Nginx+minio+JavaSpringBoot 配置Nginx后出现SignatureDoesNotMatch错误

之前一直正常使用Java调用Minio的API，是直接连接的minio的9000端口，没有经过nginx代理，不会出现任何报错。但是最近在想用nginx来做代理转发，然后各种折腾配置之后还是报签名不匹配的错误；大致的框架是nginx宿主机，minio使用的docker，项目在另一个docker；宿主机为172.17.0.1，minio为172.17.0.3，项目172.17.0.2目前能够访问得到

冲田小姐姐吃糖

9689人浏览 · 2022-03-17 14:20:41

冲田小姐姐吃糖 · 2022-03-17 14:20:41 发布

之前一直正常使用Java调用Minio的API，是直接连接的minio的9000端口，没有经过nginx代理，不会出现任何报错。

但是最近在想用nginx来做代理转发，然后各种折腾配置之后还是报签名不匹配的错误；

大致的框架是nginx宿主机，minio使用的docker，项目在另一个docker；

宿主机为172.17.0.1，minio为172.17.0.3，项目172.17.0.2

目前能够访问得到minio后台管理平台，但是无法调用API

后台错误信息如下：

ErrorResponse(code = SignatureDoesNotMatch, message = The request signature we calculated does not match the signature you provided. Check your key and signing method., bucketName = medical-record, objectName = null, resource = /medical-record, requestId = 16DD15872DCA9208, hostId = 057c46a6-2d9c-4dac-ac61-64fe69e41cc3)
request={method=GET, url=http://192.168.1.197:8185/medical-record?location=, headers=Host: 192.168.1.197:8185
Accept-Encoding: identity
User-Agent: MinIO (Windows 10; amd64) minio-java/8.3.7
Content-MD5: 1B2M2Y8AsgTpgAmY7PhCfg==
x-amz-content-sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
x-amz-date: 20220317T055832Z
Authorization: AWS4-HMAC-SHA256 Credential=*REDACTED*/20220317/us-east-1/s3/aws4_request, SignedHeaders=content-md5;host;x-amz-content-sha256;x-amz-date, Signature=*REDACTED*
}
response={code=403, headers=Server: nginx/1.21.5
Date: Thu, 17 Mar 2022 05:58:29 GMT
Content-Type: application/xml
Content-Length: 387
Connection: keep-alive
Accept-Ranges: bytes
Content-Security-Policy: block-all-mixed-content
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin
Vary: Accept-Encoding
X-Amz-Request-Id: 16DD15872DCA9208
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
}

后台代码：

MinioClient minioClient = MinioClient.builder()
                    .endpoint("http://192.168.1.xxx:8185")
                    .credentials(accessKey, secretKey)
                    .build();

boolean found = minioClient.bucketExists(BucketExistsArgs.builder().bucket(bucketName).build()); //在此句报错
if (!found) {
    minioClient.makeBucket(MakeBucketArgs.builder().bucket(bucketName).build());
}

抓包：

Nginx配置如下：

upstream minio {
        server 172.17.0.1:9000 fail_timeout=10s max_fails=2 weight=1;
    }

server {
        listen       8185;
        server_name  localhost,172.17.0.1;

        ignore_invalid_headers off;
        proxy_buffering off;
        
        charset utf-8;
        underscores_in_headers  on;
        
        
      location /medical-record {
        proxy_pass http://172.17.0.1:9000;
        
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header authorization $http_authorization;
      
        proxy_connect_timeout 300;

        proxy_http_version 1.1;
        proxy_set_header Connection "";
        chunked_transfer_encoding off;
      }
    
    location / {
      proxy_pass http://minio;
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header X-Forwarded-for $proxy_add_x_forwarded_for;
      proxy_set_header X-Forwarded-Proto $scheme;
      proxy_set_header Host $http_host;
      proxy_set_header authorization $http_authorization;
    
      proxy_connect_timeout 300;

      proxy_http_version 1.1;
      proxy_set_header Connection "";
      chunked_transfer_encoding off;
    }
  }