ali-oss icon indicating copy to clipboard operation
ali-oss copied to clipboard

Published 20 hours ago verified publisher icon ali-sdk

How to use with custom domain?

Open atonamy opened this issue 4 years ago • 17 comments

I created custom domain through CDN then I try to use it with ali-oss:

const oss = new OSS({
  region: 'oss-cn-zhangjiakou',
  accessKeyId: 'XXXXXXXXXXXXXXXXX',
  accessKeySecret: 'XXXXXXXXXXXXXX',
  bucket: 'some-bucket',
  cname: true
})

when I simply try to access my object info:

const res = await oss.head('some/object')

I getting error:

UnknowError: Unknow error, status: 400 at requestError (/code/node_modules/ali-oss/lib/client.js:427:15) at request (/code/node_modules/ali-oss/lib/client.js:260:22) at _tickCallback (internal/process/next_tick.js:68:7)

If I remove cname parameter everything works without any issue. But in my OSS Managment Console I can see that url is custom one but oss.head return not custom url just standard one if I don't use cname parameter.

atonamy avatar Apr 20 '20 10:04 atonamy

you should set endpoint. e.g.

const store = oss({
      accessKeyId: 'xxx',
      accessKeySecret: 'xxx',
      endpoint: 'foo.bar.com',
      cname: true
    });

PeterRao avatar Apr 21 '20 02:04 PeterRao

Same problem, I get 403 error

If i remove endpoint, and cname then its okay.

the endpoint is correct, and cname is true, and secure: true. Endpoint is binded to aliyun cdn, and is working. The problem only happen with .HEAD, I can do .PUT, .GET, etc.

{ UnknowError: Unknow error, status: 403 at requestError (/code/node_modules/ali-oss/lib/client.js:428:15) at request (/code/node_modules/ali-oss/lib/client.js:261:22) at _tickCallback (internal/process/next_tick.js:68:7) name: 'UnknowError', status: 403,

ricky11 avatar May 18 '20 17:05 ricky11

Same problem, I get 403 error

If i remove endpoint, and cname then its okay.

the endpoint is correct, and cname is true, and secure: true. Endpoint is binded to aliyun cdn, and is working. The problem only happen with .HEAD, I can do .PUT, .GET, etc.

{ UnknowError: Unknow error, status: 403 at requestError (/code/node_modules/ali-oss/lib/client.js:428:15) at request (/code/node_modules/ali-oss/lib/client.js:261:22) at _tickCallback (internal/process/next_tick.js:68:7) name: 'UnknowError', status: 403,

Can you give me requestid.

PeterRao avatar May 19 '20 08:05 PeterRao

thank you for re-opening, the request id is :

{ UnknowError: Unknow error, status: 403 at requestError (/code/node_modules/ali-oss/lib/client.js:428:15) at request (/code/node_modules/ali-oss/lib/client.js:261:22) at _tickCallback (internal/process/next_tick.js:68:7) name: 'UnknowError', status: 403, requestId: '5EC38F110D92D93DAB7D6B7F', host: '', params: { object: '#zipFiles/5eb542b949b1740009384ee8/1.jpg et al.zip', bucket: 'sinxxsend', method: 'HEAD', subres: undefined, timeout: undefined, ctx: undefined, successStatuses: [ 200, 304 ] } }

ricky11 avatar May 19 '20 08:05 ricky11

Another request id 👍 requestId: '5EC398159EB6B2B145B5342A',

By the way how can you search from the request id???? you have access to the all oss requests?

ricky11 avatar May 19 '20 08:05 ricky11

Another request id 👍 requestId: '5EC398159EB6B2B145B5342A',

By the way how can you search from the request id???? you have access to the all oss requests?

I am OSS team member, request id can help us to search error log. We can't access to the all oss request, only get the error log from backend server.

PeterRao avatar May 19 '20 08:05 PeterRao

Okay thats good.

because somebody on alibaba team told me ali-oss sdk for NODE is not 'official'

Please try search this requst id also for HEAD error 403. '5EC399F3ECDBD05A41D101B3'

I think the problem is the CNAME with CDN .HEAD cannot work with CDN domain name?

the problem is only .HEAD api, i dont know why... how to solve this.

BELOW IS RESPONSE FROM TECH SUPPORT.

This is response i got from the support team which i try to solve for more than 2 weeks.

When 【endpoint】parameter is set to a domain linked to a CDN service address. The return code is 【403】

When 【endpoint】 parameter is set to a domain linked to the OSS service address directly. The return code 【200】

Kindly verify. Meanwhile, we will check further on whether it is possible forward head request properly in this case. We wish to apologize for the inconvenience. As a client already specified the "bucket" parameter. May we ask how come it is required to route the request to take domain endpoint first?

The SDK behavior is correct. The issue is caused by when request reaches CDN service and get redirected to the OSS endpoint. Its request method 'HEAD' will change.

Last time we checked 'GET' is working properly still. Kindly verify.

Meanwhile, let us check if there's an alternative solution in this regard.

ricky11 avatar May 19 '20 08:05 ricky11

I get error code 'InvalidAccessKeyId'.

Could you can join DingTalk Group, If this is not a bug, I think using dingding is more efficient and safe

PeterRao avatar May 19 '20 08:05 PeterRao

Hello

It would be better if we the developer can get this correct code back, but we get UNKOWNERROR, this is the problem , if i get the error INVALID ACCESS KEYID, then i can debug it more.

i use 2 kind of key for testing.

  1. Context Securityid in function compute

  2. Root Key

  3. Context will fail all the time for HEAD, but will pass for GET,PUT, etc. (with CNAME)

  4. Root Key will also fail for HEAD WITH CNAME, but will 200 status without CNAME

So i dont think the real problem is the KEY. but it would be better if my log also show INVALIDACCESKEYID.

ricky11 avatar May 19 '20 08:05 ricky11

I get error code 'InvalidAccessKeyId'.

Could you can join DingTalk Group, If this is not a bug, I think using dingding is more efficient and safe

What is the ding group name?

ricky11 avatar May 19 '20 08:05 ricky11

I get error code 'InvalidAccessKeyId'. Could you can join DingTalk Group, If this is not a bug, I think using dingding is more efficient and safe

What is the ding group name?

https://github.com/ali-sdk/ali-oss#qa

PeterRao avatar May 19 '20 08:05 PeterRao

Hello

It would be better if we the developer can get this correct code back, but we get UNKOWNERROR, this is the problem , if i get the error INVALID ACCESS KEYID, then i can debug it more.

i use 2 kind of key for testing.

  1. Context Securityid in function compute
  2. Root Key
  3. Context will fail all the time for HEAD, but will pass for GET,PUT, etc. (with CNAME)
  4. Root Key will also fail for HEAD WITH CNAME, but will 200 status without CNAME

So i dont think the real problem is the KEY. but it would be better if my log also show INVALIDACCESKEYID.

Hello, ricky11. When you use headObject from cdn. cdn will getObject from oss first. But it will cause SignatureDoesNotMatch. store.get('xxx', { headers: { Range: 'bytes=0-0' } }).then(res => { console.log(res); }) this is temporary solution. I will feedback to our oss team and cdn team, see if they have a better solution

PeterRao avatar May 20 '20 03:05 PeterRao

Ok Thank you, For now i will remove the custom domain for head.

ricky11 avatar May 20 '20 03:05 ricky11

同样的问题,head 403报错,提供几个request-id: 5F3E9BC75DCE1A393232DE46 5F3E9BBD5DCE1A393277BF46 5F3E9BBA5DCE1A39326AB746 5F3E9F9EB9FD8B323959D43C 5F3EA0CD7CAA7537388B6C1A 希望早日解决

wwwumr avatar Aug 20 '20 16:08 wwwumr

Hi @PeterRao is this head issue with cdn resolved? as you said May 2020 you will send feedback to cdn team to solve it.

ricky11 avatar Mar 16 '21 07:03 ricky11

必须在CDN控制台增加 Ali-Swift-Fwd-Head: on 的回源请求头。 The Ali-Swift-Fwd-Head: on return request header must be added to the CDN console.

image

PeterRao avatar Mar 19 '21 06:03 PeterRao

@PeterRao 还是不行

Abyssknight avatar Feb 22 '23 09:02 Abyssknight