API tools faq
paste
Guest User

Untitled

a guest
Jan 23rd, 2018
68
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 3.02 KB | None | 0 0
raw download clone embed print report
  1. server {
  2. listen 0.0.0.0:443 ssl http2 default_server;
  3. root /var/www;
  4. ssl_certificate /etc/nginx/certs/localhost.crt;
  5. ssl_certificate_key /etc/nginx/certs/localhost.key;
  6.  
  7. location /s3/ {
  8. # Auth the request first
  9. auth_request /auth;
  10.  
  11. set $bucket mybucket;
  12.  
  13. # Request will set these headers which we can pass to S3
  14. auth_request_set $s3_host $upstream_http_x_s3_host;
  15. auth_request_set $auth_status $upstream_status;
  16. auth_request_set $ct $upstream_http_content_type;
  17. auth_request_set $name $upstream_http_content_disposition;
  18. auth_request_set $amzAuth $upstream_http_authorization;
  19. auth_request_set $amzDate $upstream_http_x_amz_date;
  20. auth_request_set $amzContent $upstream_http_x_amz_content_sha256;
  21. # The auth handler sets this header as a way of specifying the the location on S3
  22. auth_request_set $s3path $upstream_http_x_s3_path;
  23.  
  24. # Send these to the client so that the file will "download"
  25. add_header Content-Type $ct;
  26. add_header Content-Disposition $name;
  27.  
  28. proxy_http_version 1.1;
  29. proxy_hide_header x-amz-id-2;
  30. proxy_hide_header x-amz-request-id;
  31. # Set these to send to S3
  32. proxy_set_header Connection '';
  33. proxy_set_header Host $bucket.s3.amazonaws.com;
  34. proxy_set_header Authorization $amzAuth;
  35. proxy_set_header x-amz-date $amzDate;
  36. proxy_set_header x-amz-content-SHA256 $amzContent;
  37.  
  38. proxy_buffering off;
  39. proxy_intercept_errors on;
  40. proxy_pass_request_headers off;
  41.  
  42. # !!!!---------------
  43. # Rewrite the url request to S3 to be the "correct" one
  44. # This doesn't work, "$s3path" always seems to be empty
  45. # !!!!---------------
  46. rewrite .* "/$s3path" break;
  47.  
  48. resolver 8.8.8.8 valid=300s;
  49. resolver_timeout 10s;
  50.  
  51. recursive_error_pages on;
  52. error_page 301 302 307 = @handle_redirect;
  53.  
  54. proxy_pass https://$s3_host;
  55. }
  56.  
  57. # Sometimes S3 does a redirect, so follow
  58. location @handle_redirect {
  59. error_log /dev/stdout debug;
  60. resolver 8.8.8.8 valid=300s;
  61. resolver_timeout 10s;
  62.  
  63. set $redirect_url $upstream_http_location;
  64. proxy_pass $redirect_url;
  65. }
  66.  
  67. location = /auth {
  68. #error_log /dev/stdout debug;
  69.  
  70. internal;
  71. proxy_http_version 1.1;
  72. proxy_pass http://auth-service:8911/auth;
  73. proxy_pass_request_body off;
  74. proxy_set_header Content-Length "";
  75. proxy_set_header X-Original-URI $request_uri;
  76. proxy_pass_request_headers on;
  77. }
  78.  
  79. location / {
  80. #error_log /dev/stdout debug;
  81.  
  82. proxy_http_version 1.1;
  83. proxy_redirect off;
  84. proxy_read_timeout 6000s;
  85. proxy_set_header Host $http_host;
  86. proxy_set_header X-Real-IP $remote_addr;
  87. proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  88. proxy_set_header X-Forwarded-Proto $scheme;
  89. proxy_pass http://app:1854;
  90. }
  91. }
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!