search

iwaseasahi / christchurches-map

キリスト教会マップ
https://www.christchurches-map.com/
2 stars 0 forks source link

画像を S3 にアップロードできない #826

Closed iwaseasahi closed 3 years ago

iwaseasahi commented 3 years ago

背景

https://www.christchurches-map.site/

staging 環境でアイコン画像をアップロードするとエラーになります。

目的

画像アップロードができる

完成条件

iwaseasahi commented 3 years ago

エラーログ

F, [2021-09-24T12:32:36.059993 #8] FATAL -- :
Excon::Error::Forbidden (Expected(200) <=> Actual(403 Forbidden)
excon.error.response
  :body          => "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>3R7V4GJTJSRZKTX9</RequestId><HostId>DIwmdBwIM6FROXUKMlJDR4a3No/NJ+WZnuk8beme+CINORi3GMpQhDrEHrJGHhljGzZQHqNvvng=</HostId></Error>"
  :cookies       => [
  ]
  :headers       => {
    "Connection"       => "close"
    "Content-Type"     => "application/xml"
    "Date"             => "Fri, 24 Sep 2021 12:32:35 GMT"
    "Server"           => "AmazonS3"
    "x-amz-id-2"       => "DIwmdBwIM6FROXUKMlJDR4a3No/NJ+WZnuk8beme+CINORi3GMpQhDrEHrJGHhljGzZQHqNvvng="
    "x-amz-request-id" => "3R7V4GJTJSRZKTX9"
  }
  :host          => "s3.ap-northeast-1.amazonaws.com"
  :local_address => "10.0.1.180"
  :local_port    => 37084
  :path          => "/christchurches-map-ecs/uploads/tmp/1632486755-700938265844481-0001-3456/%E3%83%95%E3%82%9A%E3%83%AD%E3%83%95%E3%82%A3%E3%83%BC%E3%83%AB.JPG"
  :port          => 443
  :reason_phrase => "Forbidden"
  :remote_ip     => "52.219.1.82"
  :status        => 403
  :status_line   => "HTTP/1.1 403 Forbidden\r\n"
):

