[RESOLVED] Issues with new Chef Server and S3 bookshelf


I am standing up a new Chef Server, but am running into some issues with the S3 bookshelf. When uploading cookbooks, nginx reports errors connecting to the bookshelf on, which is disabled.

If I remove the following block from the nginx config, everything works fine, and I can see new data in S3:

    # bookshelf
    location ~ "/s3-bucket-name/{0,1}.*$" {
      proxy_pass http://bookshelf;

This is Chef Server 12.12.0. The Chef Server I am replacing is a tad older (but still 12.x), and this feature works fine there. Any tips would be appreciated.



Out of curiosity, does the beginning of your organization name OR your cookbook’s name match the s3-bucket-name you are using? The cookbook upload itself should be going directly from knife to s3 and not hitting nginx, however, that match expression in the nginx config looks pretty loose so it is possible it is errantly matching the API request to create the cookbook record at all. Here is a bug I filed covering this issue:

Could you share the logs from the failed cookbook upload running the upload with -VV appended to your knife command? If you don’t want to leak your bucket name and signed URLs on the public list, you can email it to me directly at steve@chef.io



Good catch; the cookbook name is actually identical to the s3 bucket name.
Do you still need logs to debug this further? If that regex could be
tightened a bit, that should help, although I feel like it’s better removed
when the bookshelf is disabled. Let me know if there’s anything I can do to
help resolve this issue.


I think the name match will definitely lead to this. No need for debug logs here. To confirm, uploading a cookbook that doesn't match should succeed, provided that is working, it is almost surely the same issue.

I can confirm that other cookbooks upload fine; it’s just the one that matches the bucket name that fails. Thanks for looking into this! I’ll keep my eye on the Github issue in the meantime.