Initial commit

.github/workflows/main.yml

@@ -0,0 +1,28 @@
+name: CI
+
+# Controls when the action will run. Triggers the workflow on push or pull request
+# events but only for the master branch
+on:
+  push:
+    branches: [ master ]
+  pull_request:
+    branches: [ master ]
+
+# A workflow run is made up of one or more jobs that can run sequentially or in parallel
+jobs:
+  build:
+    runs-on: ubuntu-latest
+
+    steps:
+      # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
+      - uses: actions/checkout@v2
+
+      - name: Configure Github Package Registry
+        run: echo ${{ secrets.GITHUB_TOKEN }} | docker login docker.pkg.github.com -u $GITHUB_ACTOR --password-stdin
+      - name: Install dependencies
+        run: sudo apt-get install -y wait-for-it
+      - name: Run tests
+        run: ./test.sh oss
+      - name: Push container image
+        run: docker tag nginx-s3-gateway docker.pkg.github.com/$GITHUB_REPOSITORY/nginx-oss-s3-gateway && docker push docker.pkg.github.com/$GITHUB_REPOSITORY/nginx-oss-s3-gateway
+

.gitignore

@@ -0,0 +1,112 @@
+# Created by https://www.toptal.com/developers/gitignore/api/intellij
+# Edit at https://www.toptal.com/developers/gitignore?templates=intellij
+
+### Intellij ###
+# Covers JetBrains IDEs: IntelliJ, RubyMine, PhpStorm, AppCode, PyCharm, CLion, Android Studio, WebStorm and Rider
+# Reference: https://intellij-support.jetbrains.com/hc/en-us/articles/206544839
+
+# User-specific stuff
+.idea/**/workspace.xml
+.idea/**/tasks.xml
+.idea/**/usage.statistics.xml
+.idea/**/dictionaries
+.idea/**/shelf
+
+# Generated files
+.idea/**/contentModel.xml
+
+# Sensitive or high-churn files
+.idea/**/dataSources/
+.idea/**/dataSources.ids
+.idea/**/dataSources.local.xml
+.idea/**/sqlDataSources.xml
+.idea/**/dynamic.xml
+.idea/**/uiDesigner.xml
+.idea/**/dbnavigator.xml
+
+# Gradle
+.idea/**/gradle.xml
+.idea/**/libraries
+
+# Gradle and Maven with auto-import
+# When using Gradle or Maven with auto-import, you should exclude module files,
+# since they will be recreated, and may cause churn.  Uncomment if using
+# auto-import.
+# .idea/artifacts
+# .idea/compiler.xml
+# .idea/jarRepositories.xml
+# .idea/modules.xml
+# .idea/*.iml
+# .idea/modules
+# *.iml
+# *.ipr
+
+# CMake
+cmake-build-*/
+
+# Mongo Explorer plugin
+.idea/**/mongoSettings.xml
+
+# File-based project format
+*.iws
+
+# IntelliJ
+out/
+
+# mpeltonen/sbt-idea plugin
+.idea_modules/
+
+# JIRA plugin
+atlassian-ide-plugin.xml
+
+# Cursive Clojure plugin
+.idea/replstate.xml
+
+# Crashlytics plugin (for Android Studio and IntelliJ)
+com_crashlytics_export_strings.xml
+crashlytics.properties
+crashlytics-build.properties
+fabric.properties
+
+# Editor-based Rest Client
+.idea/httpRequests
+
+# Android studio 3.1+ serialized cache file
+.idea/caches/build_file_checksums.ser
+
+### Intellij Patch ###
+# Comment Reason: https://github.com/joeblau/gitignore.io/issues/186#issuecomment-215987721
+
+*.iml
+modules.xml
+.idea/misc.xml
+*.ipr
+
+# Sonarlint plugin
+# https://plugins.jetbrains.com/plugin/7973-sonarlint
+.idea/**/sonarlint/
+
+# SonarQube Plugin
+# https://plugins.jetbrains.com/plugin/7238-sonarqube-community-plugin
+.idea/**/sonarIssues.xml
+
+# Markdown Navigator plugin
+# https://plugins.jetbrains.com/plugin/7896-markdown-navigator-enhanced
+.idea/**/markdown-navigator.xml
+.idea/**/markdown-navigator-enh.xml
+.idea/**/markdown-navigator/
+
+# Cache file creation bug
+# See https://youtrack.jetbrains.com/issue/JBR-2257
+.idea/$CACHE_FILE$
+
+# CodeStream plugin
+# https://plugins.jetbrains.com/plugin/12206-codestream
+.idea/codestream.xml
+
+# End of https://www.toptal.com/developers/gitignore/api/intellij
+
+# Test data files
+test-settings.*
+s3-requests.http
+httpRequests/

