nginx.conf

env AWS_ACCESS_KEY_ID;
env AWS_SECRET_ACCESS_KEY;
env S3_BUCKET_NAME;

worker_processes 1;

events {
  worker_connections 1024;
}

http {
  lua_load_resty_core off;
  lua_package_path "/tmp/lua-resty-core/lib/?.lua;/tmp/lua/?.lua;;";
  client_max_body_size 100m;
  client_body_buffer_size 128k;
  proxy_buffer_size 32k;
  proxy_buffers 4 32k;
  lua_need_request_body on;
  lua_socket_buffer_size 128k;

  server {
    listen 80;
    client_max_body_size 0;

    location /healthcheck {
      add_header Content-Type text/plain;
      return 200 'Ok';
      access_log off;
    }

    location ~* ^/upload {
      if ($request_method = 'OPTIONS') {
        # Tell client that this pre-flight info is valid for 20 days
        add_header 'Access-Control-Allow-Origin' "*" ;
        add_header 'Access-Control-Allow-Credentials' 'true' ;
        add_header 'Access-Control-Allow-Methods' 'GET, PUT, OPTIONS' ;
        add_header 'Access-Control-Allow-Headers' 'Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With';
        add_header 'Access-Control-Max-Age' 1728000;
        add_header 'Content-Type' 'text/plain charset=UTF-8';
        add_header 'Content-Length' 0;
        return 204;
      }
      if ($request_method != PUT) {
        return 404;
      }

      set_secure_random_alphanum $prefix 64;
      set_sha1 $prefixsha $prefix;
      set_by_lua $time "os.time()";
      set_by_lua $date "return os.date('%a, %d %b %Y %H:%M:%S GMT', tonumber(ngx.var.time))";
      set_by_lua $day "return os.date('%Y%m%d', tonumber(ngx.var.time))";
      set_sha1 $datesha $date;
      set $key $prefixsha$datesha;
      set_by_lua $bucket "return os.getenv('S3_BUCKET_NAME')";
      set $url https://$bucket.s3-eu-west-1.amazonaws.com/$day/$key;
      set $returnurl https://uploads.paidit.se/$day/$key;
      set $acl public-read;
      set $contentSha256 "";

      access_by_lua_block {
        local sha256 = require("sha256")
        ngx.req.read_body()
        local body = ngx.req.get_body_data()
        local contentSha256 = sha256.sha256(body)
        ngx.var.contentSha256 = contentSha256
      }

      set_by_lua_block $authorization {
        local sign = require("sign")
        local headers = {["x-amz-acl"] = ngx.var.acl, ["x-amz-date"] = ngx.var.date, ["host"] = "upload.unbound.se.s3-eu-west-1.amazonaws.com"}
        local region = "eu-west-1"
        return sign.sign(os.getenv("AWS_ACCESS_KEY_ID"), os.getenv("AWS_SECRET_ACCESS_KEY"), os.time(), "upload.unbound.se", ngx.var.request_uri, headers, ngx.var.contentSha256, region)
      }

      proxy_set_header date $date;
      proxy_set_header x-amz-acl $acl;
      proxy_set_header x-amz-date $date;
      proxy_set_header x-amz-content-sha256 $contentSha256;
      proxy_set_header Authorization $authorization;
      proxy_hide_header x-amz-id-2;
      proxy_hide_header x-amz-request-id;
      add_header X-File-URL $returnurl;

      resolver 8.8.8.8 valid=300s;
      resolver_timeout 10s;
      add_header 'Access-Control-Expose-Headers' 'X-File-Url';

      add_header X-debug-message $authorization always;

      proxy_pass $url;
    }
  }
}
Initial commit 2019-06-20 13:07:42 +02:00			`env AWS_ACCESS_KEY_ID;`
			`env AWS_SECRET_ACCESS_KEY;`
			`env S3_BUCKET_NAME;`

			`worker_processes 1;`

			`events {`
			`worker_connections 1024;`
			`}`

			`http {`
Add lua-resty-core and change upload-path 2019-06-20 15:38:17 +02:00			`lua_load_resty_core off;`
Add lua-module for signing 2019-06-28 16:07:04 +02:00			`lua_package_path "/tmp/lua-resty-core/lib/?.lua;/tmp/lua/?.lua;;";`
			`client_max_body_size 100m;`
			`client_body_buffer_size 128k;`
			`proxy_buffer_size 32k;`
			`proxy_buffers 4 32k;`
			`lua_need_request_body on;`
			`lua_socket_buffer_size 128k;`
Add lua-resty-core and change upload-path 2019-06-20 15:38:17 +02:00
Initial commit 2019-06-20 13:07:42 +02:00			`server {`
			`listen 80;`
			`client_max_body_size 0;`

