A proof of concept HTTP caching proxy for requests against Amazon S3 using the AWS Signature v4. The proxy itself is powered by OpenResty/Nginx and two Lua modules produced by the Adobe API Platform team for HMAC and generating a valid AWS signature:
- https://github.com/adobe-apiplatform/api-gateway-aws
- https://github.com/adobe-apiplatform/api-gateway-hmac
First, build the container:
$ docker build -t quay.io/azavea/s3-proxy-cache:latest .Then, run the container with an Amazon S3 region reference and credentials:
$ docker run --rm \
-p 8000:80 \
-e AWS_DEFAULT_REGION="us-east-1" \
-e AWS_ACCESS_KEY_ID="AKI..." \
-e AWS_SECRET_ACCESS_KEY="w9G..." \
-v /var/cache/nginx:/var/cache/nginx \
quay.io/azavea/s3-proxy-cache:latestYou can also optionally specify a bucket to always proxy requests to:
$ docker run --rm \
-p 8000:80 \
-e AWS_DEFAULT_REGION="us-east-1" \
-e AWS_ACCESS_KEY_ID="AKI..." \
-e AWS_SECRET_ACCESS_KEY="w9G..." \
-e AWS_S3_BUCKET="mybucket" \
-v /var/cache/nginx:/var/cache/nginx \
quay.io/azavea/s3-proxy-cache:latestA quick way to test the setup above is with the AWS CLI. Below is an example of how to enable AWS Signature v4 for the default profile and overriding the AWS CLI endpoint URL to target the caching proxy:
$ aws configure set default.s3.signature_version s3v4
$ aws --endpoint-url http://localhost:8000 s3 cp s3://<BUCKET>/<OBJECT> .