Skip to content

Instantly share code, notes, and snippets.

@jacques

jacques/s3.vcl

Forked from rezan/s3.vcl
Created February 19, 2016 22:38
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save jacques/966a7e5f65aaf5d17ee5 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save jacques/966a7e5f65aaf5d17ee5 to your computer and use it in GitHub Desktop.
Download ZIP

Revisions

  1. @rezan rezan revised this gist Feb 10, 2016. 1 changed file with 14 additions and 11 deletions.
    25 changes: 14 additions & 11 deletions s3.vcl
    View file
    Original file line number Diff line number Diff line change
    @@ -1,9 +1,12 @@
    #
    # Varnish AWS S3 Gateway VCL
    #
    # Allows global read (GET, HEAD) and ACL protected writes (POST, PUT, DELETE).
    # When writing, pass in Content-Type and Content-MD5, both are optional.
    #
    # Params:
    #
    # %BUCKET% - S3 bucket name
    # %BUCKET% - S3 bucket name, S3 host may be regional
    # %ACCESS_ID% - IAM access ID for bucket
    # %SECRET_KEY% - IAM secret key for access ID
    #
    @@ -34,20 +37,20 @@ sub vcl_recv

    sub vcl_backend_fetch
    {
    unset bereq.http.Host;
    set bereq.http.Host = "%BUCKET%.s3.amazonaws.com";
    set bereq.http.Date = now;

    set bereq.http.Authorization = "AWS " + "%ACCESS_ID%" + ":" +
    digest.base64_hex(digest.hmac_sha1("%SECRET_KEY%", bereq.method +
    {"
    set bereq.http.NL = {"
    "};

    "} + bereq.http.Content-Type + {"
    "} + now + {"
    x-amz-acl:public-read
    /%BUCKET%"} + bereq.url));
    set bereq.http.Authorization = "AWS " + "%ACCESS_ID%" + ":" +
    digest.base64_hex(digest.hmac_sha1("%SECRET_KEY%",
    bereq.method + bereq.http.NL + bereq.http.Content-MD5 + bereq.http.NL +
    bereq.http.Content-Type + bereq.http.NL + bereq.http.Date + bereq.http.NL +
    "/" + "%BUCKET%" + bereq.url
    ));

    set bereq.http.x-amz-acl = "public-read";
    set bereq.http.Date = now;
    unset bereq.http.NL;
    }

    sub vcl_deliver
  2. @rezan rezan created this gist Feb 10, 2016.
    56 changes: 56 additions & 0 deletions s3.vcl
    View file
    Original file line number Diff line number Diff line change
    @@ -0,0 +1,56 @@
    #
    # Varnish AWS S3 Gateway VCL
    #
    # Params:
    #
    # %BUCKET% - S3 bucket name
    # %ACCESS_ID% - IAM access ID for bucket
    # %SECRET_KEY% - IAM secret key for access ID
    #

    vcl 4.0;

    import digest;

    backend default
    {
    .host = "%BUCKET%.s3.amazonaws.com";
    .port = "80";
    }

    acl s3_write
    {
    "127.0.0.1";
    }

    sub vcl_recv
    {
    if(req.method != "GET" && req.method != "HEAD" &&
    client.ip !~ s3_write)
    {
    return(synth(403, "Access denied"));
    }
    }

    sub vcl_backend_fetch
    {
    unset bereq.http.Host;
    set bereq.http.Host = "%BUCKET%.s3.amazonaws.com";

    set bereq.http.Authorization = "AWS " + "%ACCESS_ID%" + ":" +
    digest.base64_hex(digest.hmac_sha1("%SECRET_KEY%", bereq.method +
    {"
    "} + bereq.http.Content-Type + {"
    "} + now + {"
    x-amz-acl:public-read
    /%BUCKET%"} + bereq.url));

    set bereq.http.x-amz-acl = "public-read";
    set bereq.http.Date = now;
    }

    sub vcl_deliver
    {
    set resp.http.Server = "Varnish AWS S3 Gateway";
    }