presignedUrl return "S3Error: The request signature we calculated does not match the signature you provided. Check your key and signing method."

[Yoppai]

hey guys, my app works correctly if run locally but the following error appears when to dockerize my app

async createTypeC(telegramID: number, TypeC: ITypeC): Promise<{presignedUrl: string, user: IUser}>{
        try {
            const user = await this.userService.removeCredits(telegramID, 50)
            const resDetail = await axios.post<ITypeC>(`${this.apiUrl}/edition/${user._id}`, TypeC, {
                headers: {
                    'x-api-key': apiKey
                }
            })

            const presignedUrl = await this.minioService.getFileUrl(resDetail.data.filename)
            return {presignedUrl, user}
        } catch (error) {
            console.log(error)
            throw new Error('Error to Create type c')
        }
    }

My minio service

export class MinioService {
    private minioClient: Minio.Client;
    private bucketName: string;

    constructor() {
        this.minioClient = new Minio.Client({

            endPoint: endpoint,
            port: port,
            useSSL: useSSL ,
            accessKey: accessKey,
            secretKey: secretKey,

        })
        this.bucketName = buketName;
    }

    async getFileUrl(fileName: string) {

        return await this.minioClient.presignedUrl(
            "GET",
            this.bucketName,
            fileName,
            24 * 60 * 60,

        );

    }

    async deleteFile(fileName: string) {
        await this.minioClient.removeObject(this.bucketName, fileName);
    }
}

Environment variable

#MINIO CONFIG
MINIO_ENDPOINT=s3.mydomain.com
MINIO_PORT=80
MINIO_ACCESS_KEY=admin
MINIO_SECRET_KEY=admin
MINIO_USE_SSL=false
MINIO_BUCKET_NAME=bot404

Error

When I run my app without docker it works correctly, however I can't find the error

S3Error: The request signature we calculated does not match the signature you provided. Check your key and signing method.
2024-06-22 17:10:38     at parseError (/app/node_modules/minio/dist/esm/internal/xml-parser.ts:30:13)
2024-06-22 17:10:38     at Module.parseResponseError (/app/node_modules/minio/dist/esm/internal/xml-parser.ts:79:11)
2024-06-22 17:10:38     at process.processTicksAndRejections (node:internal/process/task_queues:95:5)
2024-06-22 17:10:38     at Client.makeRequestStreamAsync (/app/node_modules/minio/dist/esm/internal/client.ts:686:19)
2024-06-22 17:10:38     at Client.getBucketRegionAsync (/app/node_modules/minio/dist/esm/internal/client.ts:741:19) {
2024-06-22 17:10:38   code: 'SignatureDoesNotMatch',
2024-06-22 17:10:38   bucketname: 'bot404',
2024-06-22 17:10:38   resource: '/bot404',
2024-06-22 17:10:38   requestid: '17DB766153F06B3A',
2024-06-22 17:10:38   hostid: '411bc421bd2f80bc9878e776fea40bf4f4a112865b490a39fb326fa1e5ad1a8e',
2024-06-22 17:10:38   amzRequestid: '17DB766153F06B3A',
2024-06-22 17:10:38   amzId2: '411bc421bd2f80bc9878e776fea40bf4f4a112865b490a39fb326fa1e5ad1a8e',
2024-06-22 17:10:38   amzBucketRegion: undefined
2024-06-22 17:10:38 }

[prakashsvmx]

mc admin trace -v would be helpful. Please check for any host/proxy issues and also datetime etc. or if there are any special characters in headers.

[Yoppai]

check host/proxy when my app works (not dockerize) and when it doesn't work (to dockerize)

I clarify that there is no change in the code of the two apps and the results are different

Result not dockerize

minio:9000 [REQUEST s3.HeadBucket] [2024-06-23T05:56:15.273] [Client IP: 172.29.0.9]
minio:9000 HEAD /bot404
minio:9000 Proto: HTTP/1.1
minio:9000 Host: minio:9000
minio:9000 Authorization: AWS4-HMAC-SHA256 Credential=admin/20240623/us-east-1/s3/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date, Signature=7abde6b02851e4c1c48186cad54913168e8c78eacbdee51f2216c1dc7cb19b72
minio:9000 Connection: close
minio:9000 Content-Length: 0
minio:9000 User-Agent: MinIO (linux; x64) minio-js/8.0.0
minio:9000 X-Amz-Content-Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
minio:9000 X-Amz-Date: 20240623T055615Z
minio:9000
minio:9000 [RESPONSE] [2024-06-23T05:56:15.273] [ Duration 174µs TTFB 0s ↑ 88 B  ↓ 0 B ]
minio:9000 200 OK
minio:9000 Content-Type: application/xml
minio:9000 Vary: Origin,Accept-Encoding
minio:9000 X-Amz-Id-2: 411bc421bd2f80bc9878e776fea40bf4f4a112865b490a39fb326fa1e5ad1a8e
minio:9000 X-Xss-Protection: 1; mode=block
minio:9000 Accept-Ranges: bytes
minio:9000 Content-Length: 0
minio:9000 Server: MinIO
minio:9000 Strict-Transport-Security: max-age=31536000; includeSubDomains
minio:9000 X-Amz-Request-Id: 17DB8C8296ABB82F
minio:9000 X-Content-Type-Options: nosniff
minio:9000
minio:9000
minio:9000 [REQUEST s3.PutObject] [2024-06-23T05:56:15.278] [Client IP: 172.29.0.9]
minio:9000 PUT /bot404/1719122175274-ine.jpg
minio:9000 Proto: HTTP/1.1
minio:9000 Host: minio:9000
minio:9000 X-Amz-Content-Sha256: 9cd9146fe4c0dba0f134686eff4c80b26e6d1697d62f4a19966fade4d899e6e2
minio:9000 X-Amz-Date: 20240623T055615Z
minio:9000 Authorization: AWS4-HMAC-SHA256 Credential=admin/20240623/us-east-1/s3/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date, Signature=3e906e55eab75f8f781293b9f6a7d2ed64ee7810f57b2df7b81a9d50296168ca
minio:9000 Connection: close
minio:9000 Content-Length: 119497
minio:9000 User-Agent: MinIO (linux; x64) minio-js/8.0.0
minio:9000 <BLOB>
minio:9000 [RESPONSE] [2024-06-23T05:56:15.284] [ Duration 6.702ms TTFB 0s ↑ 117 KiB  ↓ 0 B ]
minio:9000 200 OK
minio:9000 Accept-Ranges: bytes
minio:9000 ETag: "81c6043ff85adc7c6d7a9c48bb361843"
minio:9000 Strict-Transport-Security: max-age=31536000; includeSubDomains
minio:9000 Vary: Origin,Accept-Encoding
minio:9000 X-Amz-Id-2: 411bc421bd2f80bc9878e776fea40bf4f4a112865b490a39fb326fa1e5ad1a8e
minio:9000 X-Content-Type-Options: nosniff
minio:9000 X-Xss-Protection: 1; mode=block
minio:9000 Content-Length: 0
minio:9000 Server: MinIO
minio:9000 X-Amz-Request-Id: 17DB8C8296F160F7
minio:9000 <BLOB>
minio:9000
s3.mydomain.com [REQUEST s3.GetBucketLocation] [2024-06-23T05:56:15.381] [Client IP: 177.231.11.61]
s3.mydomain.com GET /bot404?location
s3.mydomain.com Proto: HTTP/1.1
s3.mydomain.com Host: s3.mydomain.com
s3.mydomain.com X-Forwarded-Proto: http
s3.mydomain.com X-Real-Ip: 177.231.11.61
s3.mydomain.com Authorization: AWS4-HMAC-SHA256 Credential=admin/20240623/us-east-1/s3/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date, Signature=34ae422e3829b28502e776dda67735c9553459970e777553590a092907b37a25
