/nginx-s3-proxy

nginx compiled with aws-auth support, suitable for S3 reverse proxy usage

Motivation

This image was created for use with dogestry. We wanted a caching HTTP proxy between our servers and S3 so that images were only downloaded once from S3.

Usage

The image assumes a config file in the container at: /nginx.conf so use the -v option to mount one from your host.

docker run -p 8000:8000 -v /path/to/nginx.conf:/nginx.conf coopernurse/nginx-s3-proxy 

If you want to store the cache on the host, bind a path to /data/cache:

docker run -p 8000:8000 -v /path/to/nginx.conf:/nginx.conf -v /my/path:/data/cache coopernurse/nginx-s3-proxy 

Feel free to alter the -p param if you wish to bind the port differently onto the host.

Example nginx.conf file:

worker_processes 2;
pid /run/nginx.pid;
daemon off;

events {
	worker_connections 768;
}

http {
	sendfile on;
	tcp_nopush on;
	tcp_nodelay on;
	keepalive_timeout 65;
	types_hash_max_size 2048;
	server_names_hash_bucket_size 64;

	include /usr/local/nginx/conf/mime.types;
	default_type application/octet-stream;

	access_log /usr/local/nginx/logs/access.log;
	error_log  /usr/local/nginx/logs/error.log;

	gzip on;
	gzip_disable "msie6";
	gzip_http_version 1.1;
	gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;

    proxy_cache_lock on;
    proxy_cache_lock_timeout 60s;
    proxy_cache_path /data/cache levels=1:2 keys_zone=s3cache:10m max_size=30g;

    server {
        listen     8000;

        location / {
            proxy_pass https://your-bucket.s3.amazonaws.com;

            aws_access_key your-access-key;
            aws_secret_key your-secret-key;
            s3_bucket your-bucket;

            proxy_set_header Authorization $s3_auth_token;
            proxy_set_header x-amz-date $aws_date;

            proxy_cache        s3cache;
            proxy_cache_valid  200 302  24h;
        }
    }
}

Things you want to tweak include:

  • proxy_cache_path
    • alter max_size as desired
    • if you want the cache stored external to the container, alter the path
  • proxy_pass
  • aws_access_key
  • aws_secret_key
  • s3_bucket
  • proxy_cache_valid - change 24h to your cache duration as desired.