|
# Configure the cache for the S3 objects |
|
# Settings based on https://www.nginx.com/blog/nginx-caching-guide/ |
|
proxy_cache_path /var/cache/nginx/ levels=1:2 keys_zone=asset-manager:10m max_size=10g |
|
inactive=60m; |
|
|
|
# I've had to add this to avoid the following error: |
|
# nginx: [emerg] could not build the variables_hash, you should increase either variables_hash_max_size: 512 or variables_hash_bucket_size: 64 |
|
variables_hash_max_size 1024; |
|
|
|
upstream asset-manager.ec2.gov.uk-proxy { |
|
server localhost:3037; |
|
} |
|
|
|
server { |
|
server_name asset-manager.ec2.gov.uk; |
|
|
|
listen 80; |
|
|
|
# Set variable that we can use to report the mechanism used to serve the file |
|
set $debug_served_by ''; |
|
|
|
proxy_set_header Host $http_host; |
|
|
|
proxy_set_header X-Real-IP $remote_addr; |
|
proxy_set_header X-Forwarded-Server $host; |
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; |
|
proxy_redirect off; |
|
proxy_connect_timeout 1s; |
|
proxy_read_timeout 15; |
|
|
|
add_header X-Frame-Options DENY; |
|
|
|
location / { |
|
try_files $uri/index.html $uri.html $uri @app; |
|
} |
|
|
|
location @app { |
|
proxy_pass http://asset-manager.ec2.gov.uk-proxy; |
|
} |
|
|
|
root /home/ubuntu/asset-manager/public; |
|
|
|
client_max_body_size 500m; |
|
|
|
proxy_set_header X-Sendfile-Type X-Accel-Redirect; |
|
proxy_set_header X-Accel-Mapping /home/ubuntu/asset-manager/uploads/assets/=/raw/; |
|
|
|
# /raw/(.*) is the path mapping sent from the rails application to |
|
# nginx and is immediately picked up. /raw/(.*) is not available |
|
# publicly as it is an internal path mapping. |
|
location ~ /raw/(.*) { |
|
internal; |
|
alias /home/ubuntu/asset-manager/uploads/assets/$1; |
|
set $debug_served_by SendFile; |
|
} |
|
|
|
# This querystring tells Rails to proxy the request to S3 |
|
if ($query_string ~* "stream_from_s3") { |
|
set $debug_served_by RailsProxy; |
|
} |
|
|
|
# This internal location tells Nginx to proxy the request to S3 |
|
# Based on https://kovyrin.net/2010/07/24/nginx-fu-x-accel-redirect-remote/ |
|
# This location is invoked when the Rails app responds with an X-Accel-Redirect |
|
# header containing something like "/cloud-storage-proxy/https://<bucket-name>.s3.eu-west-2.amazonaws.com/<object-id>" |
|
location ~* ^/cloud-storage-proxy/(https?://)(.*?)/(.*) { |
|
# Do not allow people to mess with this location directly |
|
# Only internal redirects are allowed |
|
internal; |
|
|
|
# Enable caching |
|
proxy_cache asset-manager; |
|
add_header X-Cache-Status $upstream_cache_status; |
|
|
|
# Location-specific logging |
|
access_log /var/log/nginx/asset-manager-cloud-storage-proxy.access.log; |
|
error_log /var/log/nginx/asset-manager-cloud-storage-proxy.error.log warn; |
|
|
|
# Extract download url from the request |
|
set $download_scheme $1; |
|
set $download_host $2; |
|
set $download_path $3; |
|
|
|
# Compose download url |
|
set $download_url $download_scheme$download_host/$download_path; |
|
|
|
# Set download request headers |
|
proxy_set_header Host $download_host; |
|
proxy_set_header Authorization ''; |
|
|
|
# The next two lines could be used if your storage |
|
# backend does not support Content-Disposition |
|
# headers used to specify file name browsers use |
|
# when save content to the disk |
|
#proxy_hide_header Content-Disposition; |
|
#add_header Content-Disposition 'attachment; filename="$args"'; |
|
|
|
# Do not touch local disks when proxying |
|
# content to clients |
|
proxy_max_temp_file_size 0; |
|
|
|
# Add this to avoid "no resolver defined to resolve" errors |
|
resolver 8.8.8.8; |
|
|
|
# Download the file and send it to client |
|
proxy_pass $download_url; |
|
|
|
set $debug_served_by NginxProxy; |
|
} |
|
|
|
# Add HTTP header to report the mechanism used to serve the file |
|
add_header Debug-Served-By $debug_served_by; |
|
} |