Nginx+minio+JavaSpringBoot 配置Nginx后出现SignatureDoesNotMatch错误
之前一直正常使用Java调用Minio的API,是直接连接的minio的9000端口,没有经过nginx代理,不会出现任何报错。但是最近在想用nginx来做代理转发,然后各种折腾配置之后还是报签名不匹配的错误;大致的框架是nginx宿主机,minio使用的docker,项目在另一个docker;宿主机为172.17.0.1,minio为172.17.0.3,项目172.17.0.2目前能够访问得到
·
之前一直正常使用Java调用Minio的API,是直接连接的minio的9000端口,没有经过nginx代理,不会出现任何报错。
但是最近在想用nginx来做代理转发,然后各种折腾配置之后还是报签名不匹配的错误;
大致的框架是nginx宿主机,minio使用的docker,项目在另一个docker;
宿主机为172.17.0.1,minio为172.17.0.3,项目172.17.0.2
目前能够访问得到minio后台管理平台,但是无法调用API
后台错误信息如下:
ErrorResponse(code = SignatureDoesNotMatch, message = The request signature we calculated does not match the signature you provided. Check your key and signing method., bucketName = medical-record, objectName = null, resource = /medical-record, requestId = 16DD15872DCA9208, hostId = 057c46a6-2d9c-4dac-ac61-64fe69e41cc3)
request={method=GET, url=http://192.168.1.197:8185/medical-record?location=, headers=Host: 192.168.1.197:8185
Accept-Encoding: identity
User-Agent: MinIO (Windows 10; amd64) minio-java/8.3.7
Content-MD5: 1B2M2Y8AsgTpgAmY7PhCfg==
x-amz-content-sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
x-amz-date: 20220317T055832Z
Authorization: AWS4-HMAC-SHA256 Credential=*REDACTED*/20220317/us-east-1/s3/aws4_request, SignedHeaders=content-md5;host;x-amz-content-sha256;x-amz-date, Signature=*REDACTED*
}
response={code=403, headers=Server: nginx/1.21.5
Date: Thu, 17 Mar 2022 05:58:29 GMT
Content-Type: application/xml
Content-Length: 387
Connection: keep-alive
Accept-Ranges: bytes
Content-Security-Policy: block-all-mixed-content
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin
Vary: Accept-Encoding
X-Amz-Request-Id: 16DD15872DCA9208
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
}
后台代码:
MinioClient minioClient = MinioClient.builder()
.endpoint("http://192.168.1.xxx:8185")
.credentials(accessKey, secretKey)
.build();
boolean found = minioClient.bucketExists(BucketExistsArgs.builder().bucket(bucketName).build()); //在此句报错
if (!found) {
minioClient.makeBucket(MakeBucketArgs.builder().bucket(bucketName).build());
}
抓包:
Nginx配置如下:
upstream minio {
server 172.17.0.1:9000 fail_timeout=10s max_fails=2 weight=1;
}
server {
listen 8185;
server_name localhost,172.17.0.1;
ignore_invalid_headers off;
proxy_buffering off;
charset utf-8;
underscores_in_headers on;
location /medical-record {
proxy_pass http://172.17.0.1:9000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header authorization $http_authorization;
proxy_connect_timeout 300;
proxy_http_version 1.1;
proxy_set_header Connection "";
chunked_transfer_encoding off;
}
location / {
proxy_pass http://minio;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-for $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;
proxy_set_header authorization $http_authorization;
proxy_connect_timeout 300;
proxy_http_version 1.1;
proxy_set_header Connection "";
chunked_transfer_encoding off;
}
}
nginx日志信息:
在我的理解中,nginx只是做了代理转发,为了更进一步的定位问题,目前使用python写了个代理转发
python的代理转发:监听10086,转给宿主机的9000端口,然后能获取到图片,也能通过连接访问到图片。
现在更加确定是nginx的问题,要么是我没配置对,要么是它内部的处理机制导致
目前尝试过的方法:
将proxy_set_header Host $host 中的 $host改为$host:$server_port或者$http_host
目前还没有找到解决方法。希望有熟悉minio的大佬能支支招,小弟谢过了。
更多推荐
已为社区贡献2条内容
所有评论(0)