Mirror
/
seaweedfs
mirror of https://github.com/seaweedfs/seaweedfs.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
11999 Commits
50 Branches
316 Tags
332 MiB
 
 
 
 
 
 
Tree: cca3f3985f
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'cca3f3985f'
${ noResults }
seaweedfs/docker/nginx/s3-example.conf

83 lines
2.3 KiB
Raw Blame History

# Example nginx configuration for SeaweedFS S3 API reverse proxy
# See README.md in this directory for detailed explanation
upstream seaweedfs_s3 {
# Point to your SeaweedFS S3 service
server s3:8333;
# For local development: server 127.0.0.1:8333;
# Keep connections alive for better performance
keepalive 32;
}
server {
listen 443 ssl http2;
server_name _; # Replace with your domain
# SSL Configuration
ssl_certificate /etc/nginx/certs/server.crt;
ssl_certificate_key /etc/nginx/certs/server.key;
# Optional: Client certificate authentication (mTLS)
# ssl_client_certificate /etc/nginx/certs/ca.crt;
# ssl_verify_client optional;
# ssl_verify_depth 2;
# Logging
access_log /var/log/nginx/s3-access.log;
error_log /var/log/nginx/s3-error.log;
# Client upload limits
client_max_body_size 0; # No limit for S3 uploads
client_body_timeout 300s;
# CRITICAL: Disable buffering for AWS chunked uploads
proxy_buffering off;
proxy_request_buffering off;
# HTTP version and connection settings
proxy_http_version 1.1;
proxy_set_header Connection "";
# Timeouts
proxy_connect_timeout 300s;
proxy_send_timeout 300s;
proxy_read_timeout 300s;
location / {
proxy_pass http://seaweedfs_s3;
# CRITICAL: Preserve original Host header including port
# Use $http_host instead of $host to preserve the port
proxy_set_header Host $http_host;
# CRITICAL: Pass all headers through unchanged
# AWS Signature V4 includes these in signature calculation
proxy_pass_request_headers on;
# Optional: Forward client IP information
# (These are NOT part of AWS signature)
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# CRITICAL: Do not modify request body
proxy_pass_request_body on;
# Ignore invalid headers (S3 may send non-standard headers)
ignore_invalid_headers off;
}
# Health check endpoint
location /health {
return 200 "OK\n";
add_header Content-Type text/plain;
}
}
# Optional: HTTP to HTTPS redirect
server {
listen 80;
server_name _;
return 301 https://$host$request_uri;
}