Created
November 2, 2019 10:53
-
-
Save gungoren/102c8cc1f2cedd4268c9311758270b01 to your computer and use it in GitHub Desktop.
Sending a duplicated request to aws s3 bucket with nginx configuration
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
env AWS_ACCESS_KEY_ID; | |
env AWS_SECRET_ACCESS_KEY; | |
env S3_BUCKET_NAME; | |
events{ | |
worker_connections 1024; | |
} | |
http { | |
server { | |
listen 80; | |
lua_need_request_body on; | |
default_type image/jpeg; | |
location / { | |
proxy_pass http://192.x.x.2; | |
mirror /mirror; | |
mirror_request_body on; | |
} | |
location /mirror { | |
if ($request_method !~ ^(PUT|POST)$ ) { | |
return 403; | |
} | |
if ($content_type != "image/jpg") { | |
return 200; | |
} | |
set_by_lua $bucket "return os.getenv('S3_BUCKET_NAME')"; | |
set_by_lua $aws_access_key "return os.getenv('AWS_ACCESS_KEY_ID')"; | |
set_by_lua $aws_secret_key "return os.getenv('AWS_SECRET_ACCESS_KEY')"; | |
set $aws_backend "http://$bucket.s3.amazonaws.com/"; | |
set_by_lua_block $request_nuri { | |
local body=ngx.req.get_body_data() | |
local cache_key = ngx.md5(body) | |
local today = ngx.today() | |
return "prefix/" .. today .. "/" .. cache_key .. ".jpg" | |
} | |
set $acl private; | |
set $class GLACIER; | |
set_by_lua $date "return ngx.cookie_time(ngx.time())"; | |
set_by_lua_block $auth { | |
local canonicalized_amz_headers = "x-amz-acl:" .. ngx.var.acl .. "\nx-amz-date:" .. ngx.var.date .. "\nx-amz-storage-class:" .. ngx.var.class | |
local canonicalized_resource = "/" .. ngx.var.bucket .. "/" .. ngx.var.request_nuri | |
local http_content_md5 = "" | |
if (ngx.var.http_content_md5 ~= nil) then | |
http_content_md5 = ngx.var.http_content_md5 | |
end | |
local http_content_type = "" | |
if (ngx.var.http_content_type ~= nil) then | |
http_content_type = ngx.var.http_content_type | |
end | |
local string_to_sign = "PUT\n" .. http_content_md5 .. "\n" .. http_content_type .. "\n\n" .. canonicalized_amz_headers .. "\n" .. canonicalized_resource | |
local aws_signature = ngx.encode_base64(ngx.hmac_sha1(ngx.var.aws_secret_key, string_to_sign)) | |
return "AWS " .. ngx.var.aws_access_key .. ":" .. aws_signature | |
} | |
proxy_set_header Authorization $auth; | |
proxy_set_header x-amz-acl $acl; | |
proxy_set_header x-amz-storage-class $class; | |
proxy_set_header x-amz-date $date; | |
proxy_hide_header x-amz-id-2; | |
proxy_hide_header x-amz-request-id; | |
resolver 8.8.8.8 valid=300s; | |
resolver_timeout 10s; | |
proxy_method PUT; | |
proxy_pass_request_headers on; | |
proxy_pass "$aws_backend$request_nuri"; | |
} | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment