401对Swift Openstack使用s3 API时未经授权

运行此命令时出现以下错误：

命令：

[root@controllers3curl]#./s3curl.pl——调试-个人idhttp://controller:8080/v1/AUTH_aa58420177714dc89e6f06bf96dee164/container1/s3-curl.zip

结果:

s3curl: Found the url: host=controller; port=8080; uri=/v1/AUTH_aa584                                                                                                                                                             20177714dc89e6f06bf96dee164/container1/s3-curl.zip; query=;
s3curl: cname endpoint signing case
s3curl: StringToSign='HEAD\n\n\nFri, 09 Oct 2020 16:18:12 +0000\n/controller:8080/v1/AUTH_aa58420177714dc89e6f06bf96dee164/container1/s3-curl.zip'
s3curl: exec curl -H Date: Fri, 09 Oct 2020 16:18:12 +0000 -H Authorization: AWS                                                                                                                                                              05fbbd16b6b2479394a2d0b921260499:G75HMR7jeuTJYQZkohVtLPFYyq8= -L -H content-typ                                                                                                                                                             e:  -I http://controller:8080/v1/AUTH_aa58420177714dc89e6f06bf96dee16                                                                                                                                                             4/container1/s3-curl.zip
HTTP/1.1 401 Unauthorized
Date: Fri, 09 Oct 2020 16:18:12 GMT
Server: Apache/2.4.37 (centos) mod_wsgi/4.6.4 Python/3.6
Www-Authenticate: Swift realm="AUTH_aa58420177714dc89e6f06bf96dee164"
WWW-Authenticate: Keystone uri="http://controller:5000/v3/"
X-Trans-Id: txc86fb2c114b845e9b4f1f-005f808d46
X-Openstack-Request-Id: txc86fb2c114b845e9b4f1f-005f808d46
Content-Type: text/html; charset=UTF-8


[root@controller s3-curl]# cat ../.s3curl
%awsSecretAccessKeys = (
    # personal account
    personal => {
        id => '05fbbd16b6b2479394a2d0b921260499',
        key => '7a129e96850a408b91eba0e4c4bad53d',
    },

);





[root@controller ~]# openstack ec2 credentials list
+----------------------------------+----------------------------------+----------------------------------+----------------------------------+
| Access                           | Secret                           | Project ID                       | User ID                          |
+----------------------------------+----------------------------------+----------------------------------+----------------------------------+
| 0c55e069db00409cb5f6579ecb3be056 | 1f1b5bb52783449f829f338d61bc3746 | aa58420177714dc89e6f06bf96dee164 | e6bc765a255847e7aa50bb10ea961185 |
| 872926651be443e7ad28645742532972 | 539f6dd99c6e4d3ab38f691760854a05 | aa58420177714dc89e6f06bf96dee164 | e6bc765a255847e7aa50bb10ea961185 |
| 05fbbd16b6b2479394a2d0b921260499 | 7a129e96850a408b91eba0e4c4bad53d | aa58420177714dc89e6f06bf96dee164 | e6bc765a255847e7aa50bb10ea961185 |
+----------------------------------+----------------------------------+----------------------------------+----------------------------------+
[root@controller ~]# openstack object list container1
+-------------+
| Name        |
+-------------+
| s3-curl.zip |
+-------------+
[root@controller ~]# cat /etc/swift/proxy-server.conf

下面是proxy-server.conf的内容。我一直在触发垃圾邮件保护，所以我不得不删除大部分信息/评论。对那些知道他们在说什么的人来说应该不重要，但如果需要的话，我可以做一个粘贴盒或其他东西

