Given that this Digital Ocean spaces now have native support for bucket-based access, see https://docs.digitalocean.com/products/spaces/#6-december-2024, this repository and corresponding image are considered deprecated and will receive no further updates.
Reverse proxy for S3-compatible services which allows to restrict access to selected buckets.
This is especially useful for DigitalOcean, because they currently do not provide a way to set permissions for their Spaces product.
Note: Your client needs to be configured to use path-based access as opposed to the subdomain-based one.
Listens on port 8000.
The app needs the following env variables to be set:
ACCESSKEYID
: S3 access key id for proxySECRETACCESSKEY
: S3 secret access key for proxyUPSTREAM_URL
: URL of upstream S3 service (e.g.https://fra1.digitaloceanspaces.com
)UPSTREAM_ACCESSKEY
: S3 access key id for upstream serviceUPSTREAM_SECRETACCESSKEY
: S3 secret access key for upstream serviceALLOWED_BUCKETS
: whitelist of buckets to proxy (comma-separated)
Copy .env.sample to .env and adjust the values as described above.
Then run docker-compose up -d
.
Example:
docker run -d \
-p 8000:8000
-e ACCESSKEYID=proxyaccess12345678 \
-e SECRETACCESSKEY=proxysecret987654210 \
-e UPSTREAM_URL=https://fra1.digitaloceanspaces.com \
-e UPSTREAM_ACCESSKEYID=doaccess12345678 \
-e UPSTREAM_SECRETACCESSKEY=dosecret9876543210 \
-e ALLOWED_BUCKETS=my-foobar-testbucket,another-testbucket \
mazzolino/s3-auth-proxy
The buckets are now available at http://localhost:8000. Non-specified buckets are not available.
- Install NodeJS 12
npm install
env ACCESSKEYID=... SECRETACCESSKEY=... UPSTREAM_URL=... UPSTREAM_ACCESSKEYID=... UPSTREAM_SECRETACCESSKEY=... ALLLOWED_BUCKETS=... npm start
- Only show whitelisted buckets in list
- Allow wildcards for bucket whitelisting
- Allow restricting to read-only access
This project has been shamelessly adapted from s3-reverse-proxy (licensed under Apache 2.0). Thanks!