s3.mydomain.com Connection: close
s3.mydomain.com X-Forwarded-For: 177.231.11.61
s3.mydomain.com X-Amz-Content-Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
s3.mydomain.com X-Amz-Date: 20240623T055611Z
s3.mydomain.com Content-Length: 0
s3.mydomain.com User-Agent: MinIO (win32; x64) minio-js/8.0.0
s3.mydomain.com
s3.mydomain.com [RESPONSE] [2024-06-23T05:56:15.381] [ Duration 196µs TTFB 191.499µs ↑ 132 B  ↓ 128 B ]
s3.mydomain.com 200 OK
s3.mydomain.com Content-Length: 128
s3.mydomain.com Server: MinIO
s3.mydomain.com Vary: Origin,Accept-Encoding
s3.mydomain.com Accept-Ranges: bytes
s3.mydomain.com Strict-Transport-Security: max-age=31536000; includeSubDomains
s3.mydomain.com X-Amz-Id-2: 411bc421bd2f80bc9878e776fea40bf4f4a112865b490a39fb326fa1e5ad1a8e
s3.mydomain.com X-Amz-Request-Id: 17DB8C829D166024
s3.mydomain.com X-Content-Type-Options: nosniff
s3.mydomain.com X-Xss-Protection: 1; mode=block
s3.mydomain.com Content-Type: application/xml
s3.mydomain.com <?xml version="1.0" encoding="UTF-8"?>
<LocationConstraint xmlns="http://s3.amazonaws.com/doc/2006-03-01/"></LocationConstraint>
s3.mydomain.com
s3.mydomain.com [REQUEST s3.GetObject] [2024-06-23T05:56:16.769] [Client IP: 149.154.161.232]
s3.mydomain.com GET /bot404/1719122175274-ine.jpg?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=admin%2F20240623%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20240623T055611Z&X-Amz-Expires=86400&X-Amz-SignedHeaders=host&X-Amz-Signature=1ffa59c5e6ee5852651ea8056f6c7e44b264d2cec7771d6a4172a5793ca49db6
s3.mydomain.com Proto: HTTP/1.1
s3.mydomain.com Host: s3.mydomain.com
s3.mydomain.com Cookie: euConsent=true; BCPermissionLevel=PERSONAL; BC_GDPR=11111; fhCookieConsent=true; gdpr-source=GB; gdpr_consent=YES; beget=begetok; SOCS=CAISNQgEEitib3FfaWRlbnRpdHlmcm9udGVuZHVpc2VydmVyXzIwMjMwNzIzLjA5X3AwGgJlbiACGgYIgMSBpgY
s3.mydomain.com User-Agent: TelegramBot (like TwitterBot)
s3.mydomain.com X-Amz-Signature-Age: 5770
s3.mydomain.com X-Forwarded-Proto: http
s3.mydomain.com Accept-Encoding: deflate, gzip, br
s3.mydomain.com Accept-Language: en-US,en;q=0.5
s3.mydomain.com Connection: close
s3.mydomain.com X-Real-Ip: 149.154.161.232
s3.mydomain.com Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
s3.mydomain.com Content-Length: 0
s3.mydomain.com X-Forwarded-For: 149.154.161.232
s3.mydomain.com <BLOB>
s3.mydomain.com [RESPONSE] [2024-06-23T05:56:16.770] [ Duration 914µs TTFB 717.799µs ↑ 152 B  ↓ 117 KiB ]
s3.mydomain.com 200 OK
s3.mydomain.com Vary: Origin,Accept-Encoding
s3.mydomain.com X-Content-Type-Options: nosniff
s3.mydomain.com X-Xss-Protection: 1; mode=block
s3.mydomain.com Accept-Ranges: bytes
s3.mydomain.com Content-Type: binary/octet-stream
s3.mydomain.com ETag: "81c6043ff85adc7c6d7a9c48bb361843"
s3.mydomain.com Server: MinIO
s3.mydomain.com X-Amz-Request-Id: 17DB8C82EFDA65D6
s3.mydomain.com Content-Length: 119497
s3.mydomain.com Last-Modified: Sun, 23 Jun 2024 05:56:15 GMT
s3.mydomain.com Strict-Transport-Security: max-age=31536000; includeSubDomains
s3.mydomain.com X-Amz-Id-2: 411bc421bd2f80bc9878e776fea40bf4f4a112865b490a39fb326fa1e5ad1a8e
s3.mydomain.com <BLOB>
s3.mydomain.com

