aws-sigv4-proxy issue with Tigris

I’m having an issue when using the aws-sigv4-proxy with tigris where it errors with the following message when using If-None-Match http header:
error while reading response from upstream - unexpected EOF

I haven’t been able to recreate the issue with the AWS CLI nor with curl so I’m guessing it’s some funky TLS interaction between Tigris and aws-sigv4-proxy which is written in golang.

The bucket in tigris has an AWS S3 shadow bucket. Hitting the shadow bucket in S3 with aws-sigv4-proxy works fine.

This issue pretty much breaks any Tigris backed files that we proxy to from Caddy for our frontend.

Any help would be much appreciated!

Are you intending to serve files directly with Tigris using aws-sigv4-proxy? If you are, check out using a custom domain with public buckets, or a Tigris bucket static like this:

url_prefix = "/avatar"
guest_path = "/"
tigris_bucket = "azurda"

This would mount /avatar on the bucket azurda to /avatar on your app domain. I believe this works with the root URL prefix /, but I’d need to test it.

Hope this helps! I’ll forward this to the Tigris team so they can take a closer look.

1 Like

We run a Caddy server which proxies to the aws-sigv4-proxy which then proxies to the bucket.

We don’t expose the bucket directly because we have some rules around redirects and certain files, mainly to support Single Page Apps.

Both Caddy and aws-sigv4-proxy live inside the same container. It’s easier than trying to get Caddy to create signed requests to buckets.

While I haven’t been able to find a solution to fix this issue, I have implemented a workaround.

In our Caddyfile we suppress all headers and manually add the ones we need when proxying to aws-sigv4-proxy.

We’ve deployed the update to production for our static content. So far performance with Tigris has been great and we’ve seen improved response times!

1 Like

It is great to hear about the performance with Tigris.

I just wanted to let you know that we are looking into the issue you are seeing when using aws-sigv4-proxy with Tigris.

Great to hear that you found a workaround.

Meanwhile, I tried to test aws-sigv4-proxy and was able to successfully PUT/GET, with and without shadow bucket, with and without If-Match/If-None-Match.

Feel free to write us an e-mail with more details, like: bucket, key, object size, the headers you are stripping as a workaround, so we can further investigate and see if something needs fixing on Tigris side.


1 Like

Thanks for taking a look @Yevgeniy. I have followed up by email with the details.

I have communicated with @Yevgeniy via email and they have managed to successfully reproduce the issue and are working on a fix.

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.