Search code examples
ruby-on-railsnginxamazon-s3proxypassx-accel-redirect

Nginx pass upstream headers to the remote request

This question is similar to this one but doing x-accel-redirect on aws s3 resource. The former tried to set the upstream headers to the local request. This works fine. But now i have moved my contents to the amazon s3 and i wanted to implement the same restricted download to the s3 objects.

This is my nginx config

proxy_pass_header X-Accel-Redirect;
passenger_pass_header X-Accel-Redirect;

location ~* ^/download_zip/(.*) {
    internal;
    resolver 8.8.8.8 valid=300s;



    proxy_buffering off;
    proxy_set_header Content-Length ""; 
    proxy_set_header Cookie ""; 

    proxy_hide_header x-amz-request-id;
    proxy_hide_header x-amz-meta-uid;
    proxy_hide_header x-amz-id-2;
    proxy_hide_header x-amz-meta-mode;
    proxy_hide_header x-amz-meta-mtime;
    proxy_hide_header x-amz-meta-gid;
    proxy_hide_header x-amz-version-id;
    proxy_hide_header accept-ranges;

    # Do not touch local disks when proxying
    # content to clients
    proxy_method GET;
    proxy_pass_request_body off;
    proxy_max_temp_file_size 0;

    proxy_pass_header Content-MD5;
    add_header Content-MD5 $upstream_http_content_md5; 

   #  proxy_set_header Content-MD5 "123123123123123";


     proxy_pass https://a_b_c_assets.s3-east.amazonaws.com/$1$is_args$args; 


     }

and the rails part is

headers['X-Accel-Redirect'] = '/download_zip/uploads/' + params[:story_id] +'/' +    params[:story_id] + '.zip?' + secure_part
headers['X-Accel-Expires'] = 'max'
headers['Content-MD5'] = checksum

Everything works fine except the Content-MD5 is not passed to the proxied request.

Any help is really appreciated.

Another similar question here

Solution 
  • proxy_pass_header X-Accel-Redirect;
passenger_pass_header X-Accel-Redirect;

# this is intermediate location that stores header
# to variable and rewrites to another location
location ^~ /download_zip/ {
    internal;
    set $Content_MD5 $upstream_http_content_md5;
    rewrite ^/(.+) /amazon_$1;
}

location ^~ /amazon_download_zip/ {
    internal;
    resolver 8.8.8.8 valid=300s;

    proxy_buffering off;
    proxy_set_header Content-Length ""; 
    proxy_set_header Cookie ""; 

    proxy_hide_header x-amz-request-id;
    proxy_hide_header x-amz-meta-uid;
    proxy_hide_header x-amz-id-2;
    proxy_hide_header x-amz-meta-mode;
    proxy_hide_header x-amz-meta-mtime;
    proxy_hide_header x-amz-meta-gid;
    proxy_hide_header x-amz-version-id;
    proxy_hide_header accept-ranges;

    # Do not touch local disks when proxying
    # content to clients
    proxy_method GET;
    proxy_pass_request_body off;
    proxy_max_temp_file_size 0;

    proxy_pass_header Content-MD5;
    add_header Content-MD5 $Content_MD5; 

    proxy_pass https://a_b_c_assets.s3-east.amazonaws.com/;
}