I encountered a SignatureDoesNotMatch issue when switching MinIO from Docker Run to Docker Compose. I'm using PresignedUploadURLs to upload files from the frontend (React/Axios).
I've tried all the standard S3 solutions. The issue is most likely a conflict in the Host header between the Docker network and the signature.
My question:
What else could be causing the SignatureDoesNotMatch error in my configuration if I've already excluded the Content-Type and configured the endpoints? How can I get the canonical request and signature string from the MinIO logs?
📋 Technical data for analysis:
MinIO configuration (.env and docker-compose):
MINIO_ENDPOINT=minio:9000 MINIO_PUBLIC_ENDPOINT=localhost:9000 (also tried 127.0.0.1:9000) MINIO_SERVER_URL: "http://localhost:9000" The bucket bucket-name is used.
Go Minio Client initialization:
The client is initialized with Region: us-east-1 and BucketLookup: minio.BucketLookupPath.
Go link generation function (CreatePresignedUploadURL):
Content-Type has been removed from the signature options (optsURL).
The Host header is included in the signature:
optsURL.Set("Host", publicHost) Generated URL (Example):
http://localhost:9000/bucket-name/materials/1/1111?Host=localhost%3A9000&X-Amz-SignedHeaders=\*\*host\*\*&X-Amz-Signature=... Incoming PUT request (Frontend/Axios):
URL: Matches the generated link.
Host header: Host: localhost:9000
Content-Type: Present (image/jpeg), but not signed (since excluded from Go code).
Response: Status 403 Forbidden with error <Code>SignatureDoesNotMatch</Code>.
Debugging attempt:
The MINIO_API_TRACE environment variable was added to docker-compose.yml, but detailed trace logs are not displayed when running:
docker compose logs -f minio. Final questions:
Why does MinIO still return a signature error even though the signed Host header and the Host header in the request completely match? What other hidden headers (e.g., Content-Length or X-Amz-Content-Sha256) or parameters can be modified by the Docker network, and how can this be diagnosed without a working MINIO_API_TRACE?
