Skip to content

Instantly share code, notes, and snippets.

@chrisroos
Created August 16, 2017 08:47
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save chrisroos/2e601167d9ddc397edfd0cd9ea9e476e to your computer and use it in GitHub Desktop.
Save chrisroos/2e601167d9ddc397edfd0cd9ea9e476e to your computer and use it in GitHub Desktop.

Nginx proxy to signed S3 URLs

  • Backend app sets X-Accel-Redirect header to a location that nginx is configured to handle (e.g. /s3-proxy/)

  • Backend app generates signed URL and stores it in HTTP header

  • Backend app stores s3 host in separate HTTP header

  • nginx location (e.g. /s3-proxy/) extracts content from HTTP headers and proxies requests to S3

  • Alternatives that didn't work

    • escaping s3 presigned url in X-Accel-Redirect
    • adding querystring to X-Accel-Redirect URI
    • TODO: Continue this list
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment