Virtualmin fails to store backups in an AWS S3 bucket, if bucket location is eu-central-1 (Frankfurt/Germany).
This is possibly due to the fact that this is the first region that requires AWS Signature Version 4 of authenticating requests (all other regions also support version 2), see links at the end of this article.
Backup failed! See the progress output above for the reason why.
Total backup time was 02 minutes, 48 seconds.
Virtual servers that failed :
virtualmin-domain
Sent by Virtualmin at: https://example.com:10000
Creating backup for virtual server virtualmin-domain ..
Copying virtual server configuration ..
.. done
Backing up Cron jobs ..
.. none defined.
Saving mail aliases ..
.. done
Saving mail and FTP users ..
.. done
Backing up mail and FTP user Cron jobs ..
.. none to backup
Backing up Dovecot control files ..
.. none found
Creating TAR file of home directory ..
.. done
Uploading archive to Amazon's S3 service ..
.. upload failed! Invalid HTTP response : HTTP/1.1 400 Bad Request
.. completed in 1 minutes, 45 seconds
AWS Signature Version 4:
Amazon S3 supports Signature Version 4, a protocol for authenticating inbound API requests to AWS services, in all AWS regions. At this time, existing AWS regions continue to support the previous protocol, Signature Version 2. Any new regions after January 30, 2014 will support only Signature Version 4 and therefore all requests to those regions must be made with Signature Version 4.
Note: AWS officially announced the eu-central-1 region on 23 October 2014.
The AWS4 authorization mechanism requires AWS4-HMAC-SHA256:
- http://docs.aws.amazon.com/AmazonS3/latest/API/sig-v4-authenticating-req...
- http://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketGETlocation.html
- http://docs.aws.amazon.com/AmazonS3/latest/API/sigv4-auth-using-authoriz...
- http://docs.aws.amazon.com/AmazonS3/latest/API/sigv4-query-string-auth.html
Comments
Submitted by JamieCameron on Sun, 09/06/2015 - 00:53 Comment #1
That's correct - the solution is to install the
awscommand provided by Amazon which supports the new authentication system used in eu-central-1 . You can get it from https://aws.amazon.com/cli/Submitted by munklefish on Fri, 02/15/2019 - 09:19 Pro Licensee Comment #2
Is this likely to be taken care of within Virtualmin&Webmin and time in the near future? Or will it always require the AWS CLI to be installed manually? Once installed will the Virtualmin backups work again or do they have to be manually run/created?
Submitted by JamieCameron on Sat, 02/16/2019 - 00:13 Comment #3
We recommend installing the
awscommand if you can, as it's always going to be more reliable than relying on Virtualmin's implementation of Amazon's API.Submitted by node77 on Thu, 03/14/2019 - 08:27 Pro Licensee Comment #4
This is also required if using EU (London).
Easily done with
yum install awscli(CentOS)Submitted by tahiticlic on Fri, 05/15/2020 - 01:38 Comment #5
HI, thanks, you've saved my night !!!!! Works great with aws client, doesn't at all without.