Amazon S3 connect error , 403 error number

seadrive

#1

I am trying to build pro server with Amazon S3 as back-end storage, unfortunately, I met a wild error like this,
…/common/obj-backend-s3.c(341): Put object ad7c708de997d0681b6923221fd91746521c0986 error 403. Response:

<?xml version="1.0" encoding="UTF-8"?>

SignatureDoesNotMatchThe request signature we calculated does not match the signature you provided. Check your key and signing method.xxxxxxxxxxxAWS4-HMAC-SHA256

my configure items in conf/seafile.con like below,
[commit_object_backend]
name = s3
bucket = seafile-commit
key_id = xxxxxx
key = xxxxxxxxxx
path_style_request = true
host = s3.cn-north-1.amazonaws.com.cn
use_v4_signature = true
aws_region = cn-north-1
use_https = true
[fs_object_backend]
same with commit-object-backend expect bucketname
[block_backend]
same with commit-object-backend expect bucketname

And the Access Key ID and Secure Key ID are available to connect
S3 via pytho2.7.5 n with boto component.
but seafile prompts this error msg while starting up sealfie.sh.

Is there any clues can be shared with me to resolve it, extremely expecting for your support, :slight_smile:


#2

We haven’t tested S3 support in the cn region yet. But it should work. You can try removing this configuration:

This configuration cannot be used with S3 provided by AWS. It’s only for other S3-compatible storage systems like OpenStack Swift.


#3

I get the same error. While being able to use the key in S3Browser for example this prooves there’s something wrong:

[block_backend]
name = s3
bucket = seafile-cha-block
key_id=KEY
key=SECRET
memcached_options = --SERVER=localhost --POOL-MIN=10 --POOL-MAX=100
use_https = true
aws_region = eu-central-1
use_v4_signature = true

I use frankfurt region.


#4

Which version do you use? The issue with cn-north-1 region is due to the use of ‘host’ option. This triggers a bug in our software to calculate the signature with a wrong S3 host name. This has been fixed. But since you don’t set ‘host’ option, I don’t know why it doesn’t work for you.


#5

I tried with various mix-match of no aws_region, no use_https and no use_v4_signature nothing seems to work. Could it be that frankfurt remains unsupported or changed something? I would really love for this to work. Do you happen to know a well-tested region with some confirmed settings?


#6

Have you tried to add the ‘host’ option to your config file?


#7

I can’t remember to be honest. But my guess is that I tried I have a slight memory of looking in the log for the hostname for that reason. But I can try again. If you have any other guess as to why this might be needed or other things to try please advice :slight_smile:


#8

You can try with the following config:

[block_backend]
name = s3
bucket = seafile-cha-block
host = s3.eu-central-1.amazonaws.com
key_id=KEY
key=SECRET
memcached_options = --SERVER=localhost --POOL-MIN=10 --POOL-MAX=100
use_https = true
aws_region = eu-central-1
use_v4_signature = true

#9

Taking the settings from Jonathan on Jan 12th 2017, I still get the 403 error at Frankfurt.

[03/27/2018 09:34:59 PM] ../common/s3-client.c(714): S3 error status for PUT: 403.
[03/27/2018 09:34:59 PM] ../common/s3-client.c(715): Request URL: https://my-bucket-name.s3.eu-central-1.amazonaws.com/bc5b16c0-80fc-468a-8ec6-ea5c747b5794/cd738814d5b80d7f19e22ef677e237fc72fa0a8a
[03/27/2018 09:34:59 PM] ../common/s3-client.c(716): Request headers:
[03/27/2018 09:34:59 PM] ../common/s3-client.c(615): Date: Tue, 27 Mar 2018 19:34:59 +0000
[03/27/2018 09:34:59 PM] ../common/s3-client.c(615): Authorization: AWS4-HMAC-SHA256 Credential=MYACCESSKEY/20180327/eu-central-1/s3/aws4_request,SignedHeaders=host;x-amz-content-sha256,Signature=810c4f3cf726f775833c755f78de3189e5763874a8ecdfa645161a422e5aabd0
[03/27/2018 09:34:59 PM] ../common/s3-client.c(615): x-amz-content-sha256: e392ec68a7a01e6a28006bf926149e0adc38c5cfea64e3731b8dbae80026ea9a
[03/27/2018 09:34:59 PM] ../common/obj-backend-s3.c(348): Put object cd738814d5b80d7f19e22ef677e237fc72fa0a8a error 403. Response:
<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>SignatureDoesNotMatch</Code><Message>The request signature we calculated does not match the signature you provided. Check your key and signing method.</Message><AWSAccessKeyId>MYACCESSKEY</AWSAccessKeyId><StringToSign>AWS4-HMAC-SHA256
Tue, 27 Mar 2018 19:34:59 +0000
20180327/eu-central-1/s3/aws4_request
01a2621b3931f7341938a0faef72b58aa4ae460f3a3658e9ae9f4b73c365ab5d</StringToSign>

It is not an AWS IAM user permission issue as I granted the IAM user administrator permission and the same credential worked well with awscli. I tried to use AWS SDK to produce the signature for the same request, the signature differed from the one in the log file.

Is there any clue for further troubleshooting?


#10

We’ll test in Frankfurt region.


#11

Has anyone had anyluck with this issue? Same thing happening to me with us-east-2 (ohio)

  • Thanks