Amazon S3
, using rails
and fog
. Trying to precompile my assets with rake assets:precompile
:
message:
[WARNING] fog: followed redirect to myproject.de.s3-us-west-2.amazonaws.com, connecting to the matching region will be more performant rake aborted! hostname does not match the server certificate (OpenSSL::SSL::SSLError)
So there is something with OpenSSL
What I tried already:
I have already tried to config certificates in application.rb
like this: with no success.
AWS.config(:http_handler => AWS::Http::HTTPartyHandler.new(:ssl_ca_path => "/etc/ssl/certs"))
also installed openssl
on Ubuntu 12.04 from here
Question is: How Amazon S3 deals with certificates
Amazon S3 allows both HTTP and HTTPS requests. By default, requests are made through the AWS Management Console, AWS Command Line Interface (AWS CLI), or HTTPS. To comply with the s3-bucket-ssl-requests-only rule, confirm that your bucket policies explicitly deny access to HTTP requests.
Actually you can use a bucket name with a dot. All you have to do is add :path_style => true
to your config.fog_credentials
.
In your example, it would give:
config.fog_credentials = { :provider => 'AWS', :aws_access_key_id => ENV['S3_KEY'], :aws_secret_access_key => ENV['S3_SECRET'], :region => ENV['S3_REGION'], :path_style => true } config.fog_directory = "myproject.de"
In order to access your S3 bucket URLs via httpS, you will need to either:
.
' and use the "Virtual Hosted–Style" URL, such as https://simplebucketname.s3.amazonaws.com/myObjectKey
https://s3.amazonaws.com/mybucket.mydomain.com/myObjectKey
With fog
, you can set the option: :path_style => true
as this solution explained.
The SSL Certificate Validation problem arises from using dots '.
' in the S3 Bucket Name along with the "Virtual Hosted–Style Method" URL format.
The Amazon S3 Documentation states that it allows two main URL formats for accessing S3 Buckets and Objects:
So what's happening is this:
https://myproject.de.s3-us-west-2.amazonaws.com/foo/bar
myproject.de.s3-us-west-2.amazonaws.com
*.amazonaws.net
is served during SSL TLS Negotiation*.s3.amazonaws.com
against myproject.de.s3-us-west-2.amazonaws.com
*.s3.amazonaws.com
hostname does not match the server certificate
due to Invalid SSL Cert CA ValidationThe dots in S3 URL problem is mentioned around the internet such as in the Drupal Project, AWS Forums, Python Boto Library and is very well explained in this blog post entitled: Amazon S3 Gotcha: Using Virtual Host URLs with HTTPS <-- I highly recommend reading this one for further clarification.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With