4_request,SignedHeaders=host;x-amz-content-sha256;x-amz-date,Signature=85369c88cbedbadcc5f8457b39b9683b69b861928c884b55e739a76d3905cca7
127.0.0.1 - - [29/Jan/2015:21:10:19 +0000] "GET http://s3.amazonaws.com/nhc.c1/test HTTP/1.1" 200 41799 (452) "-" "-" "-"[MISS] [41029 / -] - AWS4-HMAC-SHA256 Credential=AKIAJG6NCXFPQGBUZ3YA/20150129/US/s3/aws4_request,SignedHeaders=host;x-amz-content-sha256;x-amz-date,Signature=34cbbfb2d48cb8ea516bd2bbb82bd894ee62ab854ceb448365ef4f1863513cde