I am trying to use Spring Cloud Gateway to redirect to our S3 server. The problem is that when redirecting I get the error:
SignatureDoesNotMatch: The request signature we calculated does not match the signature you provided. Check your key and signing method.
I have the following configuration on application.yml:
- id: example-s3
predicates:
- Path=/example-s3/**
uri: ${project.services.internal.example-s3.url}
filters:
- RewritePath=/example-s3/(?<segment>.*), /$\{segment}
- PreserveHostHeader
I added the option -PreserveHostHeader because it was failing and I saw this solution that works with nginx. It works with nginx but not with Spring Cloud Gateway.
I don't know what else to do, I have compared the headers using nginx and using Spring Cloud Gateway and I don't see anything else that might be necessary.
If I add - RemoveRequestHeader=Authorization then it works on public objects, but it does not work when it is private. So I think the problem must be in that header. It is:
Authorization: AWS4-HMAC-SHA256 Credential=XXXXXXXX/20230324/us-east-1/s3/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date;x-amz-user-agent, Signature=fake-signature-to-sctackoverflow
I have seen that for signing (SignedHeaders) it use the headers host;x-amz-content-sha256;x-amz-date;x-amz-user-agent and I verify that these headers are present. In nginx the host header is stripped by Nginx by default, so the solution I added in nginx works, but in Spring Cloud Gateway I am not able to make it work.
I don't know what else to try or do, how to reverse proxy it correctly with Spring Cloud Gateway?
