Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- server {
- listen 0.0.0.0:443 ssl http2 default_server;
- root /var/www;
- ssl_certificate /etc/nginx/certs/localhost.crt;
- ssl_certificate_key /etc/nginx/certs/localhost.key;
- location /s3/ {
- # Auth the request first
- auth_request /auth;
- set $bucket mybucket;
- # Request will set these headers which we can pass to S3
- auth_request_set $s3_host $upstream_http_x_s3_host;
- auth_request_set $auth_status $upstream_status;
- auth_request_set $ct $upstream_http_content_type;
- auth_request_set $name $upstream_http_content_disposition;
- auth_request_set $amzAuth $upstream_http_authorization;
- auth_request_set $amzDate $upstream_http_x_amz_date;
- auth_request_set $amzContent $upstream_http_x_amz_content_sha256;
- # The auth handler sets this header as a way of specifying the the location on S3
- auth_request_set $s3path $upstream_http_x_s3_path;
- # Send these to the client so that the file will "download"
- add_header Content-Type $ct;
- add_header Content-Disposition $name;
- proxy_http_version 1.1;
- proxy_hide_header x-amz-id-2;
- proxy_hide_header x-amz-request-id;
- # Set these to send to S3
- proxy_set_header Connection '';
- proxy_set_header Host $bucket.s3.amazonaws.com;
- proxy_set_header Authorization $amzAuth;
- proxy_set_header x-amz-date $amzDate;
- proxy_set_header x-amz-content-SHA256 $amzContent;
- proxy_buffering off;
- proxy_intercept_errors on;
- proxy_pass_request_headers off;
- # !!!!---------------
- # Rewrite the url request to S3 to be the "correct" one
- # This doesn't work, "$s3path" always seems to be empty
- # !!!!---------------
- rewrite .* "/$s3path" break;
- resolver 8.8.8.8 valid=300s;
- resolver_timeout 10s;
- recursive_error_pages on;
- error_page 301 302 307 = @handle_redirect;
- proxy_pass https://$s3_host;
- }
- # Sometimes S3 does a redirect, so follow
- location @handle_redirect {
- error_log /dev/stdout debug;
- resolver 8.8.8.8 valid=300s;
- resolver_timeout 10s;
- set $redirect_url $upstream_http_location;
- proxy_pass $redirect_url;
- }
- location = /auth {
- #error_log /dev/stdout debug;
- internal;
- proxy_http_version 1.1;
- proxy_pass http://auth-service:8911/auth;
- proxy_pass_request_body off;
- proxy_set_header Content-Length "";
- proxy_set_header X-Original-URI $request_uri;
- proxy_pass_request_headers on;
- }
- location / {
- #error_log /dev/stdout debug;
- proxy_http_version 1.1;
- proxy_redirect off;
- proxy_read_timeout 6000s;
- proxy_set_header Host $http_host;
- proxy_set_header X-Real-IP $remote_addr;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- proxy_set_header X-Forwarded-Proto $scheme;
- proxy_pass http://app:1854;
- }
- }
Add Comment
Please, Sign In to add comment