config for nginx to proxy a specific path to an S3 bucket

nginx.conf

# copied from default config
user  nginx;
worker_processes  1;

error_log  /var/log/nginx/error.log warn;
pid        /var/run/nginx.pid;

events {
    worker_connections  1024;
}

http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    keepalive_timeout  65;

    #gzip  on;

    server {
      listen 80;
      
      # this is where the magic starts:
      location /static {
        proxy_set_header Host 'YOURBUCKET.s3-website.eu-central-1.amazonaws.com';
        proxy_hide_header x-amz-id-2;
        proxy_hide_header x-amz-request-id;
        proxy_hide_header Set-Cookie;
        proxy_ignore_headers "Set-Cookie";
        proxy_intercept_errors on;
        proxy_pass http://YOURBUCKET.s3-website.eu-central-1.amazonaws.com;
        log_not_found off;
      }

      location /static/images {
        proxy_set_header Host 'YOURBUCKET.s3-website.eu-central-1.amazonaws.com';
        proxy_hide_header x-amz-id-2;
        proxy_hide_header x-amz-request-id;
        proxy_hide_header Set-Cookie;
        proxy_ignore_headers "Set-Cookie";
        proxy_intercept_errors on;
        proxy_pass http://YOURBUCKET.s3-website.eu-central-1.amazonaws.com/images;
      }
    }
}

I'm assuming this is running on an instance with a S3 bucket policy role, correct? Or the bucket is set to public?

I'm assuming this is running on an instance with a S3 bucket policy role, correct? Or the bucket is set to public?

In this case the bucket needs to be public. I'm sure there's a way to authenticate your request to S3 and make it private. I haven't done that myself so far though.