ECS:S3 无法与签名 v4 配合使用,但可与 v2 配合使用

Summary: 自 ECS 代码版本 3.0 起支持 S3 签名 v4,但如果负载平衡器 (LB) 或代理服务器配置错误,连接可能会失败。

This article applies to This article does not apply to This article is not tied to any specific product. Not all product versions are identified in this article.
Check out other resources

Symptoms

S3浏览器或CloudBerry Explorer等应用程序无法使用S3签名v4连接到ECS,并显示以下错误消息: 
The request signature we calculated does not match the signature you provided. Check your Secret Access Key and signing method. For more information, see REST Authentication and SOAP Authentication for details.
dataheadsvc.log中显示的错误: 
2018-02-08T01:02:22,160 [qtp1281445260-47251-ac16c920:16153c4ec5b:5428:a-s3-192.168.x.x] ERROR  S3V4Signer.java (line 270) Signature mismatch CalcSignature: 1beacc1d4410c0d39a18e99b241a8c430ad7f76f030a54595406901feddfddb1, ClientSignature: 874250cee333e6aba9b12abfd279516408a083da60d0b1cc3f8b196a6fe8cdb1
2018-02-08T01:02:22,160 [qtp1281445260-47251-ac16c920:16153c4ec5b:5428:a-s3-192.168.x.x] ERROR  S3V4Signer.java (line 270) Signature mismatch CalcSignature: 1beacc1d4410c0d39a18e99b241a8c430ad7f76f030a54595406901feddfddb1, ClientSignature: 874250cee333e6aba9b12abfd279516408a083da60d0b1cc3f8b196a6fe8cdb1
2018-02-08T01:02:22,160 [qtp1281445260-47251-ac16c920:16153c4ec5b:5428:a-s3-192.168.x.x] ERROR  HMACAuthenticationHandler.java (line 178) authenticate failed. RequestId ac16c920:16153c4ec5b:5428:a. Error com.emc.storageos.data.api.service.impl.resource.s3.S3Exception
使用 S3 签名 v2 正常工作。

Cause

负载平衡器或代理服务器更改了主机标头,以指向与配置不同的端点。

Resolution

获取以下问题的答案:

  • 安装的是哪个 ECS 版本?自 ECS 3.0 起支持 S3 签名 v4。
  • 使用什么版本的工具,例如 Cloudberry Explorer、S3 Browser?
  • 连接是使用负载平衡器还是代理服务器?
  • 如果是:使用 ECS 节点作为端点尝试 v4 连接
  • 如果这有效,请让客户端进一步调查负载平衡器或代理服务器的设置


对于 Apache,应验证以下设置:打开此选项可保留主机标头。

ProxyPreserveHost Directive
Description:
Use incoming Host HTTP request header for proxy request
Syntax:
ProxyPreserveHost On|Off
Default:
ProxyPreserveHost Off
Context:
server config, virtual host, directory
Status:
Extension
Module:
mod_proxy
Compatibility:
Usable in directory context in 2.3.3 and later.
When enabled, this option will pass the Host: line from the incoming request to the proxied host, instead of the hostname specified in the ProxyPass line.
This option should normally be turned Off. It is mostly useful in special configurations like proxied mass name-based virtual hosting, where the original Host header needs to be evaluated by the backend server.

有关更多详细信息,请访问: https://httpd.apache.org/docs/2.4/mod/mod_proxy.html#proxypreservehost本超链接将引导您访问非 Dell Technologies 运营的网站。

Additional Information


Affected Products

ECS Appliance

Products

ECS Appliance, Elastic Cloud Storage
Article Properties
Article Number: 000034122
Article Type: Solution
Last Modified: 28 Aug 2025
Version:  4
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.