[ceph-users] Ceph S3 nginx Proxy

Yoann Moulin yoann.moulin at epfl.ch
Fri Nov 3 04:46:25 PDT 2017


Hello,

>> I am trying to set up an ceph cluster with an s3 buckets setup with an
>> nignx proxy.
>>
>> I have the ceph and s3 parts working. :D
>>
>> when i run my php script through the nginx proxy i get an error
>> "<?xml version="1.0"
>> encoding="UTF-8"?><Error><Code>SignatureDoesNotMatch</Code><RequestId>"
>>
>>
>> but direct it works fine.
>>
>> Has any one come across this before and can help out?
>
> My conf (may not be optimal):
> 
> server {
> 	listen 443 ssl http2;
> 	listen [::]:443 ssl http2;
> 	server_name FQDN;
> 
> 	ssl_certificate /etc/ssl/certs/FQDN.crt;
> 	ssl_certificate_key /etc/ssl/private/FQDN.key;
> 	add_header Strict-Transport-Security 'max-age=31536000; preload';
> 
> 	location / {
> 		include proxy_params;
> 		proxy_redirect off;
> 		proxy_pass http://127.0.0.1:1234;
> 		client_max_body_size 0;
> 		proxy_buffering off;
> 	}
> }

By default in proxy_params, I don't see this line :

  proxy_set_header Host $host;

here, the default proxy_parms on ubuntu 16.04 :

$ cat proxy_params
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;

I don't know if "Host $http_host;" is equivalent to "Host $host;"

> And ceph's:
> [client.radosgw.gateway]
> host = rgw
> rgw_frontends = civetweb port=127.0.0.1:1234
> keyring = /etc/ceph/keyring.radosgw.gateway

In my rgw section I also have this :

  rgw dns name = <rgw fqdn>

that allows s3cmd to access to bucket with %(bucket)s.test.iccluster.epfl.ch URL

Best regards,

-- 
Yoann Moulin
EPFL IC-IT


More information about the ceph-users mailing list