ECS:S3 無法使用簽名 v4,但可以使用 v2

Summary: 自 ECS 代碼版本 3.0 起即支援 S3 簽名 v4,但若負載平衡器 (LB) 或代理伺服器設定錯誤,連線可能會失敗。

This article applies to This article does not apply to This article is not tied to any specific product. Not all product versions are identified in this article.
Check out other resources

Symptoms

S3 瀏覽器或 CloudBerry Explorer 等應用程式無法使用 S3 簽章 v4 連線至 ECS,而且會看到以下錯誤訊息: 
The request signature we calculated does not match the signature you provided. Check your Secret Access Key and signing method. For more information, see REST Authentication and SOAP Authentication for details.
dataheadsvc.log中顯示的錯誤: 
2018-02-08T01:02:22,160 [qtp1281445260-47251-ac16c920:16153c4ec5b:5428:a-s3-192.168.x.x] ERROR  S3V4Signer.java (line 270) Signature mismatch CalcSignature: 1beacc1d4410c0d39a18e99b241a8c430ad7f76f030a54595406901feddfddb1, ClientSignature: 874250cee333e6aba9b12abfd279516408a083da60d0b1cc3f8b196a6fe8cdb1
2018-02-08T01:02:22,160 [qtp1281445260-47251-ac16c920:16153c4ec5b:5428:a-s3-192.168.x.x] ERROR  S3V4Signer.java (line 270) Signature mismatch CalcSignature: 1beacc1d4410c0d39a18e99b241a8c430ad7f76f030a54595406901feddfddb1, ClientSignature: 874250cee333e6aba9b12abfd279516408a083da60d0b1cc3f8b196a6fe8cdb1
2018-02-08T01:02:22,160 [qtp1281445260-47251-ac16c920:16153c4ec5b:5428:a-s3-192.168.x.x] ERROR  HMACAuthenticationHandler.java (line 178) authenticate failed. RequestId ac16c920:16153c4ec5b:5428:a. Error com.emc.storageos.data.api.service.impl.resource.s3.S3Exception
使用 S3 簽名 v2 正常工作。

Cause

負載平衡器或代理伺服器將主機標頭更改為指向與配置不同的端點。

Resolution

取得以下問題的答案:

  • 安裝的 ECS 版本為何?自 ECS 3.0 起支援 S3 Signature v4。
  • 使用什麼版本的工具,例如 Cloudberry Explorer、S3 瀏覽器?
  • 連線使用的是負載平衡器還是代理伺服器?
  • 如果是:使用 ECS 節點作為終端節點嘗試 v4 連線
  • 如果此方法正常運作,請讓用戶端進一步調查負載平衡器或代理伺服器的設定


針對 Apache,應驗證下列設定:打開此選項可保留主機標頭。

ProxyPreserveHost Directive
Description:
Use incoming Host HTTP request header for proxy request
Syntax:
ProxyPreserveHost On|Off
Default:
ProxyPreserveHost Off
Context:
server config, virtual host, directory
Status:
Extension
Module:
mod_proxy
Compatibility:
Usable in directory context in 2.3.3 and later.
When enabled, this option will pass the Host: line from the incoming request to the proxied host, instead of the hostname specified in the ProxyPass line.
This option should normally be turned Off. It is mostly useful in special configurations like proxied mass name-based virtual hosting, where the original Host header needs to be evaluated by the backend server.

如需更多詳細資訊,請參閱: https://httpd.apache.org/docs/2.4/mod/mod_proxy.html#proxypreservehost此超連結會帶您前往 Dell Technologies 以外的網站。

Additional Information


Affected Products

ECS Appliance

Products

ECS Appliance, Elastic Cloud Storage
Article Properties
Article Number: 000034122
Article Type: Solution
Last Modified: 28 Aug 2025
Version:  4
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.