Dockerfile.oss

@@ -0,0 +1,53 @@
+FROM nginx:1.19.2
+
+ENV NGINX_VERSION "1.19.2"
+ENV HEADERS_MORE_VERSION "v0.33"
+
+# We modify the nginx base image by:
+# 1. Installing the headers-more module
+# 2. Adding configuration files needed for proxying private S3 buckets
+# 3. Adding a directory for proxied objects to be stored
+
+RUN set -eux \
+    export DEBIAN_FRONTEND=noninteractive; \
+    apt-get update -qq; \
+    apt-get install -y -qq build-essential libpcre3-dev git; \
+    curl -o /tmp/nginx.tar.gz --retry 6 -Ls "http://nginx.org/download/nginx-${NGINX_VERSION}.tar.gz"; \
+    mkdir /tmp/nginx /tmp/headers-more; \
+    tar -C /tmp/nginx --strip-components 1 -xzf /tmp/nginx.tar.gz; \
+    curl -o /tmp/headers-more.tar.gz --retry 6 -Ls "https://github.com/openresty/headers-more-nginx-module/archive/${HEADERS_MORE_VERSION}.tar.gz"; \
+    tar -C "/tmp/headers-more" --strip-components 1 -xzf /tmp/headers-more.tar.gz; \
+    cd /tmp/nginx; \
+    ./configure --add-dynamic-module=/tmp/headers-more \
+                --without-http_gzip_module \
+                --prefix=/etc/nginx \
+                --sbin-path=/usr/sbin/nginx \
+                --modules-path=/usr/lib/nginx/modules \
+                --conf-path=/etc/nginx/nginx.conf \
+                --error-log-path=/var/log/nginx/error.log \
+                --http-log-path=/var/log/nginx/access.log \
+                --pid-path=/var/run/nginx.pid \
+                --lock-path=/var/run/nginx.lock \
+                --http-client-body-temp-path=/var/cache/nginx/client_temp \
+                --http-proxy-temp-path=/var/cache/nginx/proxy_temp \
+                --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp \
+                --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp \
+                --http-scgi-temp-path=/var/cache/nginx/scgi_temp \
+                --user=nginx --group=nginx --with-compat --with-file-aio \
+                --with-threads \
+                --with-cc-opt="-g -O2 -fdebug-prefix-map=/data/builder/debuild/nginx-${NGINX_VERSION}/debian/debuild-base/nginx-${NGINX_VERSION}=. -fstack-protector-strong -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fPIC" \
+                --with-ld-opt='-Wl,-z,relro -Wl,-z,now -Wl,--as-needed -pie'; \
+    make -j $(nproc); \
+    cp /tmp/nginx/objs/ngx_http_headers_more_filter_module.so /usr/lib/nginx/modules; \
+    apt-get purge -y --auto-remove build-essential libpcre3-dev git; \
+    rm -rf /var/lib/apt/lists/* /var/tmp/* /tmp/*
+
+COPY common/etc /etc
+COPY common/docker-entrypoint.d/00-check-for-required-env.sh /docker-entrypoint.d/00-check-for-required-env.sh
+COPY oss/etc /etc
+
+RUN set -eux \
+    export DEBIAN_FRONTEND=noninteractive; \
+    mkdir -p /var/cache/nginx/s3_proxy; \
+    chown nginx:nginx /var/cache/nginx/s3_proxy; \
+    chmod -R +x /docker-entrypoint.d/*

Dockerfile.plus

@@ -0,0 +1,61 @@
+FROM debian:buster-slim
+
+ARG NGINX_GPGKEY
+
+ENV NGINX_VERSION        22
+ENV PKG_RELEASE          1~buster
+
+ENV NJS_VERSION          0.4.3
+ENV HEADERS_MORE_VERSION 0.33
+
+COPY plus/etc/ssl /etc/ssl
+COPY plus/usr /usr
+
+# Copy files from the OSS NGINX Docker container such that the container
+# startup is the same.
+# Source: https://github.com/nginxinc/docker-nginx/tree/1.19.2/stable/buster
+COPY plus/docker-entrypoint.sh /docker-entrypoint.sh
+COPY plus/docker-entrypoint.d /docker-entrypoint.d
+
+RUN set -eux \
+    export DEBIAN_FRONTEND=noninteractive; \
+    # create nginx user/group first, to be consistent throughout docker variants
+    addgroup --system --gid 101 nginx; \
+    adduser --system --disabled-login --ingroup nginx --no-create-home --home /nonexistent --gecos "nginx user" --shell /bin/false --uid 101 nginx; \
+    apt-get -qq update; \
+    apt-get -qq upgrade -y; \
+    sh -a /usr/local/bin/add_nginx_plus_repo.sh; \
+    rm /usr/local/bin/add_nginx_plus_repo.sh; \
+    apt-get -qq update; \
+    apt-get -qq install --no-install-recommends --no-install-suggests -y \
+        nginx-plus=${NGINX_VERSION}-${PKG_RELEASE} \
+        nginx-plus-module-headers-more=${NGINX_VERSION}+${HEADERS_MORE_VERSION}-${PKG_RELEASE} \
+        nginx-plus-module-njs=${NGINX_VERSION}+${NJS_VERSION}-${PKG_RELEASE} \
+        gettext-base; \
+    apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \
+    rm -rf /var/lib/apt/lists/* /var/tmp/* /tmp/*; \
+    # forward request and error logs to docker log collector
+    ln -sf /dev/stdout /var/log/nginx/access.log; \
+    ln -sf /dev/stderr /var/log/nginx/error.log; \
+    chmod -R -v +x /docker-entrypoint.sh /docker-entrypoint.d/*.sh
+
+ENTRYPOINT ["/docker-entrypoint.sh"]
+
+EXPOSE 80
+
+STOPSIGNAL SIGTERM
+
+CMD ["nginx", "-g", "daemon off;"]
+
+# NGINX Docker image setup complete, everything below is specific for
+# the S3 Gateway use case.
+
+COPY plus/etc/nginx /etc/nginx
+COPY common/etc /etc
+COPY common/docker-entrypoint.d/00-check-for-required-env.sh /docker-entrypoint.d/00-check-for-required-env.sh
+
+RUN set -eux \
+    export DEBIAN_FRONTEND=noninteractive; \
+    mkdir -p /var/cache/nginx/s3_proxy; \
+    chown nginx:nginx /var/cache/nginx/s3_proxy; \
+    chmod -R +x /docker-entrypoint.d/*