This patch adds support to authenticate with Amazon S3 when nginx is acting as a proxy to it. Useful if you want to protect some of the files in your bucket, then you can make them private on S3 and use this patch in conjunction with the Secure Download patch so that end users can only download them from your site via a secured URL with an expiration date.
Just patch the code and configure it with the –with-http_proxy_s3_auth option. Then add the following configuration directives to the location you’re proxying to S3, just below the proxy_pass directive:
proxy_s3_auth on|off; Enables/disables S3 authentication. proxy_s3_secure_download on|off; Enables/disables secure download integration (removes the md5/timestamp part from the URL for the auth header calculations) proxy_s3_bucket BUCKET; The S3 bucket name. proxy_s3_user S3_USER_ID; The AWS Access Key ID for your bucket. proxy_s3_pass S3_PASSWORD; The AWS SecretAccess Key.
The latest version of the patch is available for download here: nginx_proxy_s3-0.2.diff.bz2
PS: I’ve been told on the nginx mailing list that a better approach would be doing an independent module which calculates the auth header and insert it via config with proxy_set_header, instead of bloating the proxy module. I tend to agree, but my nginx internals knowledge at the moment is very basic. I might try to rework it with that approach as time permits, but in the meantime this patch works. :-)