Skip to content

Instantly share code, notes, and snippets.

@adhorn
Forked from mikhailov/gist:9639593
Last active January 3, 2024 03:09
Show Gist options
  • Save adhorn/b9e64f5e17a2e387cc72 to your computer and use it in GitHub Desktop.
Save adhorn/b9e64f5e17a2e387cc72 to your computer and use it in GitHub Desktop.
Nginx S3/Unicorn Proxy with backend keep alive
# The Nginx configuration based on https://coderwall.com/p/rlguog
http {
ssl_certificate server.crt;
ssl_certificate_key server.key;
ssl_session_timeout 15m;
ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_stapling on;
resolver 172.16.0.23 valid=300s;
resolver_timeout 10s;
proxy_cache_path /tmp/cache levels=1:2 keys_zone=S3_CACHE:10m inactive=48h max_size=1000m;
proxy_temp_path /tmp/cache/temp;
upstream unicorn {
server unix:/tmp/unicorn.sock fail_timeout=0;
keepalive 20;
}
upstream s3 {
server 'bucket.s3-eu-west-1.amazonaws.com:80';
keepalive 10;
}
server {
...
location @unicorn {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_pass http://unicorn;
}
location ~* ^/s3/(.*) {
proxy_set_header Host 'bucket.s3-eu-west-1.amazonaws.com';
proxy_set_header Authorization '';
proxy_hide_header x-amz-id-2;
proxy_hide_header x-amz-request-id;
proxy_hide_header Set-Cookie;
proxy_ignore_headers "Set-Cookie";
proxy_intercept_errors on;
proxy_cache S3_CACHE;
proxy_cache_valid 200 24h;
proxy_cache_valid 403 15m;
proxy_cache_bypass $http_cache_purge;
add_header X-Cached $upstream_cache_status;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_pass http://s3/$1;
}
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment