Unable to connect to S3 (DO Spaces)

I’m running a dockerized MM:master install, proxying with a customized NGINX. Cannot use DO Spaces storage, resulting in an “unable to connect” error (log below). Works with the other services on my machine, running in separate containers. From inside the container itself, connection to the endpoint works with no issues. Any suggestions on what to look into to diagnose would be superb!

{
  "caller": "web/context.go:117",
  "err_where": "TestConnection",
  "error": "TestConnection: Unable to connect to S3. Verify your Amazon S3 connection authorization parameters and authentication settings., unable to check if the S3 bucket exists",
  "http_code": 500,
  "ip_addr": "172.17.0.1",
  "level": "error",
  "method": "POST",
  "msg": "Unable to connect to S3. Verify your Amazon S3 connection authorization parameters and authentication settings.",
  "path": "/api/v4/file/s3_test",
  "request_id": "6dnyitkxcf8uz8t9pq4jw7wh3e",
  "timestamp": "2023-06-26 04:08:35.470 Z",
  "user_id": "baibprbd9bbttr7zqwqisdx4qr"
}

Alright so, digging through the logs I see a ton of 403 forbidden error responses to the PUT attempts, which leads me to believe Mattermost doesnt really properly authenticate despite sending all the keys needed. Anything I can do to fix this?

Looking a bit closer, I’m getting the “SignatureDoesNotMatch” response error which seems to occur because the signature doesn’t exactly match the headers sent. A bit at a loss of what to do here exactly, any tips?

Hi E and welcome to the Mattermost forums!

Can you show us your S3 related config settings (you can get them via mmctl or out of your config.json):

# mmctl --local config show | grep AmazonS3
    "AmazonS3AccessKeyId": "",
    "AmazonS3SecretAccessKey": "",
    "AmazonS3Bucket": "",
    "AmazonS3PathPrefix": "",
    "AmazonS3Region": "",
    "AmazonS3Endpoint": "s3.amazonaws.com",
    "AmazonS3SSL": false,
    "AmazonS3SignV2": false,
    "AmazonS3SSE": false,
    "AmazonS3Trace": false,
    "AmazonS3RequestTimeoutMilliseconds": 30000

Make sure to mask sensitive data like keys, etc.