[Bug]: Functioning S3 Storage (non-Amazon) can not find bucket after updating to NC 30

[Gugiman]

⚠️ This issue respects the following points: ⚠️

• [x] This is a bug, not a question or a configuration/webserver/proxy issue.
• [x] This issue is not already reported on Github OR Nextcloud Community Forum (I've searched it).
• [x] Nextcloud Server is up to date. See Maintenance and Release Schedule for supported versions.
• [x] I agree to follow Nextcloud's Code of Conduct.

Bug description

I am using my Strato Hidrive S3 Storage for 6 years now within NC. After updating to NC 30 I get the errors when trying to open a file from that storage (see below).

I have no problems connecting to the storage with other software because no changes to key, secrets or buckets have been made since years.

Steps to reproduce

1. Configure a non-Amazon S3 storage like Strato - Hidrive
2. In case you got it working:
3. Try to open a e.g. PDF File from that storage

Expected behavior

Should behave like a normal external folder

Nextcloud Server version

30

Operating system

Debian/Ubuntu

PHP engine version

PHP 8.3

Web server

Apache (supported)

Database engine version

MySQL

Is this bug present after an update or on a fresh install?

Upgraded to a MAJOR version (ex. 28 to 29)

Are you using the Nextcloud Server Encryption module?

Encryption is Disabled

What user-backends are you using?

• [x] Default user-backend (database)
• [ ] LDAP/ Active Directory
• [ ] SSO - SAML
• [ ] Other

Configuration report

{
    "system": {
        "instanceid": "***REMOVED SENSITIVE VALUE***",
        "passwordsalt": "***REMOVED SENSITIVE VALUE***",
        "secret": "***REMOVED SENSITIVE VALUE***",
        "overwritewebroot": "\/nextcloud",
        "overwritecondaddr": "***REMOVED SENSITIVE VALUE***",
        "trusted_domains": [
            "***REMOVED SENSITIVE VALUE***",
            "localhost"
        ],
        "datadirectory": "***REMOVED SENSITIVE VALUE***",
        "overwrite.cli.url": "***REMOVED SENSITIVE VALUE***",
        "htaccess.RewriteBase": "\/nextcloud",
        "dbtype": "mysql",
        "integrity.check.disabled": false,
        "version": "30.0.2.2",
        "dbname": "***REMOVED SENSITIVE VALUE***",
        "dbhost": "***REMOVED SENSITIVE VALUE***",
        "dbport": "",
        "dbtableprefix": "oc_",
        "dbuser": "***REMOVED SENSITIVE VALUE***",
        "dbpassword": "***REMOVED SENSITIVE VALUE***",
        "logtimezone": "UTC",
        "installed": true,
        "maintenance": false,
        "updater.release.channel": "stable",
        "loglevel": 1,
        "mail_smtpmode": "smtp",
        "mail_smtpauthtype": "LOGIN",
        "theme": "",
        "preview_max_x": "1024",
        "preview_max_y": "1024",
        "preview_max_scale_factor": 3,
        "jpeg_quality": "50",
        "maintenance_window_start": 100,
        "app_install_overwrite": [
            "keeweb",
            "documentserver_community",
            "carnet",
            "otpmanager"
        ],
        "encryption.legacy_format_support": false,
        "encryption.key_storage_migrated": false,
        "filelocking.enabled": "false",
        "filelocking.ttl": 1,
        "default_phone_region": "DE",
        "memcache.local": "\\OC\\Memcache\\APCu",
        "mail_from_address": "***REMOVED SENSITIVE VALUE***",
        "mail_sendmailmode": "smtp",
        "mail_domain": "***REMOVED SENSITIVE VALUE***",
        "mysql.utf8mb4": true,
        "mail_smtphost": "***REMOVED SENSITIVE VALUE***",
        "mail_smtpport": "587",
        "mail_smtpauth": 1,
        "mail_smtpname": "***REMOVED SENSITIVE VALUE***",
        "mail_smtppassword": "***REMOVED SENSITIVE VALUE***"
    }
}

