Proxmox Backup Server S3 Configuartion

G

GewooNils

New Member
Aug 27, 2025
2
0
1
I am trying to setup PBS and I want to add my hetzner s3 bukket as a datastore. But everytime I want to create the datastore is gives the error added in the image. It can find all the bukkets, so what could be the problem?

1756331234532.png1756331242296.png1756331248658.png
 
Your bucket name is not part of the endpoint url, therefore you have to use path style bucket addressing. Just check the corresponding checkbox in the endpoint create/edit window.
 
Hi, we had problems to add our Ceph S3 bucket.


We try "Path Style" too... and changed Provider Quirks.

The Buckets are not loaded. Any Ideas?

s3_endpoint.pngs3_datastore.png
 
From the port I suspect you are using http only? You need to use https, http only is not supported by the PBS s3 client. Add a certificate to your RADOS Gateway and add the fingerprint if it is a self signed certificate.
 
Hi Chris, we are using https on port 8080. We had a official certificate installed. i added now the fingerprint, but no success...
 
Please post the output of:
  • proxmox-backup-manager s3 endpoint list-buckets <s3-endpoint-id>
  • proxmox-backup-manager s3 check <s3-endpoint-id> <bucket>
 
proxmox-backup-manager s3 endpoint list-buckets:
Error: failed to list buckets

Caused by:
0: client error (Connect)
1: unexpected EOF

proxmox-backup-manager s3 check:
Error: head object failed

Caused by:
0: client error (Connect)
1: unexpected EOF
 
Then there is most likely an underlying networking issue, as the client cannot even connect to the rados gateway. Do you have some proxy in-between? Can you reach the bucket by some other s3 client tooling from the same PBS host?
 
OK, i tested it now with s3fs. cant't connect on port 8080

But with our reverseproxy on port 443 s3fs will connect, but bps not:

proxmox-backup-manager s3 endpoint list-buckets:
<?xml version="1.0" encoding="UTF-8"?><Error><Code>SignatureDoesNotMatch</Code><Message></Message><RequestId>tx00000010e249b0ad22889-0068b0380d-110341523-default</RequestId><HostId>110341523-default-default</HostId></Error>
Error: failed to list buckets

Caused by:
unexpected status code 403 Forbidden
 
nmmn said:
SignatureDoesNotMatch
Click to expand...
That would indicate that your request is not signed correctly. Check the region, it is part of the signature and might cause such issues if not set correctly. Also, you might want to enable and check the incoming request logged by RADOS gateway, maybe that gives you more error context.

Edit: And of course check your access key and secret key as well as permissions.
 
Last edited:
ok, strange... i deleted port 443 and now it is working with reverseproxy... But default is 443. So why "SignatureDoesNotMatch" when i set port 443...
 
I see, well if you explicitly set the port, it is part of the host header which is also signed in the aws v4 sign scheme... so yes, you need to leave it empty if you are not explicitly using it but use the standard port. Will have a look if it makes sense for us to define an exception if port 443 is explicitly set. According to the RFC it should however be accepted as optional https://www.rfc-editor.org/rfc/rfc9110.html#field.host
 
You must log in or register to reply here.
Top Bottom