			`location /healthcheck {`
			`add_header Content-Type text/plain;`
			`return 200 'Ok';`
			`access_log off;`
			`}`

Change back to /upload 2019-06-20 15:45:20 +02:00			`location ~* ^/upload {`
Initial commit 2019-06-20 13:07:42 +02:00			`if ($request_method = 'OPTIONS') {`
			`# Tell client that this pre-flight info is valid for 20 days`
			`add_header 'Access-Control-Allow-Origin' "*" ;`
			`add_header 'Access-Control-Allow-Credentials' 'true' ;`
			`add_header 'Access-Control-Allow-Methods' 'GET, PUT, OPTIONS' ;`
			`add_header 'Access-Control-Allow-Headers' 'Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With';`
			`add_header 'Access-Control-Max-Age' 1728000;`
			`add_header 'Content-Type' 'text/plain charset=UTF-8';`
			`add_header 'Content-Length' 0;`
			`return 204;`
			`}`
			`if ($request_method != PUT) {`
			`return 404;`
			`}`

			`set_secure_random_alphanum $prefix 64;`
			`set_sha1 $prefixsha $prefix;`
Add lua-module for signing 2019-06-28 16:07:04 +02:00			`set_by_lua $time "os.time()";`
			`set_by_lua $date "return os.date('%a, %d %b %Y %H:%M:%S GMT', tonumber(ngx.var.time))";`
			`set_by_lua $day "return os.date('%Y%m%d', tonumber(ngx.var.time))";`
Initial commit 2019-06-20 13:07:42 +02:00			`set_sha1 $datesha $date;`
			`set $key $prefixsha$datesha;`
			`set_by_lua $bucket "return os.getenv('S3_BUCKET_NAME')";`
Add lua-module for signing 2019-06-28 16:07:04 +02:00			`set $url https://$bucket.s3-eu-west-1.amazonaws.com/$day/$key;`
Initial commit 2019-06-20 13:07:42 +02:00			`set $returnurl https://uploads.paidit.se/$day/$key;`
			`set $acl public-read;`
Add lua-module for signing 2019-06-28 16:07:04 +02:00			`set $contentSha256 "";`
Initial commit 2019-06-20 13:07:42 +02:00
Add lua-module for signing 2019-06-28 16:07:04 +02:00			`access_by_lua_block {`
			`local sha256 = require("sha256")`
			`ngx.req.read_body()`
			`local body = ngx.req.get_body_data()`
			`local contentSha256 = sha256.sha256(body)`
			`ngx.var.contentSha256 = contentSha256`
			`}`

			`set_by_lua_block $authorization {`
			`local sign = require("sign")`
			`local headers = {["x-amz-acl"] = ngx.var.acl, ["x-amz-date"] = ngx.var.date, ["host"] = "upload.unbound.se.s3-eu-west-1.amazonaws.com"}`
			`local region = "eu-west-1"`
			`return sign.sign(os.getenv("AWS_ACCESS_KEY_ID"), os.getenv("AWS_SECRET_ACCESS_KEY"), os.time(), "upload.unbound.se", ngx.var.request_uri, headers, ngx.var.contentSha256, region)`
			`}`

			`proxy_set_header date $date;`
Initial commit 2019-06-20 13:07:42 +02:00			`proxy_set_header x-amz-acl $acl;`
			`proxy_set_header x-amz-date $date;`
Add lua-module for signing 2019-06-28 16:07:04 +02:00			`proxy_set_header x-amz-content-sha256 $contentSha256;`
			`proxy_set_header Authorization $authorization;`
Initial commit 2019-06-20 13:07:42 +02:00			`proxy_hide_header x-amz-id-2;`
			`proxy_hide_header x-amz-request-id;`
			`add_header X-File-URL $returnurl;`

			`resolver 8.8.8.8 valid=300s;`
			`resolver_timeout 10s;`
			`add_header 'Access-Control-Expose-Headers' 'X-File-Url';`

Add lua-module for signing 2019-06-28 16:07:04 +02:00			`add_header X-debug-message $authorization always;`

Initial commit 2019-06-20 13:07:42 +02:00			`proxy_pass $url;`
			`}`
			`}`
			`}`