I hope to build a sonatype nexus that uses S3 protocol to store in Tencent cloud
nexus version: Sonatype Nexus RepositoryOSS 3.66.0-02
When I upload files to COS bucket using AWS s3 SDK, the signature error is displayed.
After checking, it is found that the content in the red box can be uploaded normally, and the content in the green box cannot be uploaded
The request header X-amz-meta-blobstore.temporal-blob :true is added to the original string of the signature in the green area
Tencent Cloud interface is compatible with this request header
Or my SDK version needs to be adjusted. The current version is aws-java-sdk-s3:1.12.658
log:
2024-03-18 15:24:24 报错返回信息:Service: Amazon S3; Status Code: 403; Error Code: SignatureDoesNotMatch; Request ID: NjVmN2VjMjhfMjBkMDM4MGJfMjU4N2JfYTE5YWQ5MQ==; S3 Extended Request ID: null; Proxy: null 可以执行的代码段:成功执行log: 2024-03-18 15:24:23,897+0800 DEBUG
[qtp1518415048-80] admin org.sonatype.nexus.blobstore.s3.internal.ProducerConsumerUploader - Starting upload to key nexus/content/vol-22/chap-01/f38f4af9-cad6-4534-8af8-c6ecde64f4ff.bytes in bucket nexustest-1304148495 2024-03-18 15:24:23,898+0800 DEBUG
[qtp1518415048-80] admin com.amazonaws.request - Sending Request: PUT
https://nexustest-1304148495.cos.ap-beijing.myqcloud.com /nexus/content/vol-22/chap-01/f38f4af9-cad6-4534-8af8-c6ecde64f4ff.bytes 2024-03-18 15:24:23,899+0800 DEBUG
[qtp1518415048-80] admin com.amazonaws.services.s3.internal.S3Signer - Calculated string to sign: "PUT application/octet-stream Mon, 18 Mar 2024 07:24:23 GMT /nexustest-1304148495/nexus/content/vol-22/chap-01/f38f4af9-cad6-4534-8af8-c6ecde64f4ff.bytes" 2024-03-18 15:24:24,027+0800 DEBUG
[qtp1518415048-80] admin com.amazonaws.retry.ClockSkewAdjuster - Reported server date (from 'Date' header): Mon, 18 Mar 2024 07:24:24 GMT 2024-03-18 15:24:24,028+0800 DEBUG
[qtp1518415048-80] admin com.amazonaws.request - Received successful response: 200, AWS Request ID: NjVmN2VjMjdfMjBkMDM4MGJfMjU4YzdfYTI4NTM1Ng== 2024-03-18 15:24:24,029+0800 DEBUG
[qtp1518415048-80] admin com.amazonaws.requestId - x-amzn-RequestId: not available 2024-03-18 15:24:24,029+0800 DEBUG
[qtp1518415048-80] admin com.amazonaws.requestId - AWS Request ID: NjVmN2VjMjdfMjBkMDM4MGJfMjU4YzdfYTI4NTM1Ng== 2024-03-18 15:24:24,030+0800 DEBUG
[qtp1518415048-80] admin org.sonatype.nexus.blobstore.s3.internal.ProducerConsumerUploader - Finished upload to key nexus/content/vol-22/chap-01/f38f4af9-cad6-4534-8af8-c6ecde64f4ff.bytes in bucket nexustest-1304148495 失败log : 2024-03-18 15:24:24,030+0800 DEBUG
[qtp1518415048-80] admin org.sonatype.nexus.blobstore.s3.internal.S3PropertiesFile - Storing: nexustest-1304148495/nexus/content/vol-22/chap-01/f38f4af9-cad6-4534-8af8-c6ecde64f4ff.properties 2024-03-18 15:24:24,031+0800 DEBUG
[qtp1518415048-80] admin com.amazonaws.request - Sending Request: PUT
https://nexustest-1304148495.cos.ap-beijing.myqcloud.com /nexus/content/vol-22/chap-01/f38f4af9-cad6-4534-8af8-c6ecde64f4ff.properties 2024-03-18 15:24:24,031+0800 DEBUG
[qtp1518415048-80] admin com.amazonaws.services.s3.internal.S3Signer - Calculated string to sign: "PUT application/octet-stream Mon, 18 Mar 2024 07:24:24 GMT x-amz-meta-blobstore.temporary-blob:true /nexustest-1304148495/nexus/content/vol-22/chap-01/f38f4af9-cad6-4534-8af8-c6ecde64f4ff.properties" 2024-03-18 15:24:24,097+0800 DEBUG
[qtp1518415048-80] admin com.amazonaws.retry.ClockSkewAdjuster - Reported server date (from 'Date' header): Mon, 18 Mar 2024 07:24:24 GMT 2024-03-18 15:24:24,098+0800 DEBUG
[qtp1518415048-80] admin com.amazonaws.request - Received error response: com.amazonaws.services.s3.model.AmazonS3Exception: The Signature you specified is invalid. (Service: Amazon S3; Status Code: 403; Error Code: SignatureDoesNotMatch; Request ID: NjVmN2VjMjhfMjBkMDM4MGJfMjU4N2JfYTE5YWQ5MQ==; S3 Extended Request ID: null; Proxy: null), S3 Extended Request ID: null
I found that the difference between upload success and upload failure is only the addition of a request header, if the code is wrong then there will be no first upload success phenomenon.