Result todockerize

minio:9000 [REQUEST s3.HeadBucket] [2024-06-23T06:01:39.008] [Client IP: 172.29.0.9]
minio:9000 HEAD /bot404
minio:9000 Proto: HTTP/1.1
minio:9000 Host: minio:9000
minio:9000 Content-Length: 0
minio:9000 User-Agent: MinIO (linux; x64) minio-js/8.0.0
minio:9000 X-Amz-Content-Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
minio:9000 X-Amz-Date: 20240623T060139Z
minio:9000 Authorization: AWS4-HMAC-SHA256 Credential=admin/20240623/us-east-1/s3/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date, Signature=0a7b4b293f7a69a00bcb84046d88594893b3e252b76b1413e485b96f3b9dda5d
minio:9000 Connection: close
minio:9000
minio:9000 [RESPONSE] [2024-06-23T06:01:39.008] [ Duration 201µs TTFB 0s ↑ 88 B  ↓ 0 B ]
minio:9000 200 OK
minio:9000 Accept-Ranges: bytes
minio:9000 Content-Length: 0
minio:9000 Strict-Transport-Security: max-age=31536000; includeSubDomains
minio:9000 Vary: Origin,Accept-Encoding
minio:9000 X-Content-Type-Options: nosniff
minio:9000 Content-Type: application/xml
minio:9000 Server: MinIO
minio:9000 X-Amz-Id-2: 411bc421bd2f80bc9878e776fea40bf4f4a112865b490a39fb326fa1e5ad1a8e
minio:9000 X-Amz-Request-Id: 17DB8CCDF6C22B34
minio:9000 X-Xss-Protection: 1; mode=block
minio:9000
minio:9000
minio:9000 [REQUEST s3.PutObject] [2024-06-23T06:01:39.012] [Client IP: 172.29.0.9]
minio:9000 PUT /bot404/1719122499008-ine.jpg
minio:9000 Proto: HTTP/1.1
minio:9000 Host: minio:9000
minio:9000 User-Agent: MinIO (linux; x64) minio-js/8.0.0
minio:9000 X-Amz-Content-Sha256: 8e2990b6b5fdb31775f20e8fd9f8f87745245923c7c0af1abb0f865a7f359a7e
minio:9000 X-Amz-Date: 20240623T060139Z
minio:9000 Authorization: AWS4-HMAC-SHA256 Credential=admin/20240623/us-east-1/s3/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date, Signature=fd49bfaaac523038344cf2375207180cd57532c8612aece3bb5df05fe0ad57b8
minio:9000 Connection: close
minio:9000 Content-Length: 120238
minio:9000 <BLOB>
minio:9000 [RESPONSE] [2024-06-23T06:01:39.019] [ Duration 6.848ms TTFB 0s ↑ 118 KiB  ↓ 0 B ]
minio:9000 200 OK
minio:9000 Content-Length: 0
minio:9000 ETag: "5523842ef8032d05070374827dca0006"
minio:9000 Vary: Origin,Accept-Encoding
minio:9000 X-Amz-Id-2: 411bc421bd2f80bc9878e776fea40bf4f4a112865b490a39fb326fa1e5ad1a8e
minio:9000 X-Xss-Protection: 1; mode=block
minio:9000 Accept-Ranges: bytes
minio:9000 Server: MinIO
minio:9000 Strict-Transport-Security: max-age=31536000; includeSubDomains
minio:9000 X-Amz-Request-Id: 17DB8CCDF709733B
minio:9000 X-Content-Type-Options: nosniff
minio:9000 <BLOB>
minio:9000

[prakashsvmx]

given your use case, i would suggest that you completely move the url/upload to the backend. when you upload from browser, but the presignedurl is obtained in the backend it does not play well on the headers ( signed)