nginx http proxy to s3 static websites

nginx.conf

##
##  This nginx.conf servers as the main config file for webflow reverse proxy
##
##  RCS:
##  https://gist.github.com/sansmischevia/5617402
##  
##  Hardening tips:
##  http://www.cyberciti.biz/tips/linux-unix-bsd-nginx-webserver-security.html
##  

#user  nobody;
worker_processes  1;
worker_rlimit_nofile 10480;

#error_log  logs/error.log;
#error_log  logs/error.log  notice;
# error_log  logs/error.log  debug;

#pid        logs/nginx.pid;

events {
    worker_connections  1024;
}

http {
    include       mime.types;
    default_type  text/html;

    ## Start: Size Limits & Buffer Overflows ##
    client_body_buffer_size  1k;
    client_header_buffer_size 1k;
    client_max_body_size 1k;
    large_client_header_buffers 2 1k;
     ## END: Size Limits & Buffer Overflows ##

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                     '$status $body_bytes_sent "$http_referer" '
                     '"$http_user_agent" "$http_x_forwarded_for" $host';

    log_format customLog '[$time_local] $remote_addr - $remote_user - $host $uri  to: $upstream_addr: $request uResponse_time $upstream_response_time msec $msec request_time $request_time http://$backend/$host$uri';
    log_format subdomainLog '[$time_local] $remote_addr - $remote_user - $host $uri  to: $upstream_addr: $request uResponse_time $upstream_response_time msec $msec request_time $request_time http://$backend/$subdomain$uri';

    #access_log  logs/access.log  main;

    proxy_cache_path  /var/www/cache levels=1:2 keys_zone=webflow_cache:8m max_size=1000m inactive=60m;
    proxy_temp_path /var/www/cache/tmp; # place used to buffer large proxied requests to the fs

    sendfile        on;
    #tcp_nopush     on;

    # keepalive_timeout  0;
    keepalive_timeout  65;

    gzip  on;
    # index index.html;

    # Subdomain directive, catches *.webflow.io
    server {
      listen       80;
      server_name  *.webflow.io;
      access_log  logs/sudomain.access.log  subdomainLog;

      location / {
          resolver        8.8.8.8; # OpenDNS
          resolver_timeout 5s;

          set $backend "webflow-sites.s3-website-us-east-1.amazonaws.com";
          
          # Remove the www. if it exists. Other subdomains will be ignored, or fail.
          if ($host ~* (.*)\.webflow\.io) {
            set $subdomain $1;
            proxy_pass      http://$backend/$subdomain$uri;
          }
          
          proxy_pass      http://$backend/$host$uri;
          
          proxy_cache webflow_cache;
          proxy_cache_valid  200 302  90s; # cache successful responses for 3min
          proxy_cache_valid  404      30s; # cache missing responses for 1min

          proxy_redirect off;
          proxy_set_header        Host    $backend;       # need to set the hot to be $backend here so s3 static website hosting service knows what bucket to use
          proxy_set_header        X-Real-IP $remote_addr;
          proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
          add_header              X-Cache-Status $upstream_cache_status;
          proxy_hide_header       x-amz-id-2;
          proxy_hide_header       x-amz-request-id;
      }
    }

    # Custom domain directive, catches everything!!!
    server {
        listen       80;
        server_name  _; # Respond to all domains here.

        #charset koi8-r;

        access_log  logs/custom.access.log  customLog;

        location / {
            resolver        8.8.8.8; # OpenDNS
            resolver_timeout 5s;

            set $backend "webflow-sites.s3-website-us-east-1.amazonaws.com";
            
            # Remove the www. if it exists. Other subdomains will be ignored, or fail.
            if ($host ~* www\.(.*)) {
              set $host_without_www $1;
              proxy_pass      http://$backend/$host_without_www$uri;
            }
            
            proxy_pass      http://$backend/$host$uri;
            
            proxy_cache webflow_cache;
            proxy_cache_valid  200 302  1m; # cache successful responses for 3min
            proxy_cache_valid  404      10s; # cache missing responses for 1min

            proxy_redirect off;
            proxy_set_header        Host    $backend;       # need to set the hot to be $backend here so s3 static website hosting service knows what bucket to use
            proxy_set_header        X-Real-IP $remote_addr;
            proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
            add_header              X-Cache-Status $upstream_cache_status;
            proxy_hide_header       x-amz-id-2;
            proxy_hide_header       x-amz-request-id;
        }
    }
}

Hey Bryant,
I am working on a proxy server to s3 as well and stumbled onto this post. I was wondering if you could explain why you have set the proxy headers the way you have? In my config I had proxy_pass_request_headers off so that s3 would accept the request. Does adding/hiding the certain headers as shown above also do the trick? I am curious because I am now using a 3rd party service and I need to add a new header but removing proxy_pass_request_headers off will interfere with the proxy to s3 and I was looking to yours as an example to follow.