Authentication Failure with CLI I stood up nginx in front of LakeFS and forwards HTTPS to LakeFS.. Got it running fine and can access via https and create a repo, branch etc. Then I tried to access from LakeFS CLI as follows after creating a profile with the same access key and secret used for web login -

aws s3 --profile lakefs \
  --endpoint-url <https://lakefs.example.com> \
  ls <s3://example-repo/main/example-directory>

I get an error - An error occurred (SignatureDoesNot Match) when calling ListObjectsV2 operation... The logs show same... SignatureDoesNotMatch, file build/pkg/gateway/middleware.go:61

does lakefs support that s3 ls api? Did you try using the s3api list-objects-v2 api on the aws cli?

Hi @Sam, Setting up S3 behind a proxy can be quite tricky, especially if your client uses vhost based access. Can you try the same command, but add the

--force-path-style

flag? Also, if it still does nto work, you could run with

--debug

.

I am able to successfully standup LakeFS behind NGINX for https. Works great from the browser. Can access https://lakefs.mydomain.com, login with access key and Secret key and drill down and upload data etc. However, I get the signature does not match error when I access the same https URL with a profile configured with same access key and secret key. I get the error - An error occurred (SignatureDoesNotMatch) when calling ListObjectsV2 operation.... docker logs lakefs also shows - SignatureDoesNotMatch, file build/pkg/gateway/middleware.go:61 Interestingly, the same AWS CLI call works fine with direct http call to the LakeFS server behind NGINX. aws s3 --profile lakefs --endpoint-url http://lakefs.mydomain.com:8000 ls s3://etc.... https://stackoverflow.com/questions/30518899/amazon-s3-how-to-fix-the-request-signature-we-calculated-does-not-match-the-s has several folks offering several different solutions (including escaping special characters in the access key). I tried whatever seemed applicable with no success. I'd appreciate any help on this. Thanks!

Hi @Sam, I suspect you're running into difficulties with the hostname. S3 has 2 addressing modes: path-style and virtual host-style. The latter is really hard to configure behind a reverse proxy. Can you configure your S3 client to force path style? It's usually called that; if you know what client it is, perhaps I can help configure it.