search

minio / minio-js

MinIO Client SDK for Javascript
https://docs.min.io/docs/javascript-client-quickstart-guide.html
Apache License 2.0
920 stars 271 forks source link

got SignatureDoesNotMatch error through https #1301

Closed xiaodonggua1 closed 2 months ago

xiaodonggua1 commented 2 months ago

wanna get sts through AssumeRoleProvider.worked out through http,but got SignatureDoesNotMatch error through https. sdk version is 8.0.0,and i also tried lower version like 7.1.4,7.0.32

const AssumeRoleProvider = require('minio/dist/main/AssumeRoleProvider.js').AssumeRoleProvider;

const provider = new AssumeRoleProvider({
  stsEndpoint: 'https://xxx',
  durationSeconds: 900,
  accessKey: 'xxx',
  secretKey: 'xxx',
})

provider.getCredentials().then((res) => {
  console.log(res)
})

ScreenCapture20240603210842599

prakashsvmx commented 2 months ago

how are the certs generated. ? can you share mc admin trace -v <ALIAS> ?

xiaodonggua1 commented 2 months ago

how are the certs generated. ? can you share mc admin trace -v <ALIAS> ?

thx for your reply! here is the screenshot ScreenCapture20240603212113630 and here is nginx config

    upstream minioinstance {
        #least_conn
        server minio1.hikyun.com:9000;
        server minio2.hikyun.com:9000;
        server minio3.hikyun.com:9000;
        server minio4.hikyun.com:9000;
    }

    server {
        listen       80;
        listen  [::]:80;
        server_name  minio-dev.hikyun.com;

        location / {
            proxy_set_header Host $http_host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto $scheme;

            proxy_connect_timeout 300;
            # Default is HTTP/1, keepalive is only enabled in HTTP/1.1
            proxy_http_version 1.1;
            proxy_set_header Connection "";
            chunked_transfer_encoding off;

            proxy_pass http://minioinstance;
        }
    }

    server {
        listen       443 ssl;
        server_name  minio-dev.hikyun.com;

        ssl_certificate      /data1/nginx/ssl/hikyun.pem;
        ssl_certificate_key  /data1/nginx/ssl/hikyun.key;
        ssl_session_cache    shared:SSL:10m;
        ssl_session_timeout  10m;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_ciphers  HIGH:!aNULL:!MD5;
        ssl_prefer_server_ciphers  on;

       location ^~ /  {
            proxy_set_header X-Real-IP $clientRealIp;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_pass http://minioinstance;
        }
    }
klauspost commented 2 months ago

When you are rewriting the host, the signature does not match that for which it is generated.

Make it either HTTP or HTTPS and update your config appropriately.

xiaodonggua1 commented 2 months ago

@klauspost it worked! thank u so much!!! i deleted config in port 80. here is the config.

  upstream minioinstance {
      server minio1.hikyun.com:9000;
      server minio2.hikyun.com:9000;
      server minio3.hikyun.com:9000;
      server minio4.hikyun.com:9000;
  }

  server {
      listen       443 ssl;
      server_name  minio-dev.hikyun.com;

      ssl_certificate      /data1/nginx/ssl/hikyun.pem;
      ssl_certificate_key  /data1/nginx/ssl/hikyun.key;
      ssl_session_cache    shared:SSL:10m;
      ssl_session_timeout  10m;
      ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
      ssl_ciphers  HIGH:!aNULL:!MD5;
      ssl_prefer_server_ciphers  on;

     location ^~ /  {
          proxy_set_header Host $http_host;
          proxy_set_header X-Real-IP $remote_addr;
          proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
          proxy_set_header X-Forwarded-Proto $scheme;

          proxy_pass http://minioinstance;
      }        
  }