signature is correct but (nimble time + timetolerance)

campones 2023-04-18 10:38:54 UTC in Paywall: WMSAuth and beyond

So I have nimble installed for a month or so, not particularly using it, just setup two re-route, they are protected with paywall wms signurl
Today I restarted the server and now I get a 403 error? in the log it says:
[work1] E: signature is correct but (nimble time + timetolerance) < signature time. use NTP on web and nimble server SignatureTime=[2023-Apr-18 09:54:38] NimbleTime=[2023-Apr-18 09:50:20] TimeTolerance=[20] ClientIp=[x.x.xx, signature=[c2VydmV

my server (and php timezone too) use Tokyo time (while I m in Europe) so I assume this could be the reason but I don't understand why only now I m facing this issue.

What workaround do I have (changing my server timezone is not an option)


Aleksandr 2023-04-19 10:41:18 UTC 

The following string "SignatureTime=[2023-Apr-18 09:54:38] NimbleTime=[2023-Apr-18 09:50:20]" means that a web server and Nimble server have different time, about 4min18sec difference, which exceeds the defined TimeTolerance=[20]. Please make sure both servers are syncing their time with an NTP server. (enlarging timetolerance value itself is not a perfect solution in this case)
Timezone is not relevant, machines are synced in Coordinated Universal Time (UTC).
In Linux, the 'timedatectl' command should return the status like 'System clock synchronized: yes' and 'NTP service: active'. If it's returned to be 'inactive', try 'timedatectl set-ntp true'.

campones 2023-04-19 11:55:30 UTC 

I understood this but I m deliberately using Asia/Tokyo timezone for others reasons. Originally the reason was I am using a 24h token (php token hence the timezone parameters in php.ini) that would reset at midnight, a time I had lots of customers. So to avoid the token to expire when the site was crowded I actually changed the timezone. all my servers are setup this way.

Local time: Wed 2023-04-19 20:50:06 JST
Universal time: Wed 2023-04-19 11:50:06 UTC
RTC time: Wed 2023-04-19 11:49:36
Time zone: Asia/Tokyo (JST, +0900)

but true, that server was out of time compared to the others, after adjusting this (they have to work at the same hour) it's working again.
I assume another is to increase the time tolerance of the vms signature

Thank you for answering, regards

Post a reply

Post a new question


This website or its third-party tools use cookies, which are necessary to its functioning and required to achieve the purposes illustrated in the Privacy Policy. If you want to know more or withdraw your consent to all or some of the cookies, please refer to the Privacy Policy.
By closing this banner, scrolling this page, clicking a link or continuing to browse otherwise, you agree to the use of cookies.