[pipeline:main]
#pipeline = catch_errors gatekeeper healthcheck proxy-logging cache listing_formats container_sync bulk tempurl ratelimit s3api tempauth copy container-quotas account-quotas slo dlo versioned_writes symlink proxy-logging proxy-server
pipeline = catch_errors gatekeeper healthcheck proxy-logging cache container_sync bulk ratelimit authtoken s3api s3token  keystoneauth copy container-quotas account-quotas slo dlo versioned_writes symlink proxy-logging proxy-server
[app:proxy-server]
use = egg:swift#proxy
# set log_name = proxy-server
# set log_facility = LOG_LOCAL0
# set log_level = INFO
# set log_address = /dev/log
# require_proxy_protocol = false
# log_handoffs = true
# recheck_account_existence = 60
# recheck_container_existence = 60
# recheck_updating_shard_ranges = 3600
# object_chunk_size = 65536
# client_chunk_size = 65536
# node_timeout = 10
# recoverable_node_timeout = node_timeout
# conn_timeout = 0.5
# post_quorum_timeout = 0.5
# error_suppression_interval = 60
# error_suppression_limit = 10
# allow_account_management = false
account_autocreate = true
# max_containers_per_account = 0
# max_containers_whitelist =
# deny_host_headers =
# sorting_method = shuffle
# timing_expiry = 300
# rebalance_missing_suppression_count = 1
# concurrent_gets = off
# concurrency_timeout = 0.5
# concurrent_ec_extra_requests = 0
# request_node_count = 2 * replicas
# read_affinity = r1z1=100, r1z2=200, r2=300
# read_affinity =
# write_affinity = r1, r2
# write_affinity =
# write_affinity_node_count = 2 * replicas
# write_affinity_handoff_delete_count = auto
# swift_owner_headers = x-container-read, x-container-write, x-container-sync-key, x-container-sync-to, x-account-meta-temp-url-key, x-account-meta-temp-url-key-2, x-container-meta-temp-url-key, x-container-meta-temp-url-key-2, x-account-access-control
# nice_priority =
# Work only with ionice_class.
# ionice_class =
# ionice_priority =
# [proxy-server:policy:<policy index>]
# sorting_method =
# read_affinity =
# write_affinity =
# write_affinity_node_count =
# write_affinity_handoff_delete_count =
# rebalance_missing_suppression_count = 1
# concurrent_gets = off
# concurrency_timeout = 0.5
# concurrent_ec_extra_requests = 0
[filter:authtoken]
paste.filter_factory = keystonemiddleware.auth_token:filter_factory
www_authenticate_uri = http://controller:5000/v3/
auth_url = http://controller:5000/v3/
auth_type = password
project_domain_id = default
user_domain_id = default
project_name = admin
username = admin
password = **********
delay_auth_decision = True
# cache = swift.cache
# include_service_catalog = False
[filter:keystoneauth]
use = egg:swift#keystoneauth
#reseller_prefix = AUTH
operator_roles = admin, user
# reseller_admin_role = ResellerAdmin
allow_overrides = true
# service_roles =
# default_domain_id = default
# allow_names_in_acls = true
[filter:s3api]
use = egg:swift#s3api
#   auth_token
# allow_no_owner = false
location = us-east-1
# dns_compliant_bucket_names = True
# max_bucket_listing = 1000
# max_parts_listing = 1000
# max_multi_delete_objects = 1000
# multi_delete_concurrency = 2
#s3_acl = true
# storage_domain =
# auth_pipeline_check = True
# allow_multipart_uploads = True
# max_upload_part_num = 1000
# check_bucket_owner = false
# force_swift_request_proxy_log = false
# min_segment_size = 5242880
# log_name = s3api
[filter:s3token]
use = egg:swift#s3token
#reseller_prefix = AUTH_
delay_auth_decision = True
auth_uri = http://controller:5000/v3/
http_timeout = 10.0
# secret_cache_duration = 0
# insecure = False
# certfile =
# keyfile =
# log_name = s3token
# secret_cache_duration = 0
# auth_url = http://keystonehost:5000
# auth_type = password
# project_domain_id = default
# project_name = service
# user_domain_id = default
# username = swift
# password = password

[管道：主管道]
#pipeline=catch\u errors gatekeeper healthcheck代理日志缓存列表\u格式容器\u同步批量tempurl速率限制s3api tempauth复制容器配额帐户配额slo dlo版本化\u写入符号链接代理日志代理服务器
pipeline=catch\u errors gatekeeper healthcheck代理日志缓存容器\u同步批量速率限制authtoken s3api s3token keystoneauth复制容器配额帐户配额slo dlo版本化\u写入符号链接代理日志代理服务器
[应用程序：代理服务器]
use=egg:swift#proxy
#设置log\u name=代理服务器
#设置log\u facility=log\u LOCAL0
#设置日志级别=信息
#设置日志地址=/dev/log
#require\u proxy\u protocol=false
#log_切换=真
#重新检查账户是否存在=60
#重新检查容器是否存在=60
#重新检查\u更新\u碎片\u范围=3600
#对象块大小=65536
#客户端块大小=65536
#节点超时=10
#可恢复节点超时=节点超时
#连接超时=0.5
#post_quorum_超时=0.5
#错误抑制间隔=60
#错误抑制极限=10
#允许帐户管理=错误
帐户\自动创建=真
#每个帐户的最大容器数=0
#最大容器数白名单=
#拒绝主机头=
#排序方法=洗牌
#时间=300
#重新平衡\缺失\抑制\计数=1
#并发_get=off
#并发超时=0.5
#并发的额外请求=0
#请求\u节点\u计数=2*个副本
#读取亲和力=r1z1=100，r1z2=200，r2=300
#阅读亲和力=
#写入亲缘关系=r1，r2
#书写亲缘关系=
#写入亲缘关系节点计数=2*个副本
#写入\关联\切换\删除\计数=自动
#swift_owner_headers=x-container-read、x-container-write、x-container-sync-key、x-container-sync-to、x-account-meta-temp-url-key、x-account-meta-temp-url-key、x-container-meta-temp-url-key、x-account-access-control
#好极了=
#仅与ionice_类一起工作。
#ionice_班=
#ionice_优先权=
#[代理服务器：策略：]
#排序法=
#阅读亲和力=
#书写亲缘关系=
#写入\u关联\u节点\u计数=
#写入\关联\切换\删除\计数=
#重新平衡\缺失\抑制\计数=1
#并发_get=off
#并发超时=0.5
#并发的额外请求=0
[过滤器：authtoken]
paste.filter\u factory=keystenemiddleware.auth\u令牌：filter\u factory
www\u authenticate\u uri=http://controller:5000/v3/
验证url=http://controller:5000/v3/
验证类型=密码
项目\域\ id=默认值
用户\域\ id=默认值
项目名称=管理员
用户名=管理员
密码=**********
延迟认证决策=真
#cache=swift.cache
#include\u service\u catalog=False
[过滤器：keysteauth]
use=egg:swift#keysteauth
#分销商前缀=认证
操作员\角色=管理员，用户
#分销商\管理\角色=分销商管理员
允许覆盖=真
#服务单元角色=
#默认\u域\u id=默认值
#允许\u acls中的\u名称\u=true
[过滤器：s3api]
use=egg:swift#s3api
#认证令牌
#允许\u无\u所有者=false
位置=us-east-1
#dns_兼容_bucket_names=True
#最大桶数=1000
#最大零件清单=1000
#最大\u多\u删除\u对象=1000
#多\u删除\u并发=2
#s3_acl=真
#存储域=
#验证管道检查=真
#允许多部分上传=真
#最大上载部分数量=1000
#检查桶所有者=错误
#force\u swift\u request\u proxy\u log=false
#最小分段尺寸=5242880
#log_name=s3api
[过滤器：s3token]
use=egg:swift#s3token
#分销商前缀=认证_
延迟认证决策=真
认证uri=http://controller:5000/v3/
http_超时=10.0
#机密\u缓存\u持续时间=0
#不安全=错误
#证书文件=
#密钥文件=
#log_name=s3token
#机密\u缓存\u持续时间=0
#验证url=http://keystonehost:5000
#验证类型=密码
#项目\域\ id=默认值
#项目名称=服务
#用户\域\ id=默认值
#用户名=swift
#密码=密码

我所尝试的：

-通过彻底的网络搜索发现，所有建议都是可行的

-从开始到现在完全重建设置。两次

-许多小的配置变化，调整，通常

-阅读许多在线文章

---

如果您能帮助我诊断为什么会收到这个401错误，并帮助我修复它，我将不胜感激。谢谢

显然是apache造成了问题。我们切换到nginx，它现在可以工作了