app/controllers/users/upload_icons_controller.rb:5:in `create'
iwaseasahi commented 3 years ago 
app/controllers/users/upload_icons_controller.rb:5:in `create'
F, [2021-09-24T12:43:39.746746 #8] FATAL -- :
Excon::Error::Forbidden (Expected(200) <=> Actual(403 Forbidden)
excon.error.response
  :body          => "<Error><Code>SignatureDoesNotMatch</Code><Message>The request signature we calculated does not match the signature you provided. Check your key and signing method.</Message><AWSAccessKeyId></AWSAccessKeyId><StringToSign>AWS4-HMAC-SHA256\n20210924T124339Z\n20210924/ap-northeast-1/s3/aws4_request\na6c1268481762d42c68923f64ed883f72583bd6ab4d1ac29d9cea691b28d5b2d</StringToSign><SignatureProvided>2a8d57372ef94e7c26e23e94fc54937eb6bd543daa6e729a2c3dc0f8a15eeadf</SignatureProvided><StringToSignBytes>41 57 53 34 2d 48 4d 41 43 2d 53 48 41 32 35 36 0a 32 30 32 31 30 39 32 34 54 31 32 34 33 33 39 5a 0a 32 30 32 31 30 39 32 34 2f 61 70 2d 6e 6f 72 74 68 65 61 73 74 2d 31 2f 73 33 2f 61 77 73 34 5f 72 65 71 75 65 73 74 0a 61 36 63 31 32 36 38 34 38 31 37 36 32 64 34 32 63 36 38 39 32 33 66 36 34 65 64 38 38 33 66 37 32 35 38 33 62 64 36 61 62 34 64 31 61 63 32 39 64 39 63 65 61 36 39 31 62 32 38 64 35 62 32 64</StringToSignBytes><CanonicalRequest>PUT\n/christchurches-map-ecs/user_icon/6_72f886e4-524e-44ec-a08a-448c5ffd1817.JPG\n\ncache-control:max-age=604800\ncontent-type:image/jpeg,image/jpg\nhost:s3.ap-northeast-1.amazonaws.com\nx-amz-acl:public-read\nx-amz-content-sha256:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\nx-amz-copy-source:/christchurches-map-ecs/uploads/tmp/1632487418-504462651723485-0003-0946/%E3%83%95%E3%82%9A%E3%83%AD%E3%83%95%E3%82%A3%E3%83%BC%E3%83%AB.JPG\nx-amz-date:20210924T124339Z\n\ncache-control;content-type;host;x-amz-acl;x-amz-content-sha256;x-amz-copy-source;x-amz-date\ne3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855</CanonicalRequest><CanonicalRequestBytes>50 55 54 0a 2f 63 68 72 69 73 74 63 68 75 72 63 68 65 73 2d 6d 61 70 2d 65 63 73 2f 75 73 65 72 5f 69 63 6f 6e 2f 36 5f 37 32 66 38 38 36 65 34 2d 35 32 34 65 2d 34 34 65 63 2d 61 30 38 61 2d 34 34 38 63 35 66 66 64 31 38 31 37 2e 4a 50 47 0a 0a 63 61 63 68 65 2d 63 6f 6e 74 72 6f 6c 3a 6d 61 78 2d 61 67 65 3d 36 30 34 38 30 30 0a 63 6f 6e 74 65 6e 74 2d 74 79 70 65 3a 69 6d 61 67 65 2f 6a 70 65 67 2c 69 6d 61 67 65 2f 6a 70 67 0a 68 6f 73 74 3a 73 33 2e 61 70 2d 6e 6f 72 74 68 65 61 73 74 2d 31 2e 61 6d 61 7a 6f 6e 61 77 73 2e 63 6f 6d 0a 78 2d 61 6d 7a 2d 61 63 6c 3a 70 75 62 6c 69 63 2d 72 65 61 64 0a 78 2d 61 6d 7a 2d 63 6f 6e 74 65 6e 74 2d 73 68 61 32 35 36 3a 65 33 62 30 63 34 34 32 39 38 66 63 31 63 31 34 39 61 66 62 66 34 63 38 39 39 36 66 62 39 32 34 32 37 61 65 34 31 65 34 36 34 39 62 39 33 34 63 61 34 39 35 39 39 31 62 37 38 35 32 62 38 35 35 0a 78 2d 61 6d 7a 2d 63 6f 70 79 2d 73 6f 75 72 63 65 3a 2f 63 68 72 69 73 74 63 68 75 72 63 68 65 73 2d 6d 61 70 2d 65 63 73 2f 75 70 6c 6f 61 64 73 2f 74 6d 70 2f 31 36 33 32 34 38 37 34 31 38 2d 35 30 34 34 36 32 36 35 31 37 32 33 34 38 35 2d 30 30 30 33 2d 30 39 34 36 2f 25 45 33 25 38 33 25 39 35 25 45 33 25 38 32 25 39 41 25 45 33 25 38 33 25 41 44 25 45 33 25 38 33 25 39 35 25 45 33 25 38 32 25 41 33 25 45 33 25 38 33 25 42 43 25 45 33 25 38 33 25 41 42 2e 4a 50 47 0a 78 2d 61 6d 7a 2d 64 61 74 65 3a 32 30 32 31 30 39 32 34 54 31 32 34 33 33 39 5a 0a 0a 63 61 63 68 65 2d 63 6f 6e 74 72 6f 6c 3b 63 6f 6e 74 65 6e 74 2d 74 79 70 65 3b 68 6f 73 74 3b 78 2d 61 6d 7a 2d 61 63 6c 3b 78 2d 61 6d 7a 2d 63 6f 6e 74 65 6e 74 2d 73 68 61 32 35 36 3b 78 2d 61 6d 7a 2d 63 6f 70 79 2d 73 6f 75 72 63 65 3b 78 2d 61 6d 7a 2d 64 61 74 65 0a 65 33 62 30 63 34 34 32 39 38 66 63 31 63 31 34 39 61 66 62 66 34 63 38 39 39 36 66 62 39 32 34 32 37 61 65 34 31 65 34 36 34 39 62 39 33 34 63 61 34 39 35 39 39 31 62 37 38 35 32 62 38 35 35</CanonicalRequestBytes><RequestId>A4DW69MNHNBC7DEG</RequestId><HostId>ckufhubg8AGrK2fOpnZWKqvG/3zJuP57E1JfcHj+BFLjReLOOttMLcoYT6ArYPqJiQ8yKT1+Tqw=</HostId></Error>"
  :cookies       => [
  ]
  :headers       => {
    "Content-Type"     => "application/xml"
    "Date"             => "Fri, 24 Sep 2021 12:43:39 GMT"
    "Server"           => "AmazonS3"
    "x-amz-id-2"       => "ckufhubg8AGrK2fOpnZWKqvG/3zJuP57E1JfcHj+BFLjReLOOttMLcoYT6ArYPqJiQ8yKT1+Tqw="
    "x-amz-request-id" => "A4DW69MNHNBC7DEG"
  }
  :host          => "s3.ap-northeast-1.amazonaws.com"
  :local_address => "10.0.1.180"
  :local_port    => 45274
  :path          => "/christchurches-map-ecs/user_icon/6_72f886e4-524e-44ec-a08a-448c5ffd1817.JPG"
  :port          => 443
  :reason_phrase => "Forbidden"
  :remote_ip     => "52.219.8.80"
  :status        => 403
  :status_line   => "HTTP/1.1 403 Forbidden\r\n"
):

