Last active
April 9, 2022 03:32
-
-
Save surjikal/5942538 to your computer and use it in GitHub Desktop.
Nginx - Wildcard subdomains, basic auth and proxying to s3. Set a policy to only allow your server's IP.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| server { | |
| listen 80; | |
| server_name *.foo.example.com; | |
| # We need this to resolve the host, because it's a wildcard. | |
| # This is google's DNS server. | |
| resolver 8.8.8.8; | |
| include /etc/nginx/includes/proxy.conf; | |
| # Don't show s3 errors | |
| proxy_intercept_errors on; | |
| error_page 403 404 500 502 503 @s3error; | |
| # Setup basic auth | |
| auth_basic "Restricted"; | |
| auth_basic_user_file /etc/nginx/conf/htpasswd.$host; | |
| error_page 403 404 500 502 503 @s3error; | |
| # Setup basic auth | |
| auth_basic "Restricted"; | |
| auth_basic_user_file /etc/nginx/conf/htpasswd.$host; | |
| # S3 derps if you send it the basic auth header | |
| proxy_set_header Authorization ""; | |
| location ~ ^/assets/(.*)$ { | |
| proxy_pass http://$host.s3.amazonaws.com/assets/$1; | |
| } | |
| location / { | |
| proxy_pass http://$host.s3.amazonaws.com/index.html; | |
| } | |
| location @s3error { | |
| internal; | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment