Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- server {
- listen 80;
- server_name kobo.example.com kc.docker.internal;
- access_log /var/log/nginx/kobocat.access.log with_host;
- error_log /var/log/nginx/kobocat.error.log;
- include /etc/nginx/include.server_directive_common.conf;
- location / {
- # Proxy through uWSGI.
- include /tmp/nginx_templates_activated/kobocat_uwsgi_pass.conf;
- # Debug proxying directly to container.
- }
- location /static {
- alias /srv/www/kobocat;
- }
- # media files
- location /protected/ {
- internal;
- alias /media/;
- }
- location ~ ^/protected-s3/(.*)$ {
- # Allow internal requests only, i.e. return a 404 to any client who
- # tries to access this location directly
- internal;
- # Name resolution won't work at all without specifying a resolver here.
- # Configuring a validity period is useful for overriding Amazon's very
- # short (5-second?) TTLs.
- resolver 8.8.8.8 8.8.4.4 valid=300s;
- resolver_timeout 10s;
- # Everything that S3 needs is in the URL; don't pass any headers or
- # body content that the client may have sent
- proxy_pass_request_body off;
- proxy_pass_request_headers off;
- # Stream the response to the client instead of trying to read it all at
- # once, which would potentially use disk space
- proxy_buffering off;
- # Don't leak S3 headers to the client. List retrieved from:
- # https://docs.aws.amazon.com/AmazonS3/latest/API/RESTCommonResponseHeaders.html
- proxy_hide_header x-amz-delete-marker;
- proxy_hide_header x-amz-id-2;
- proxy_hide_header x-amz-request-id;
- proxy_hide_header x-amz-version-id;
- # S3 will complain if `$1` contains non-encoded special characters.
- # KoBoCAT must encode twice to make sure `$1` is still encoded after
- # NGINX's automatic URL decoding.
- proxy_pass $1;
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