List of activated Apps

Enabled:
  - app_api: 4.0.0
  - calendar: 5.0.1
  - cloud_federation_api: 1.13.0
  - contactsinteraction: 1.11.0
  - cookbook: 0.11.2
  - dav: 1.31.1
  - federatedfilesharing: 1.20.0
  - federation: 1.20.0
  - files: 2.2.0
  - files_external: 1.22.0
  - files_pdfviewer: 3.0.0
  - files_reminders: 1.3.0
  - files_sharing: 1.22.0
  - files_trashbin: 1.20.1
  - firstrunwizard: 3.0.0
  - groupfolders: 18.0.5
  - lookup_server_connector: 1.18.0
  - mail: 4.0.2
  - nextcloud_announcements: 2.0.0
  - notes: 4.11.0
  - notifications: 3.0.0
  - oauth2: 1.18.1
  - otpmanager: 0.5.4
  - password_policy: 2.0.0
  - passwords: 2024.11.20
  - phonetrack: 0.8.1
  - privacy: 2.0.0
  - provisioning_api: 1.20.0
  - related_resources: 1.5.0
  - settings: 1.13.0
  - sharebymail: 1.20.0
  - systemtags: 1.20.0
  - tasks: 0.16.1
  - text: 4.1.0
  - theming: 2.5.0
  - twofactor_backupcodes: 1.19.0
  - updatenotification: 1.20.0
  - viewer: 3.0.0
  - webhook_listeners: 1.1.0-dev
  - workflowengine: 2.12.0
Disabled:
  - activity: 3.0.0 (installed 2.21.1)
  - admin_audit: 1.20.0
  - bruteforcesettings: 3.0.0 (installed 1.1.0)
  - circles: 30.0.0 (installed 29.0.0-dev)
  - comments: 1.20.1 (installed 1.0.0)
  - contacts: 6.1.1 (installed 6.1.1)
  - dashboard: 7.10.0 (installed 7.2.0)
  - encryption: 2.18.0 (installed 2.2.0)
  - files_downloadlimit: 3.0.0 (installed 2.0.0)
  - files_external_bck: 1.22.0
  - files_versions: 1.23.0 (installed 1.13.0)
  - logreader: 3.0.0 (installed 2.4.0)
  - money: 0.29.0 (installed 0.29.0)
  - photos: 3.0.2 (installed 1.1.0)
  - recommendations: 3.0.0 (installed 1.1.0)
  - serverinfo: 2.0.0 (installed 1.9.0)
  - support: 2.0.0 (installed 1.2.1)
  - survey_client: 2.0.0 (installed 1.0.0)
  - suspicious_login: 8.0.0
  - twofactor_nextcloud_notification: 4.0.0
  - twofactor_totp: 12.0.0-dev
  - user_ldap: 1.21.0
  - user_status: 1.10.0 (installed 1.0.1)
  - weather_status: 1.10.0 (installed 1.9.0)

Nextcloud Signing status

No errors have been found.

Nextcloud Logs

[...] "user":"SENSITIVE","app":"objectstore","method":"GET","url":"/nextcloud/remote.php/dav/files/SENSITIVE.pdf","message":"Bucket \"SENSITIVE\" does not exist - creating it.","userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36","version":"30.0.2.2","data":{"app":"objectstore"}}#

[...] {"reqId":"ZzUUbfSqwh-okWrSh08TFgAAAUg","level":3,"time":"2024-11-13T21:04:45+00:00","remoteAddr":"2003:6:31a:6463:1cec:e0cc:1d68:2c39","user":"SENSITIVE","app":"webdav","method":"GET","url":"/nextcloud/remote.php/dav/files/SENSITIVE.pdf","message":"Creation of bucket \"SENSITIVE\" failed. Error executing \"CreateBucket\" on \"https://s3.hidrive.strato.com/SENSITIVE/\"; AWS HTTP error: Client error: `PUT https://s3.hidrive.strato.com/SENSITIVE/` resulted in a `403 Forbidden` response:\n<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<Error><Code>SignatureDoesNotMatch</Code><Message>The request signature we calcul (truncated...)\n SignatureDoesNotMatch (client): The request signature we calculated does not match the signature you provided. Check your key and signing method. - <?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<Error><Code>SignatureDoesNotMatch</Code><Message>The request signature we calculated does not match the signature you provided. Check your key and signing method.</Message><Key>/</Key><RequestId>1CQ94TRQOMFN05CB</RequestId></Error>"

Additional info

Somehow i got it working that I have access to the s3 folder. But then I can not open any file because ob the mentioned errors.

[Gugiman]

Got it working again by by deactivating legacy_auth and configure "us-east-1" as region. The default "eu-west-1" doesn't work anymore.

Since Strato is a german provider and not Amazon, the region field could be left blank in the past. But since NC 30 this does not work anymore.