Reputation: 1114
Nginx reverse proxy to private aws s3 bucket bad gateaway
I have created a private bucket on aws and I want to reverse proxy it using nginx. I have used the same server for all the different proxies. this is the configuration file for nginx:
user nginx;
worker_processes 1;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
server_names_hash_bucket_size 64;
server {
listen 80;
server_name ec2-...-...-....eu-central-1.compute.amazonaws.com;
rewrite ^(.*) https://$host$1 permanent;
}
server {
listen 443;
server_name ec2-...-...-....eu-central-1.compute.amazonaws.com;
ssl_certificate /etc/nginx/ssl/server.crt;
ssl_certificate_key /etc/nginx/ssl/server.key;
ssl on;
ssl_session_cache builtin:1000 shared:SSL:10m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
ssl_prefer_server_ciphers on;
access_log /var/log/nginx/ssl_access.log;
location ^~ / {
#proxy_set_header x-real-IP $remote_addr;
#proxy_set_header x-forwarded-for $proxy_add_x_forwarded_for;
#proxy_set_header host $host;
#proxy_pass https://url.com;
#proxy_set_header Host $host;
#proxy_set_header X-Real-IP $remote_addr;
#proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
#proxy_set_header X-Forwarded-Proto $scheme;
# Fix the “It appears that your reverse proxy set up is broken" error.
proxy_pass https://url.com;
proxy_read_timeout 30;
proxy_ssl_session_reuse off;
proxy_ssl_verify off;
}
location /one/service {
# proxy_set_header X-Real-IP $remote_addr;
# proxy_set_header Host $host;
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://beanstalk-4.212314.eu-central-1.elasticbeanstalk.com/;
proxy_read_timeout 30;
proxy_ssl_session_reuse off;
proxy_ssl_verify off;
}
location /privateproxy {
set $s3_bucket 'bucketname.s3.eu-central-1.amazonaws.com';
set $aws_access_key 'AWSAccessKeyId=mykey';
set $url_expires 'Expires=$arg_e';
set $url_signature 'Signature=$arg_st';
set $url_full '$1?$aws_access_key&$url_expires&$url_signature';
proxy_http_version 1.1;
proxy_set_header Host $s3_bucket;
proxy_set_header Authorization '';
proxy_hide_header x-amz-id-2;
proxy_hide_header x-amz-request-id;
proxy_hide_header Set-Cookie;
proxy_ignore_headers "Set-Cookie";
proxy_buffering off;
proxy_intercept_errors on;
resolver 172.16.0.23 valid=300s;
resolver_timeout 10s;
proxy_pass http://$s3_bucket/$url_full;
}
}
}
But I am getting 502 Bad Gateway Have I done something wrong in the config?
The log file: 2016/03/21 09:13:42 [error] 16695#0: *8 bucket.s3.eu-central-1.amazonaws.com could not be resolved (110: Operation timed out)
Upvotes: 4
Views: 11411
Answers (3)
Reputation: 13604
Consider referencing this project from NGINX. It contains all of the configuration needed to proxy a private S3 bucket.
Upvotes: 0
Reputation: 2089
If the EC2 server where you run nginx is in the same VPC as your private S3 bucket then you can set up an S3 VPC endpoint and update your bucket policy to use that endpoint (details here), then just add this to your nginx.conf:
location /privateproxy/ {
proxy_pass https://bucketname.s3.eu-central-1.amazonaws.com/;
}
Upvotes: 0
Reputation: 15530
If bucket name is correct the problem is with resolver. Described IP address: 172.16.0.23 works as DNS server for non-VPC EC2 only. If you use VPC, resolver should be equal to want you get from:
cat /etc/resolv.conf
For example 10.0.1.0/16 VPC subnet may have 10.0.1.2 allocated as internal resolver. If you don't know which one is used (VPC/non-VPC) then open DNS should help:
resolver 8.8.8.8;
Make also sure you specified plausible S3 bucket name:
set $s3_bucket '-->>bucketname.s3.eu-central-1.amazonaws.com';
Upvotes: 4