-
-
Save benjaminbarbe/1961db5ffbaad57eff12 to your computer and use it in GitHub Desktop.
Revisions
-
benjaminbarbe revised this gist
Aug 18, 2015 . 2 changed files with 14 additions and 5 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,5 @@ [Proxy cache passes GET instead of HEAD to upstream](http://forum.nginx.org/read.php?2,247577,247577)... so we have a 403. This version include these fixes. - Remove $request_method from $string_to_sign and pass static string "GET" instead - Remove proxy_buffering directive for allowing the nginx cache This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,22 +1,26 @@ location ~* ^/s3/(.*) { proxy_cache static; proxy_cache_valid 200 24h; proxy_hide_header x-amz-id-2; proxy_hide_header x-amz-request-id; proxy_hide_header Set-Cookie; proxy_ignore_headers Set-Cookie; set $bucket '<REPLACE WITH YOUR S3 BUCKET NAME>'; set $aws_access '<REPLACE WITH YOUR AWS ACCESS KEY>'; set $aws_secret '<REPLACE WITH YOUR AWS SECRET KEY>'; set $url_full "$1"; set_by_lua $now "return ngx.cookie_time(ngx.time())"; set $string_to_sign "GET\n\n\n\nx-amz-date:${now}\n/$bucket/$url_full"; set_hmac_sha1 $aws_signature $aws_secret $string_to_sign; set_encode_base64 $aws_signature $aws_signature; proxy_http_version 1.1; proxy_set_header Host $bucket.s3.amazonaws.com; proxy_set_header x-amz-date $now; proxy_set_header Authorization "AWS $aws_access:$aws_signature"; # proxy_buffering off; proxy_intercept_errors on; rewrite .* /$url_full break; -
Sebastian Kippe renamed this gist
Nov 6, 2014 . 1 changed file with 0 additions and 0 deletions.There are no files selected for viewing
File renamed without changes. -
Nov 6, 2014 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,25 @@ location ~* ^/s3/(.*) { set $bucket '<REPLACE WITH YOUR S3 BUCKET NAME>'; set $aws_access '<REPLACE WITH YOUR AWS ACCESS KEY>'; set $aws_secret '<REPLACE WITH YOUR AWS SECRET KEY>'; set $url_full "$1"; set_by_lua $now "return ngx.cookie_time(ngx.time())"; set $string_to_sign "$request_method\n\n\n\nx-amz-date:${now}\n/$bucket/$url_full"; set_hmac_sha1 $aws_signature $aws_secret $string_to_sign; set_encode_base64 $aws_signature $aws_signature; resolver 172.31.0.2 valid=300s; resolver_timeout 10s; proxy_http_version 1.1; proxy_set_header Host $bucket.s3.amazonaws.com; proxy_set_header x-amz-date $now; proxy_set_header Authorization "AWS $aws_access:$aws_signature"; proxy_buffering off; proxy_intercept_errors on; rewrite .* /$url_full break; proxy_pass http://s3.amazonaws.com; }
Sebastian Kippe
renamed
this gist