BentiGorlich
commented
1 week ago proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=CACHE:10m inactive=7d max_size=10g;
server {
server_name media.your-instance.tld;
#root /var/www/kbin/public;
location / {
try_files $uri @s3;
}
set $s3_backend 'https://the-url.to-s3-endpoint.tld';
location @s3 {
limit_except GET {
deny all;
}
resolver 1.1.1.1;
proxy_set_header Accept 'image/*';
proxy_set_header Connection '';
proxy_set_header Authorization '';
proxy_hide_header Set-Cookie;
proxy_hide_header 'Access-Control-Allow-Origin';
proxy_hide_header 'Access-Control-Allow-Methods';
proxy_hide_header 'Access-Control-Allow-Headers';
proxy_hide_header x-amz-id-2;
proxy_hide_header x-amz-request-id;
proxy_hide_header x-amz-meta-server-side-encryption;
proxy_hide_header x-amz-server-side-encryption;
proxy_hide_header x-amz-bucket-region;
proxy_hide_header x-amzn-requestid;
proxy_ignore_headers Set-Cookie;
proxy_pass $s3_backend$uri;
proxy_intercept_errors off;
proxy_cache CACHE;
proxy_cache_valid 200 48h;
proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
proxy_cache_lock on;
expires 1y;
add_header Cache-Control public;
add_header 'Access-Control-Allow-Origin' '*';
add_header X-Cache-Status $upstream_cache_status;
add_header X-Content-Type-Options nosniff;
add_header Content-Security-Policy "default-src 'none'; form-action 'none'";
}
listen 443 ssl;
http2 on;
# certificate stuff has to be added, though certbot would take care of that if you want
}
Add all the info for moving to s3 (i.e. transferring the data to s3) and creating a caching nginx proxy for the s3 endpoint.
Resources: