私有桶S3访问支持AWS签名版本4

时间:2016-03-21 13:40:10

标签: amazon-web-services nginx amazon-s3 configuration authorization

我正在尝试使用反向代理访问我的亚马逊服务上的私有存储桶的内容,但似乎该实例在法兰克福运行的事实并不允许我访问它。这是nginx.conf:

user nginx;
worker_processes 1;

error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;

events {
    worker_connections 1024;
}

http {
    server_names_hash_bucket_size  64;
    server {
        listen 80;
    server_name ec2-id.eu-central-1.compute.amazonaws.com;  

    rewrite ^(.*) https://$host$1 permanent;


}
server {

    listen 443;
    server_name ec2-id.eu-central-1.compute.amazonaws.com;  

    ssl_certificate /etc/nginx/ssl/server.crt;
    ssl_certificate_key /etc/nginx/ssl/server.key;

    ssl on;
    ssl_session_cache builtin:1000 shared:SSL:10m;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
    ssl_prefer_server_ciphers on;

    access_log            /var/log/nginx/ssl_access.log;

    location ^~ / {
     $proxy_add_x_forwarded_for;
            proxy_pass          https://server.com;
            proxy_read_timeout  30;

        proxy_ssl_session_reuse off;
        proxy_ssl_verify off;
    }

        location /one/service {
        proxy_pass http://beanstalk-1.3tkffhitv2.eu-central-1.elasticbeanstalk.com/;
         proxy_read_timeout  30;
         proxy_ssl_session_reuse off;
         proxy_ssl_verify off;

        }
        location   /privateproxy  {
            set $s3_bucket        'bucketname.s3.eu-central-1.amazonaws.com';
            set $algorithm      '?X-Amz-Algorithm=AWS4-HMAC-SHA256';
            set $aws_access_key '&X-Amz-Credential=MY_KEY/20160322/eu-central-1/s3/aws4_request';
            set $date       '&X-Amz-Date=20160322T201207Z';
            set $url_expires    '&X-Amz-Expires=604800';
            set $signature      '&X-Amz-Signature=$arg_st';
            set $SignedHeaders  '&X-Amz-SignedHeaders=host';

      set $url_full         '$algorithm$aws_access_key$date$url_expires$SignedHeaders$signature';


      proxy_http_version     1.1;
      proxy_set_header       Host $s3_bucket;
      proxy_set_header       Authorization "";
      proxy_hide_header      x-amz-id-2;
      proxy_hide_header      x-amz-request-id;
      proxy_hide_header      Set-Cookie;
      proxy_ignore_headers   "Set-Cookie";
      proxy_buffering        off;
      proxy_intercept_errors on;

      resolver                8.8.8.8 valid=300s;
      resolver_timeout       10s;

      proxy_pass              http://$s3_bucket/$url_full;      }           
  }

  }

浏览器返回一个有错误的xml:

<Error>
<Code>AuthorizationQueryParametersError</Code>
<Message>
Query-string authentication version 4 requires the X-Amz-Algorithm, X-Amz-Credential, X-Amz-Signature, X-Amz-Date, X-Amz-SignedHeaders, and X-Amz-Expires parameters.
</Message>

我试过运行&#34; aws configure set default.s3.signature_version s3v4&#34; 并更新我的客户等,但它仍然发生。 有什么想法吗?

0 个答案:

没有答案
相关问题
最新问题