Uploads of bigger files are failing with SignatureDoesNotMatch

Hello,

I did setup Cells in a Container with Minio S3 as storage backend and behind Nginx as proxy. So far everything seems to work. I can even upload smaller files like images.
But if I try to upload bigger files with 1GB or 4GB, they are instantly failing with:

<Error>
<Code>SignatureDoesNotMatch</Code>
<Message>The request signature we calculated does not match the signature you provided. Check your key and signing method.</Message>
<Resource>/io/personal-files/somefile.mkv</Resource>
<RequestId>169BE728547700F2</RequestId>
<HostId>3L137</HostId>
</Error>

For me the weird thing is, that there aren’t any logs. I mean there are logs for some tasks, but none related to this upload. On Minio there are also no logs related to this upload.

Has anyone any idea what it could be or even had the same issue?

Nginx Config:

client_max_body_size 10G;
    location / {
        proxy_buffering off;
        proxy_pass https://localhost:8080;
        proxy_set_header X-Real-IP $remote_addr;
        # this line is required for cells-sync
        # grpc_pass grpcs://localhost:8080;
    }


    location /ws/ {
        proxy_buffering off;
        proxy_pass https://localhost:8080;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "Upgrade";
    }

I have exactly the same problem. I am also using nginx.

The problem seems to be connected to multipart upload. When my instance is set to multipart-upload when files are bigger than 104857600 bytes I can upload files up to about 100 mb without problems. When I reduce this number, even smaller files fail to upload.

Hello @maltechx and @Jodli ,

After some testing with multiple configuration, could you try to use those lines in your config and then tell me if you still observe the issue,

server {
    server_name myproxy.net;
    # To allow special characters in headers
    ignore_invalid_headers off;
    # Allow any size file to be uploaded.
    # Set to a value such as 1000m; to restrict file size to a specific value
    client_max_body_size 0;
    # To disable buffering
    proxy_buffering off;

    location / {
        proxy_ssl_verify off;

        proxy_pass https://cells:8080;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header Host $http_host;

        proxy_connect_timeout 300;
        # Default is HTTP/1, keepalive is only enabled in HTTP/1.1
        proxy_http_version 1.1;
        proxy_set_header Connection "";
        chunked_transfer_encoding off;
    }
}

Thank you for your response. I tried this config + some ssl stuff and this error is still present :slightly_frowning_face:

I tried it as well. No luck :frowning:

Is there a debug mode to maybe find out where it is going wrong?
Maybe some specific nginx / linux setting that disallows multipart-upload?

Hello,

In docker file, please add “:port_number” at the end of CELLS_EXTERNAL

CELLS_EXTERNAL=https://cells.domain.com:443

This part of my docker-compose.yml, so I already had the port in CELLS_EXTERNAL.

  cells:
    image: pydio/cells:latest
    restart: unless-stopped
    ports: ["8080:8080"]
    environment:
      - CELLS_EXTERNAL=https://cells.domain.com:443
      - CELLS_LOG_LEVEL=debug
        #- CELLS_NO_SSL=1
        #- CELLS_NO_TLS=1
      - CELLS_BIND=:8080
    volumes:
      - ./data:/var/cells/data
      - ./cells:/var/cells

@maltechx
It is just a shot in the dark, but maybe adding network_mode: "host" might solve your problem?

@c12simple
Thanks for your help. You pointed me to the solution :slight_smile:
For me it was not the port, but the wrong url in CELLS_EXTERNAL (I had used “localhost” instead of the “real” one.

For everybody else having the same problem, this is my working setup (I am using an external db):

nginx:

server {
	server_name example.com;
	client_max_body_size 5000M;
	ignore_invalid_headers off;

	location / {
		proxy_pass https://127.0.0.1:42246;
		proxy_set_header Host $host;
		proxy_buffering off;
		proxy_set_header X-Forwarded-Proto https;
		proxy_set_header X-Real-IP $remote_addr;
		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
		proxy_set_header X-Forwarded-Host $server_name;
		
		proxy_connect_timeout 300;
		proxy_http_version 1.1;
		proxy_set_header Connection "";
		chunked_transfer_encoding off;
	}
	location /ws/ {
		proxy_buffering off;
		proxy_pass https://127.0.0.1:42246;
		proxy_set_header Host $host;
		proxy_http_version 1.1;
		proxy_set_header Upgrade $http_upgrade;
		proxy_set_header Connection "Upgrade";
		proxy_read_timeout 86400;
	}
	
	listen [::]:443 ssl; # managed by Certbot
	listen 443 ssl; # managed by Certbot
	ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot
	ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot
	include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
	ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}
server {
	if ($host = example.com) {
		return 301 https://$host$request_uri;
	} # managed by Certbot


	listen 80;
	listen [::]:80;

	server_name example.com;
	return 404; # managed by Certbot
}

docker-compose.yml

version: '3.5'
services:
  cells:
    image: pydio/cells:latest
    restart: unless-stopped
    network_mode: "host"
    ports:
      - "42246:8080"
    environment:
      - CELLS_LOG_LEVEL=production
      - CELLS_EXTERNAL=https://example.com/
      - CELLS_BIND=:42246
    volumes:
      - "/var/www/vhosts/example.com/files/data:/var/cells/data"
      - "/var/www/vhosts/example.com/files:/var/cells"

Hi,
Try to open 42246 port on docker
So

ports:
      - "42246:42246"

Hello @maltechx ,

Could you try with a simpler nginx config lets also review the settings,

  • CELLS_BIND=0.0.0.0:8080

Perfect you already have this set.

then lets try with

    client_max_body_size 0;
    # To disable buffering
    proxy_buffering off;

    location / {
        proxy_pass https://cells:8080;
    }

(here cells being the name of my cells container in my compose.yaml file)

Hello @zayn ,

this my nginx config:

server {
    listen 443 ssl;
    listen [::]:443 ssl;
    server_name cells.domain.com;
    ssl_certificate /etc/letsencrypt/live/cells.domain.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/cells.domain.com/privkey.pem;
    ssl_dhparam /etc/nginx/dhparam;
    client_max_body_size 0;
    proxy_buffering off;
    location / {
        proxy_pass https://127.0.0.1:8080;
    }
}

docker-compose:

  cells:
    image: pydio/cells:latest
    restart: unless-stopped
    ports: ["8080:8080"]
    environment:
      - CELLS_EXTERNAL=https://cells.domain.com:443
      - CELLS_LOG_LEVEL=debug
      - CELLS_BIND=0.0.0.0:8080
    volumes:
      - ./data:/var/cells/data
      - ./cells:/var/cells

I changed it and removed a few options but I’m still facing this issue :frowning: