-
-
Save rjdp/faaf49eb2039ab22f28014afaf9f41d3 to your computer and use it in GitHub Desktop.
Varnish AWS S3 Gateway VCL
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# | |
# Varnish AWS S3 Gateway VCL | |
# | |
# Allows global read (GET, HEAD) and ACL protected writes (POST, PUT, DELETE). | |
# When writing, pass in Content-Type and Content-MD5, both are optional. | |
# | |
# Params: | |
# | |
# %BUCKET% - S3 bucket name, S3 host may be regional | |
# %ACCESS_ID% - IAM access ID for bucket | |
# %SECRET_KEY% - IAM secret key for access ID | |
# | |
vcl 4.0; | |
import digest; | |
backend default | |
{ | |
.host = "%BUCKET%.s3.amazonaws.com"; | |
.port = "80"; | |
} | |
acl s3_write | |
{ | |
"127.0.0.1"; | |
} | |
sub vcl_recv | |
{ | |
if(req.method != "GET" && req.method != "HEAD" && | |
client.ip !~ s3_write) | |
{ | |
return(synth(403, "Access denied")); | |
} | |
} | |
sub vcl_backend_fetch | |
{ | |
set bereq.http.Host = "%BUCKET%.s3.amazonaws.com"; | |
set bereq.http.Date = now; | |
set bereq.http.NL = {" | |
"}; | |
set bereq.http.Authorization = "AWS " + "%ACCESS_ID%" + ":" + | |
digest.base64_hex(digest.hmac_sha1("%SECRET_KEY%", | |
bereq.method + bereq.http.NL + bereq.http.Content-MD5 + bereq.http.NL + | |
bereq.http.Content-Type + bereq.http.NL + bereq.http.Date + bereq.http.NL + | |
"/" + "%BUCKET%" + bereq.url | |
)); | |
unset bereq.http.NL; | |
} | |
sub vcl_deliver | |
{ | |
set resp.http.Server = "Varnish AWS S3 Gateway"; | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment