I'm using Wasabi's S3-compatible storage and trying to set it up with a custom domain like `euc1.domain.com` that's mapped directly to a bucket named `euc1.domain.com`. I believe Wasabi requires the custom domain to match the bucket name. My goal is to create clean presigned URLs looking like this: `https://euc1.domain.com/uuid/filename.txt?AWSAccessKeyId=...&Signature=...&Expires=...`. However, boto3 is generating a URL that looks like this: `https://euc1.domain.com/euc1.domain.com/uuid/filename.txt?AWSAccessKeyId=...&Signature=...`, which is not what I want.
Here's how I'm configuring the boto3 client:
```python
s3 = boto3.client(
's3',
endpoint_url='https://euc1.domain.com',
aws_access_key_id=...,
aws_secret_access_key=...,
config=Config(s3={'addressing_style': 'virtual'})
)
```
Despite this setup, boto3 continues to treat the bucket as part of the path, resulting in a signed request like `GET /euc1.domain.com/uuid/filename.txt`. If I try to manually remove the bucket name from the path (with something like `urlparse`), the signature ends up being invalid. So I'm stuck—my presigned URLs are not clean because of this path signing issue, and any attempts to edit the path result in authentication problems.
**What I'm Looking For:**
- I need the presigned URL to come out as `https://euc1.domain.com/uuid/filename.txt?...`, not `https://euc1.domain.com/euc1.domain.com/uuid/filename.txt?...`
- Has anyone else experienced this? Is there a known workaround to get boto3 to sign true virtual-hosted style buckets when the bucket name is the same as the domain? Is this a limitation of boto3 or just specific to Wasabi? I would appreciate any assistance—I've been stuck on this for hours!
2 Answers
You can’t presign a URL with a custom domain name directly. It's best to remind the client to use the bucket name for the endpoint. If you want HTTPS with your custom domain, consider using CloudFront with signed cookies or URLs.
Actually, you can presign a URL using a custom domain. From what I gather, you need to set the endpoint in this format: `https://.s3-.amazonaws.com` and set `bucket_endpoint` to true. After you generate the presigned URL, you can swap in your custom domain. These parameters are for the PHP S3Client, but should work similarly in boto3. Although, I realized this is about pseudo-S3, so it might not apply exactly here. Maybe the question belongs elsewhere!
Just to clarify, I had to use a CNAME on CloudFront pointing directly to the bucket. I generated the presigned URL using Wasabi, then rewrote the domain name to let CloudFront proxy it.