dmitry-pro
4/21/2018 - 10:18 PM

Nginx - Wildcard subdomains, basic auth and proxying to s3. Set a policy to only allow your server's IP.

Nginx - Wildcard subdomains, basic auth and proxying to s3.

Set a policy to only allow your server's IP.

server {
        listen 80;
        server_name *.foo.example.com;

        # We need this to resolve the host, because it's a wildcard.
        # This is google's DNS server.
        resolver 8.8.8.8;

        include /etc/nginx/includes/proxy.conf;

        # Don't show s3 errors
        proxy_intercept_errors on;
        error_page 403 404 500 502 503 @s3error;

        # Setup basic auth
        auth_basic "Restricted";
        auth_basic_user_file /etc/nginx/conf/htpasswd.$host;

        error_page 403 404 500 502 503 @s3error;

        # Setup basic auth
        auth_basic "Restricted";
        auth_basic_user_file /etc/nginx/conf/htpasswd.$host;

        # S3 derps if you send it the basic auth header
        proxy_set_header Authorization "";

        location ~ ^/assets/(.*)$ {
                proxy_pass http://$host.s3.amazonaws.com/assets/$1;
        }

        location / {
                proxy_pass http://$host.s3.amazonaws.com/index.html;
        }

        location @s3error {
                internal;
        }
}