Copy local file to Wasabi failing

RoverSteve · March 12, 2019, 3:12pm

Command:
rclone copy wp-cron.php Wasabi:rover.images/vail

Result:
403 Forbidden: <?xml version=“1.0” encoding=“UTF-8”?>

<Error><Code>SignatureDoesNotMatch</Code><Message>The request signature we calculated does not match the signature you provided. Check your key and signing method.</Message><AWSAccessKeyId>------------------------------</AWSAccessKeyId><StringToSign>AWS4-HMAC-SHA256
20190312T150703Z
20190312/us-east-1/s3/aws4_request
5dd733afa5194d5dc4634116a621ad66e790c5fa5fa1d206a98c1797105dd991</StringToSign><SignatureProvided

Suspicion:
Our Wasabi account seems to be in us-east-1, but the bucket rover.images is in us-west-1. I think this is causing the problem. But I’m not sure, and I do not know what to do about it.

Any recommendations would be appreciated.

Thank you
Steve Mullen

ncw · March 12, 2019, 5:53pm

Are you using the latest release?

My wasabi config looks like this - what does yours look like (rclone config show Wasabi)

[wasabi]
type = s3
env_auth = false
access_key_id = XXX
secret_access_key = XXX
region = 
endpoint = s3.wasabisys.com
location_constraint = 
acl = 
server_side_encryption = 
storage_class =

RoverSteve · March 13, 2019, 12:26am

Yes - I just installed it (not the beta) yesterday:
rclone v1.46
- os/arch: linux/amd64
- go version: go1.11.5

Here is my config:

[Wasabi]

type = s3
provider = Wasabi
env_auth = true
access_key_id = ********************************
secret_access_key = *****************************************************
region = 
endpoint = s3.wasabisys.com
acl = public-read

If I set region to us-west-1, I get ‘Bad Request’ during the copy. If I set it to us-east-1, I get ‘The request signature we calculated does not match the signature you provided’.

Thank you

RoverSteve · March 13, 2019, 12:28am

I’ve also just added the empty params you provided:

server_side_encryption = 
storage_class =

No difference, unfortunately.

ncw · March 13, 2019, 7:34am

You have that set to true - I think you want that set to false otherwise it will pick auth from your environment, eg environment variables or .awsconfig files

RoverSteve · March 13, 2019, 12:54pm

Ok. I’ve made that change. Unfortunately, no difference.

[Wasabi]
type = s3
provider = Wasabi
env_auth = false
access_key_id = ****************************
secret_access_key = *************************************************
region = 
endpoint = s3.wasabisys.com
acl = public-read
server_side_encryption = 
storage_class =

The request signature we calculated does not match the signature you provided. Check your key and signing method.

I would like to point out that reading works:
rclone ls Wasabi:rover.images/vail

It seems to be only writing that is the problem.

ncw · March 13, 2019, 6:41pm

I created a us-west-1 bucket and I can see the same problem.

When I try to use it I see a re-direct which gave me the idea of changing the endpoint.

If you use --s3-endpoint s3.us-west-1.wasabisys.com with your config above, does it work?

RoverSteve · March 13, 2019, 9:39pm

Fantastic - it worked! Thank you!

ncw · March 13, 2019, 9:58pm

This is recommended by wasabi in their docs so I think it is the right solution. You can change the endpoint in the config file if you don't want to use the command line parameter.

system · March 16, 2019, 9:58pm

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.