app/controllers/users/upload_icons_controller.rb:5:in `create'
iwaseasahi commented 3 years ago

これを見ると、シークレットキーに特殊文字が入っている場合に発生する可能性があるとのこと。 https://qiita.com/tettsu__/items/165afe4570f27468b90f

iwaseasahi commented 3 years ago 
F, [2021-09-24T13:30:28.656552 #8] FATAL -- :
Excon::Error::Socket (Broken pipe (Errno::EPIPE)):
iwaseasahi commented 3 years ago

どうも 150 KB 以上だと、S3 にアップロードできないらしいです。 https://stackoverflow.com/questions/14090210/carrierwave-s3-fog-exconerrorssocketerror

iwaseasahi commented 3 years ago

https://github.com/carrierwaveuploader/carrierwave#using-amazon-s3

iwaseasahi commented 3 years ago

どうも S3 でパス形式が使えなくなるようです。 https://dev.classmethod.jp/articles/s3-no-longer-support-path-style-requests/

iwaseasahi commented 3 years ago

https://aws.amazon.com/jp/premiumsupport/knowledge-center/s3-403-forbidden-error/

iwaseasahi commented 3 years ago

https://docs.aws.amazon.com/ja_jp/cli/latest/userguide/cli-configure-profiles.html

iwaseasahi commented 3 years ago

https://docs.aws.amazon.com/ja_jp/cli/latest/userguide/cli-services-s3-commands.html

iwaseasahi commented 3 years ago

aws cli からはちゃんと S3 にアップロードできました。

$ aws s3 cp ~/Desktop/スクリーンショット\ 2021-09-27\ 10.09.47.png s3://christchurches-map-ecs/user_icon/ --profile christchurches-map-rails
upload: ../../Desktop/スクリーンショット 2021-09-27 10.09.47.png to s3://christchurches-map-ecs/user_icon/スクリーンショット 2021-09-27 10.09.47.png

なので、認証情報の問題ではないです。

iwaseasahi commented 3 years ago

結局、原因は IAM の認証情報だったようです。

iwaseasahi commented 3 years ago

該当箇所のコードを読む。 https://github.com/carrierwaveuploader/carrierwave/blob/master/lib/carrierwave/storage/fog.rb

iwaseasahi commented 3 years ago

画像アップロードに成功しました。 https://www.christchurches-map.site/users/6

スクリーンショット 2021-09-27 11 37 54