Nginx反向代理私有aws s3桶坏门户

时间:2016-03-18 12:00:37

标签: amazon-web-services nginx amazon-s3 configuration proxy

我在aws上创建了一个私有存储桶,我想使用nginx反向代理它。 我为所有不同的代理使用了相同的服务器。 这是nginx的配置文件:

user nginx;
worker_processes 1;

error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;

events {
    worker_connections 1024;
}

http {
    server_names_hash_bucket_size  64;
    server {
        listen 80;
        server_name ec2-...-...-....eu-central-1.compute.amazonaws.com;  

        rewrite ^(.*) https://$host$1 permanent;
}
server {

    listen 443;
    server_name ec2-...-...-....eu-central-1.compute.amazonaws.com;  

    ssl_certificate /etc/nginx/ssl/server.crt;
    ssl_certificate_key /etc/nginx/ssl/server.key;

    ssl on;
    ssl_session_cache builtin:1000 shared:SSL:10m;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
    ssl_prefer_server_ciphers on;

    access_log            /var/log/nginx/ssl_access.log;

    location ^~ / {
        #proxy_set_header x-real-IP $remote_addr;
        #proxy_set_header x-forwarded-for $proxy_add_x_forwarded_for;
        #proxy_set_header host $host;
        #proxy_pass https://url.com;  

        #proxy_set_header        Host $host;
            #proxy_set_header        X-Real-IP $remote_addr;
            #proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
            #proxy_set_header        X-Forwarded-Proto $scheme;

            # Fix the “It appears that your reverse proxy set up is broken" error.
            proxy_pass          https://url.com;
            proxy_read_timeout  30;

        proxy_ssl_session_reuse off;
        proxy_ssl_verify off;
    }

        location /one/service {

        # proxy_set_header X-Real-IP $remote_addr;
        # proxy_set_header Host $host;
        # proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
         proxy_pass http://beanstalk-4.212314.eu-central-1.elasticbeanstalk.com/;
         proxy_read_timeout  30;
         proxy_ssl_session_reuse off;
         proxy_ssl_verify off;

        }
        location   /privateproxy  {
              set $s3_bucket        'bucketname.s3.eu-central-1.amazonaws.com';
              set $aws_access_key   'AWSAccessKeyId=mykey';
              set $url_expires      'Expires=$arg_e';
              set $url_signature    'Signature=$arg_st';
              set $url_full         '$1?$aws_access_key&$url_expires&$url_signature';

              proxy_http_version     1.1;
              proxy_set_header       Host $s3_bucket;
              proxy_set_header       Authorization '';
              proxy_hide_header      x-amz-id-2;
              proxy_hide_header      x-amz-request-id;
              proxy_hide_header      Set-Cookie;
              proxy_ignore_headers   "Set-Cookie";
              proxy_buffering        off;
              proxy_intercept_errors on;

              resolver               172.16.0.23 valid=300s;
              resolver_timeout       10s;

              proxy_pass             http://$s3_bucket/$url_full;  
        }           
}

  }

但我收到了502 Bad Gateway 我在配置中做错了吗?

日志文件: 2016/03/21 09:13:42 [错误] 16695#0:* 8 bucket.s3.eu-central-1.amazonaws.com无法解决(110:操作超时)

2 个答案:

答案 0 :(得分:3)

如果存储桶名称正确,问题在于解析器。描述的IP地址:172.16.0.23仅作为非VPC EC2的DNS服务器。如果您使用VPC,解析器应该等于您希望得到的:

cat /etc/resolv.conf

例如10.0.1.0/16 VPC子网可能将10.0.1.2分配为内部解析程序。如果您不知道使用了哪一个(VPC /非VPC),那么打开DNS应该有所帮助:

resolver 8.8.8.8;

确保您指定合理的S3存储桶名称:

set $s3_bucket        '-->>bucketname.s3.eu-central-1.amazonaws.com';

答案 1 :(得分:0)

如果运行nginx的EC2服务器与私有S3存储桶位于同一VPC中 然后您可以设置一个S3 VPC端点并更新您的存储桶 使用该端点(details here)的策略,然后将其添加到您的 nginx.conf:

    location   /privateproxy/  {
          proxy_pass https://bucketname.s3.eu-central-1.amazonaws.com/;
    }