experimental refactor to normalize bucket naming needs

nginxinc · Apr 23, 2024 · cdd150d · cdd150d
1 parent 16a2fea
commit cdd150d
Show file tree

Hide file tree

Showing 6 changed files with 26 additions and 23 deletions.
diff --git a/common/docker-entrypoint.sh b/common/docker-entrypoint.sh
@@ -68,6 +68,12 @@ if [ -z "${CORS_ALLOWED_ORIGIN+x}" ]; then
   export CORS_ALLOWED_ORIGIN="*"
 fi
 
+if [ "${S3_STYLE}" == "path" ]; then
+  export FINAL_S3_SERVER="${S3_SERVER}:${S3_SERVER_PORT}"
+else
+  export FINAL_S3_SERVER="${S3_BUCKET_NAME}.${S3_SERVER}:${S3_SERVER_PORT}"
+fi
+
 # Nothing is modified under this line
 
 if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then

diff --git a/common/etc/nginx/include/s3gateway.js b/common/etc/nginx/include/s3gateway.js
@@ -165,12 +165,7 @@ function s3date(r) {
 function s3auth(r) {
     const bucket = process.env['S3_BUCKET_NAME'];
     const region = process.env['S3_REGION'];
-    let server;
-    if (S3_STYLE === 'path') {
-        server = process.env['S3_SERVER'] + ':' + process.env['S3_SERVER_PORT'];
-    } else {
-        server = process.env['S3_SERVER'];
-    }
+    const host = r.variables.s3_host;
     const sigver = process.env['AWS_SIGS_VERSION'];
 
     let signature;
@@ -180,7 +175,7 @@ function s3auth(r) {
         let req = _s3ReqParamsForSigV2(r, bucket);
         signature = awssig2.signatureV2(r, req.uri, req.httpDate, credentials);
     } else {
-        let req = _s3ReqParamsForSigV4(r, bucket, server);
+        let req = _s3ReqParamsForSigV4(r, bucket, host);
         signature = awssig4.signatureV4(r, awscred.Now(), region, SERVICE,
             req.uri, req.queryParams, req.host, credentials);
     }
@@ -221,15 +216,11 @@ function _s3ReqParamsForSigV2(r, bucket) {
  * @see {@link https://docs.aws.amazon.com/general/latest/gr/signature-version-4.html | AWS V4 Signing Process}
  * @param r {NginxHTTPRequest} HTTP request object
  * @param bucket {string} S3 bucket associated with request
- * @param server {string} S3 host associated with request
+ * @param host {string} S3 host associated with request
  * @returns {S3ReqParams} s3ReqParams object (host, uri, queryParams)
  * @private
  */
-function _s3ReqParamsForSigV4(r, bucket, server) {
-    let host = server;
-    if (S3_STYLE === 'virtual' || S3_STYLE === 'default' || S3_STYLE === undefined) {
-        host = bucket + '.' + host;
-    }
+function _s3ReqParamsForSigV4(r, bucket, host) {
     const baseUri = s3BaseUri(r);
     const computed_url = !utils.parseBoolean(r.variables.forIndexPage)
         ? r.variables.uri_path

diff --git a/common/etc/nginx/templates/default.conf.template b/common/etc/nginx/templates/default.conf.template
@@ -19,11 +19,10 @@ map $uri_full_path $uri_path {
     default $PREFIX_LEADING_DIRECTORY_PATH$uri_full_path;
 }
 
-map $S3_STYLE $s3_host_hdr {
-    virtual "${S3_BUCKET_NAME}.${S3_SERVER}";
-    path    "${S3_SERVER}:${S3_SERVER_PORT}";
-    default "${S3_BUCKET_NAME}.${S3_SERVER}";
-}
+# FINAL_S3_SERVER is set in the startup script
+# (either ./common/docker-entrypoint.sh or ./standalone_ubuntu_oss_install.sh)
+# based on the S3_STYLE configuration option.
+js_var $s3_host ${FINAL_S3_SERVER};
 
 js_var $indexIsEmpty true;
 js_var $forIndexPage true;
@@ -141,7 +140,7 @@ server {
         proxy_set_header X-Amz-Security-Token $awsSessionToken;
 
         # We set the host as the bucket name to inform the S3 API of the bucket
-        proxy_set_header Host $s3_host_hdr;
+        proxy_set_header Host $s3_host;
 
         # Use keep alive connections in order to improve performance
         proxy_http_version 1.1;
@@ -202,7 +201,7 @@ server {
         proxy_set_header X-Amz-Security-Token $awsSessionToken;
 
         # We set the host as the bucket name to inform the S3 API of the bucket
-        proxy_set_header Host $s3_host_hdr;
+        proxy_set_header Host $s3_host;
 
         # Use keep alive connections in order to improve performance
         proxy_http_version 1.1;
@@ -265,7 +264,7 @@ server {
         proxy_set_header X-Amz-Security-Token $awsSessionToken;
 
         # We set the host as the bucket name to inform the S3 API of the bucket
-        proxy_set_header Host $s3_host_hdr;
+        proxy_set_header Host $s3_host;
 
         # Use keep alive connections in order to improve performance
         proxy_http_version 1.1;

diff --git a/oss/etc/nginx/templates/upstreams.conf.template b/oss/etc/nginx/templates/upstreams.conf.template
@@ -7,5 +7,5 @@ upstream storage_urls {
 
     # Be sure to specify the port in the S3_SERVER and be sure that port
     # corresponds to the https/http in the proxy_pass directive.
-    server ${S3_BUCKET_NAME}.${S3_SERVER}:${S3_SERVER_PORT};
+    server ${FINAL_S3_SERVER};
 }
diff --git a/plus/etc/nginx/templates/upstreams.conf.template b/plus/etc/nginx/templates/upstreams.conf.template
@@ -9,5 +9,5 @@ upstream storage_urls {
 
     # Be sure to specify the port in the S3_SERVER and be sure that port
     # corresponds to the https/http in the proxy_pass directive.
-    server ${S3_BUCKET_NAME}.${S3_SERVER}:${S3_SERVER_PORT} resolve;
+    server ${FINAL_S3_SERVER} resolve;
 }
diff --git a/standalone_ubuntu_oss_install.sh b/standalone_ubuntu_oss_install.sh
@@ -199,6 +199,13 @@ LIMIT_METHODS_TO="GET HEAD"
 LIMIT_METHODS_TO_CSV="GET, HEAD"
 EOF
 fi
+
+if [ "${S3_STYLE}" == "path" ]; then
+  FINAL_S3_SERVER="${S3_SERVER}:${S3_SERVER_PORT}"
+else
+  FINAL_S3_SERVER="${S3_BUCKET_NAME}.${S3_SERVER}:${S3_SERVER_PORT}"
+fi
+
 set -o nounset   # abort on unbound variable
 
 if [ -z "${CORS_ALLOWED_ORIGIN+x}" ]; then