Skip to content

criblio/aws-s3-proxy

 
 

Repository files navigation

Reverse proxy for AWS S3 w/ basic authentication

circleci status

pottava/s3-proxy

Supported tags and respective Dockerfile links:

・latest (docker/linux/2.0/Dockerfile)
・2.0 (docker/linux/2.0/Dockerfile)
・1.4 (docker/linux/1.4/Dockerfile)
・1.4-win (docker/windows/1.4/Dockerfile)
・1 (docker/linux/1.4/Dockerfile)

Description

This is a reverse proxy for AWS S3, which is able to provide basic authentication as well.
You don't need to configure a Bucket for Website Hosting.

http://this-proxy.com/access/ -> s3://bucket/access/index.html

(日本語はこちら)

Usage

1. Set environment variables

Environment Variables Description Required Default
AWS_S3_BUCKET The S3 bucket to be proxied with this app. *
AWS_S3_KEY_PREFIX You can configure S3 object key prefix. -
AWS_REGION The AWS region where the S3 bucket exists. us-east-1
AWS_ACCESS_KEY_ID AWS access key for API access. EC2 Instance Role
AWS_SECRET_ACCESS_KEY AWS secret key for API access. EC2 Instance Role
AWS_API_ENDPOINT The endpoint for AWS API for local development. -
INDEX_DOCUMENT Name of your index document. index.html
DIRECTORY_LISTINGS List files when a specified URL ends with /. false
DIRECTORY_LISTINGS_FORMAT Configures directory listing to be html (spider parsable) -
HTTP_CACHE_CONTROL Overrides S3's HTTP Cache-Control header. S3 Object metadata
HTTP_EXPIRES Overrides S3's HTTP Expires header. S3 Object metadata
BASIC_AUTH_USER User for basic authentication. -
BASIC_AUTH_PASS Password for basic authentication. -
SSL_CERT_PATH TLS: cert.pem file path. -
SSL_KEY_PATH TLS: key.pem file path. -
CORS_ALLOW_ORIGIN CORS: a URI that may access the resource. -
CORS_ALLOW_METHODS CORS: Comma-delimited list of the allowed HTTP request methods. -
CORS_ALLOW_HEADERS CORS: Comma-delimited list of the supported request headers. -
CORS_MAX_AGE CORS: Maximum number of seconds the results of a preflight request can be cached. 600
APP_PORT The port number to be assigned for listening. 80
APP_HOST The host name used to the listener Listens on all available unicast and anycast IP addresses of the local system.
ACCESS_LOG Send access logs to /dev/stdout. false
STRIP_PATH Strip path prefix. -
CONTENT_ENCODING Compress response data if the request allows. true
HEALTHCHECK_PATH If it's specified, the path always returns 200 OK -
GET_ALL_PAGES_IN_DIR If true will make several calls to get all pages of destination directory false
MAX_IDLE_CONNECTIONS Allowed number of idle connections to the S3 storage 150
IDLE_CONNECTION_TIMEOUT Allowed timeout to the S3 storage. 10
DISABLE_COMPRESSION If true will pass encoded content through as-is. true
INSECURE_TLS If true it will skip cert checks false

2. Run the application

docker run -d -p 8080:80 -e AWS_REGION -e AWS_S3_BUCKET pottava/s3-proxy

  • with basic auth:

docker run -d -p 8080:80 -e AWS_REGION -e AWS_S3_BUCKET -e BASIC_AUTH_USER -e BASIC_AUTH_PASS pottava/s3-proxy

  • with TLS:

docker run -d -p 8080:80 -e AWS_REGION -e AWS_S3_BUCKET -e SSL_CERT_PATH -e SSL_KEY_PATH pottava/s3-proxy

  • with CORS:

docker run -d -p 8080:80 -e CORS_ALLOW_ORIGIN -e CORS_ALLOW_METHODS -e CORS_ALLOW_HEADERS -e CORS_MAX_AGE pottava/s3-proxy

  • with docker-compose.yml:
proxy:
  image: pottava/s3-proxy
  ports:
    - 8080:80
  environment:
    - AWS_REGION=ap-northeast-1
    - AWS_ACCESS_KEY_ID
    - AWS_SECRET_ACCESS_KEY
    - AWS_S3_BUCKET
    - BASIC_AUTH_USER=admin
    - BASIC_AUTH_PASS=password
    - ACCESS_LOG=true
  container_name: proxy

Copyright and license

Code released under the MIT license.

About

Reverse proxy for AWS S3 with basic authentication.

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • Go 90.5%
  • Dockerfile 6.3%
  • Makefile 3.2%