- Hidden s3 Auth
- Front with secure links
- njs, https://github.com/nginx/njs, yum install nginx-module-njs
- --with-http_ssl_module (built-in)
- --with-http_secure_link_module (built-in)
-
Install NGINX and
requires
, here is explanation how: http://nginx.org/en/linux_packages.html -
Configure conf/aws_utils.js and conf/s3_proxy.conf
- Should be replace the value of
$secret
variable to yours value - Should be replace the value of AWS_SECRET_KEY to yours value
- Should be replace the value of AWS_ACCESS_KEY to yours value
- Should be replace the value of
-
Install
requires
and configure /etc/nginx/nginx.conf- Add a line to /etc/nginx/nginx.conf: 'load_module modules/ngx_http_js_module.so;'
-
Copy configured conf/aws_utils.js to /etc/nginx/
-
Copy configured conf/s3_proxy.conf to /etc/nginx/conf.d/
-
Generate access token using ./script/generate_token.sh
# Getting {md5 token}
# Notice. --secret should be the same as `$secret` (see the second step)
$> ./scripts/generate_token.sh --secret=my-secret --bucket=my-s3-bucket --expires=2147483647 # forever
2RfxcompilationXGk2c4x0NMkMHZZcfA
# Or see usage
$> ./scripts/generate_token.sh --help
- Requrest data:
# Getting data:
$> curl -H"Host: s3_proxy" 'http://localhost:80/{BUCKET}/{KEY}?e=2147483647&t=2RfxXGk2c4x0NMkMHZZcfA'
# Getting METHODs restriction (403):
$> curl -XPOST -H"Host: s3_proxy" 'http://localhost:80/{BUCKET}/{KEY}?e=2147483647&t=2RfxXGk2c4x0NMkMHZZcfA'
# Getting an access restriction (403):
$> curl -H"Host: s3_proxy" 'http://localhost:80/{BUCKET}/{KEY}?e=2147483647&t=WRONG'
$> curl -H"Host: s3_proxy" 'http://localhost:80/{BUCKET}/{KEY}?e=WRONG&t=2RfxXGk2c4x0NMkMHZZcfA'