Omnifora Politifora Freefora

Redirect/Rewrite (in nginx) Requests to Subdirectory to S3-Compatible Bucket


(Corey J. Mahler, Esq.) #1

bits.omnifora.com server block

server {

        root /var/www/bitscdn/html/omnifora.com;
        index index.html index.htm index.nginx-debian.html;

        server_name bits.omnifora.com;

        location / {
                try_files $uri $uri/ =404;
        }

    listen [::]:443 ssl; # managed by Certbot
    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/bits.omnifora.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/bits.omnifora.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}
server {
    if ($host = bits.omnifora.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


        listen 80;
        listen [::]:80;

        server_name bits.omnifora.com;
    return 404; # managed by Certbot


}

Redirect/Rewrite Attempts

  1. rewrite
server {
    location ~ ^/security-now/(.*) {
        rewrite ^/security-now/(.*) $scheme://s3.us-west-1.wasabisys.com/bits-podcasts/security-now/$1;
    }
    
    server_name bits.omnifora.com;
}
  1. return
server {
    location ~ ^/security-now/(.*) {
        return 302 $scheme://s3.us-west-1.wasabisys.com/bits-podcasts/security-now/$1;
    }
    
    server_name bits.omnifora.com;
}
  1. proxy_pass
server {
    resolver 1.1.1.1;

    location ~ ^/security-now/(.*) {
        proxy_set_header Host s3.us-west-1.wasabisys.com;
        proxy_pass $scheme://s3.us-west-1.wasabisys.com/bits-podcasts/security-now/$1;
    }
    
    server_name bits.omnifora.com;
}

(Corey J. Mahler, Esq.) #2

The following should be a working PDF link:

https://bits.omnifora.com/podcasts/security-now/2018/sn-0645.pdf

The rewrite/return/proxy_pass should ‘catch’ this URL (since it contains security-now) and then pass it to https://s3.us-west-1.wasabisys.com/bits-podcasts/ with whatever follows security-now in the original URL being appended to the wasabisys.com URL (an S3-compatible bucket).


(Omnifora) #3

Solution

server {

        root /var/www/bitscdn/html/omnifora.com;
        index index.html index.htm index.nginx-debian.html;

        server_name bits.omnifora.com;

        location / {
                try_files $uri $uri/ =404;
        }

    resolver 8.8.8.8;

    location ~ ^/podcasts/security-now/(.*) {
        proxy_set_header Host s3.us-west-1.wasabisys.com;
        proxy_pass $scheme://s3.us-west-1.wasabisys.com/bits-podcasts/security-now/$1;
    }

    listen [::]:443 ssl; # managed by Certbot
    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/bits.omnifora.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/bits.omnifora.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}
server {
    if ($host = bits.omnifora.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


        listen 80;
        listen [::]:80;

        server_name bits.omnifora.com;
    return 404; # managed by Certbot
}

(Omnifora) #4