aws-sigv4-proxy issue with Tigris

charsleysa · June 5, 2024, 1:10pm

I’m having an issue when using the aws-sigv4-proxy with tigris where it errors with the following message when using If-None-Match http header:
error while reading response from upstream - unexpected EOF

I haven’t been able to recreate the issue with the AWS CLI nor with curl so I’m guessing it’s some funky TLS interaction between Tigris and aws-sigv4-proxy which is written in golang.

The bucket in tigris has an AWS S3 shadow bucket. Hitting the shadow bucket in S3 with aws-sigv4-proxy works fine.

This issue pretty much breaks any Tigris backed files that we proxy to from Caddy for our frontend.

Any help would be much appreciated!

TheXe · June 5, 2024, 3:37pm

Are you intending to serve files directly with Tigris using aws-sigv4-proxy? If you are, check out using a custom domain with public buckets, or a Tigris bucket static like this:

[[statics]]
url_prefix = "/avatar"
guest_path = "/"
tigris_bucket = "azurda"

This would mount /avatar on the bucket azurda to /avatar on your app domain. I believe this works with the root URL prefix /, but I’d need to test it.

Hope this helps! I’ll forward this to the Tigris team so they can take a closer look.

charsleysa · June 5, 2024, 3:52pm

We run a Caddy server which proxies to the aws-sigv4-proxy which then proxies to the bucket.

We don’t expose the bucket directly because we have some rules around redirects and certain files, mainly to support Single Page Apps.

Both Caddy and aws-sigv4-proxy live inside the same container. It’s easier than trying to get Caddy to create signed requests to buckets.

charsleysa · June 6, 2024, 5:27am

While I haven’t been able to find a solution to fix this issue, I have implemented a workaround.

In our Caddyfile we suppress all headers and manually add the ones we need when proxying to aws-sigv4-proxy.

We’ve deployed the update to production for our static content. So far performance with Tigris has been great and we’ve seen improved response times!

ovaistariq · June 6, 2024, 5:58am

It is great to hear about the performance with Tigris.

I just wanted to let you know that we are looking into the issue you are seeing when using aws-sigv4-proxy with Tigris.

Yevgeniy · June 7, 2024, 5:41am

Great to hear that you found a workaround.

Meanwhile, I tried to test aws-sigv4-proxy and was able to successfully PUT/GET, with and without shadow bucket, with and without If-Match/If-None-Match.

Feel free to write us an e-mail with more details, like: bucket, key, object size, the headers you are stripping as a workaround, so we can further investigate and see if something needs fixing on Tigris side.

Thanks.

charsleysa · June 7, 2024, 6:55am

Thanks for taking a look @Yevgeniy. I have followed up by email with the details.

charsleysa · June 10, 2024, 1:12am

I have communicated with @Yevgeniy via email and they have managed to successfully reproduce the issue and are working on a fix.

system · June 17, 2024, 1:12am

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
aws s3 ls returns unexpected results in Tigris Questions / Help tigris	6	146	June 27, 2024
Golang Tigris Secrets Questions / Help tigris	3	61	July 29, 2024
Max retries exceeded with url from bucket tigris	8	45	October 18, 2024
automatically adding trailing slashes when serving static files from Tigris S3 Questions / Help storage , tigris	8	54	September 27, 2024
Getting Started Using Tigris + .NET AWS SDK Questions / Help storage , tigris , dotnet	3	141	April 30, 2024

aws-sigv4-proxy issue with Tigris

Related topics