Reputation: 25974
nginx: add Key to Google Cloud storage url
1)
I have nginx running as a reverse proxy. I would like to add a Key to Google Cloud storage. Can you do this in the nginx.conf. Then the nginx proxy would work as a client requesting the Google Cloud Store?
2)
I am saving the image with a go client and it gives me a
SelfLink wich I save in my database. But the SelfLink differ from the link in Google developer Console. I guess because of the account login.
Link from Google Console(note that I have used {encoding} instead of the real encoding):
https://{encoding}-apidata.googleusercontent.com/download/storage/v1_internal/b/test-test/o/imgres.jpg?qk={encoding}
SelfLink
https://www.googleapis.com/storage/v1/b/test-test/o/imgres.jpg
What kind og key should I use together with the SelfLink to access Google Cloud Store. The SelfLink just gives me:
{
"error": {
"errors": [
{
"domain": "global",
"reason": "required",
"message": "Login Required",
"locationType": "header",
"location": "Authorization"
}
],
"code": 401,
"message": "Login Required"
}
}
How should I use this(SelfLink) link together with what key?
Thanks in advance
Upvotes: 0
Views: 2115
Answers (1)
Reputation: 1239
You can't proxy it with nginx directly, since Google needs the request to be signed with the service certificate, but you can write plugin to nginx or proxy it with an application. You can read the file data using Google apis in your application and write it to response body. However since users will come to your server, you'll fetch the file from Google and return it to user you'll pay bandwidth both on your server and Google, and it will not be fast as like directly serving the file from Google.
However I have good news.
The mediaLink I get from Google api is like this: https://www.googleapis.com/download/storage/v1/b/bucket-name/o/test.png
You can sign the URL alongside with an expiration date with your service key and share the URL with the user. Or even better, you can redirect the user to the signed link with your application, with Location header alongside with 301 or 302 http status code. So user will come to http://example.org/downloads/test.png and it'll pass into your application, and your application will sign the media link and redirect the user.
Here is detailed guide how to sign and share the link with the users:
https://cloud.google.com/storage/docs/access-control#Signing-Strings
Upvotes: 1
Related Questions
- How can I get access to Google Cloud Storage using an access and a secret key
- How do I upload to Google Cloud Storage with Curl and an API key?
- API Key for accessing public Google Cloud Storage buckets
- google-cloud-storage CORS Setting
- How to generate Signed URL for google cloud storage objects using PHP
- Access JSON in bucket via API key
- Nginx - proxy_pass to google storage bucket does not use the index directive
- Access to cloud storage from client URL
- Google Cloud Storage Signed Url - SignatureDoesNotMatch
- Google Cloud Storage Signed Url for media