Error when activating policy in AWS S3 Bucket only for HTTPS requests

ℹ️ Support
1
Support intro

Sorry to hear you’re facing problems :slightly_frowning_face:

help.nextcloud.com is for home/non-enterprise users. If you’re running a business, paid support can be accessed via portal.nextcloud.com where we can ensure your business keeps running smoothly.

In order to help you as quickly as possible, before clicking Create Topic please provide as much of the below as you can. Feel free to use a pastebin service for logs, otherwise either indent short log examples with four spaces:

example

Or for longer, use three backticks above and below the code snippet:

longer
example
here

Some or all of the below information will be requested if it isn’t supplied; for fastest response please provide as much as you can :heart:

Nextcloud version (eg, 20.0.5): 24.0.5.1
Operating system and version (eg, Ubuntu 20.04): fpm-alpine docker
Apache or nginx version (eg, Apache 2.4.25): nginx_1.22.0
PHP version (eg, 7.4): 8.0.23

The issue you are facing:

Is this the first time you’ve seen this error? (Y/N): Y

Steps to replicate it:

  1. Activate in S3 policy only SSL traffic (over HTTPS only) allowed

The output of your Nextcloud log in Admin > Logging:

Exception: Creation of bucket "bucket" failed. Error executing "CreateBucket" on "http://BUCKET.s3.eu-central-1.amazonaws.com/"; AWS HTTP error: Client error: `PUT http://BUCKET.s3.eu-central-1.amazonaws.com/` resulted in a `403 Forbidden` response: <?xml version="1.0" encoding="UTF-8"?> <Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>YKTJQK (truncated...) AccessDenied (client): Access Denied - <?xml version="1.0" encoding="UTF-8"?> <Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>request</RequestId><HostId>HostID</HostId></Error>

The output of your config.php file in /path/to/nextcloud (make sure you remove any identifiable information!):

<?php
$CONFIG = array (
  'memcache.local' => '\\OC\\Memcache\\APCu',
  'apps_paths' =>
  array (
    0 =>
    array (
      'path' => '/var/www/html/apps',
      'url' => '/apps',
      'writable' => false,
    ),
    1 =>
    array (
      'path' => '/var/www/html/custom_apps',
      'url' => '/custom_apps',
      'writable' => true,
    ),
  ),
  'memcache.distributed' => '\\OC\\Memcache\\Redis',
  'memcache.locking' => '\\OC\\Memcache\\Redis',
  'redis' =>
  array (
    'host' => 'HOST',
    'password' => '',
    'port' => 6379,
  ),
  'overwriteprotocol' => 'https',
  'objectstore' =>
  array (
    'class' => '\\OC\\Files\\ObjectStore\\S3',
    'arguments' =>
    array (
      'bucket' => 'BUCKET',
      'key' => 'KEY',
      'secret' => 'SECRET',
      'region' => 'eu-central-1',
      'hostname' => '',
      'port' => '',
      'objectPrefix' => 'urn:oid:',
      'autocreate' => false,
      'use_ssl' => true,
      'use_path_style' => false,
      'legacy_auth' => false,
    ),
  ),
  'passwordsalt' => 'PASS',
  'secret' => 'SECRET',
  'trusted_domains' =>
  array (
    0 => 'localhost',
    1 => 'NAME',
    2 => 'NAME2',
  ),
  'datadirectory' => '/var/www/html/data',
  'dbtype' => 'pgsql',
  'version' => '24.0.5.1',
  'overwrite.cli.url' => 'https://localhost',
  'dbname' => 'nextcloud',
  'dbhost' => 'nextcloud-BLASH.eu-central-1.rds.amazonaws.com',
  'dbport' => '',
  'dbtableprefix' => 'oc_',
  'dbuser' => 'USER',
  'dbpassword' => 'PASS',
  'installed' => true,
  'instanceid' => 'INST',
);

The output of your Apache/nginx/system log in /var/log/____:

[error] 31#31: *8 upstream prematurely closed FastCGI request while reading upstream, client: IP, server: SERVER, request: "GET /css/notifications/AAAA-AAAA-styles.css?v=RANDOM HTTP/1.1", upstream: "fastcgi://IP:9000", host: "HOST"

PASTE HERE


Output errors in nextcloud.log in /var/www/ or as admin user in top right menu, filtering for errors. Use a pastebin service if necessary.

PASTE HERE
2

Is NextCloud capable to communicate with the bucket for https? peharps i’m wrong and only is capable to communicate with the S3 AWS Bucket for http

3

Hi,

I have the exact same issue.
I migrated from local storage to s3 storage. Created the bucket first and moved all data there before configuring objectstorage in config.php.
Now it can access any data I stored there.
Looks like IAM permissions are not correct, so I gave it full s3 access. Didn’t help, still get this error:

Could not get object (I Checked object is in s3 bucket) and creation of bucket failed

app":"objectstore","method":"GET","url":"/apps/dashboard/","message":"Could not get object urn:oid:531747 for file appdata_ocj0tt174fa1/js/core/merged-template-prepend.js.deps"{"Exception":"Exception","Message":"Creation of bucket \"BUCKETNAME\" failed. Error executing \"CreateBucket\" on \"https://BUCKETNAME.s3.eu-central-1.amazonaws.com/\"; AWS HTTP error: Client error: `PUT https://BUCKETNAME.s3.eu-central-1.amazonaws.com/` resulted in a `403 Forbidden` response:\n<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>XY8NFX (truncated...)\n AccessDenied (client): Access Denied - <?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<Error><Code>AccessDenied</Code><Message>Access Denied</Message>

Anyone can help me with this or point me in the right direction?

EDIT:
Fixed it. It was indeed, a wrong permission. Mistyped the bucket name once in IAM policy