Closed andrea-spoldi closed 10 years ago
Okay, I got through it setting adding :
proxy_set_header x-amz-cf-id "";
right before
proxy_set_header x-amz-date $aws_date;
which cleans up CloudFront Header before proxy-ing it to S3.
I think it worths to be added to config example.
A
Can you update the README.md with this finding and issue a pull request?
Hi, it seems there is a problem with request signing if it comes from behind Amazon CloudFront service.
What I notice is the following :
HTTP_Request > Nginx with ngx_aws_auth > S3 bucket works OK
HTTP_Request > Amazon CF (distribution set to nginx) > Nginx with ngx_aws_auth > S3 bucket goes KO
here is the error from browser :
SignatureDoesNotMatch
it seems that being behind CF adds x-amz-cf-id: header which I think S3 uses for signing when ngx_aws_auth doesn't, hence the error.
It works OK also behind ELB, which does not add any header.
Thanks.
A