Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

NGINX AWS Signature Library to authenticate AWS services such as S3 and Lambda via NGINX and NGINX Plus.

License

NotificationsYou must be signed in to change notification settings

nginxinc/nginx-aws-signature

NGINX AWS Signature Library to authenticate AWS services such as S3 and Lambda via NGINX and NGINX Plus.

TABLE OF CONTENTS:

Getting Started

This project is to provide the common library for your apps or services. To get this project up and running, the following nginx project can be used prior to implementing your project.

Directory Structure and File Descriptions

nginx-aws-signature│├── core│   ├── awscredentials.js       common lib to read and write AWS credentials│   ├── awssig2.js              common lib to build AWS signature v2│   ├── awssig4.js              common lib to build AWS signature v4│   │                           :│   │                           add new lib when AWS releases new signature ver.│   │                           :│   └── utils.js                common lib to be reused by all NJS codebase│├── tests│   ├── docker│   │   ├── build_text          Docker environments for testing NJS codebases│   │   │   ├── nginx           NGINX config files for testing NJS codebases│   │   │   └── ssl             NGINX Plus license files when testing lib on NGINX Plus│   │   ├── Dockerfile.oss      for testing AWS signaure lib on NGINX OSS│   │   ├── Dockerfile.plus     for testing AWS signaure lib on NGINX Plus│   │   └── docker-compose.yml  to build and run a container for testing AWS signaure lib│   ├── unit-test               contains automated tests for validang that the lib works│   └── test.sh                 test launcher│└── Makefile                    automate to build/start/stop testing environment

NGINX AWS Signature Signing Flow

How to Use

Sparse Checkouts of Submodules

Create or updategit submodule when using this lib in your repository. Otherwise, skip the following steps, and copycore/*.js into the prefered directory on your NGINX instance.

Step 1. Choose one of the following options

  • Option 1. Clone this repo with a depth of 1 for the first time

    git clone --depth=1 --no-checkout git@github.com:nginxinc/nginx-aws-signature.git<path/to/submodule>

  • Option 2. Update a submodule when using the latest lib after cloning

    git submodule update --init<path/to/submodule>

Step 2. Sparse checkouts of submodules

git submodule absorbgitdirsgit -C<path/to/submodule> config core.sparseCheckouttrueecho'core/*'>>.git/modules/<path/to/submodule>/info/sparse-checkoutgit submodule update --force --checkout<path/to/submodule>

Configure NGINX

js_import /etc/nginx/awssig/awscredentials.js;js_import /etc/nginx/awssig/awssig4.js;js_import /etc/nginx/serverless/lambdagateway.js;js_set$awsDate                 awssig4.awsHeaderDate;js_set$awsPayloadHash          awssig4.awsHeaderPayloadHash;js_set$awsSessionToken         awscredentials.sessionToken;js_set$lambdaFunctionARNAuth   lambdagateway.lambdaFunctionARNAuth;js_var$defaultHostName'nginx-lambda-gateway';map$request_uri$lambda_url { default  https://lambda.us-east-1.amazonaws.com;}server {listen80;# Use SSL/TLS in productionlocation/2015-03-31/functions/foo/invocations{auth_request /aws/credentials/retrieval;proxy_set_header x-amz-date$awsDate;proxy_set_header x-amz-content-sha256$awsPayloadHash;proxy_set_header x-amz-security-token$awsSessionToken;proxy_set_header Authorization$lambdaFunctionARNAuth;proxy_pass$lambda_url$request_uri;    }location/aws/credentials/retrieval{internal;js_content awscredentials.fetchCredentials;    }}

Examples:

ProjectConfig example
nginx-s3-gateway/etc/nginx/conf.d/default.conf
nginx-lambda-gateway/etc/nginx/conf.d/nginx_lambda_gateway.conf

Integrate AWS Signature Lib To Your Custom NJS

Import library files ofnginx-aws-signature, and implement a function to generateAuthorization header by using the lib with the proper parameters in your custom NJS.

/etc/nginx/<custom-njs-path>/<your-njs>.js:

importawscredfrom"../awssig/awscredentials.js";importawssig4from"../awssig/awssig4.js";importutilsfrom"../awssig/utils.js";constSERVICE='lambda';utils.requireEnvVar('LAMBDA_SERVER');utils.requireEnvVar('LAMBDA_REGION');functionlambdaFunctionARNAuth(r){consthost=process.env['LAMBDA_SERVER'];constregion=process.env['LAMBDA_REGION'];constqueryParams='';constcredentials=awscred.readCredentials(r);constsignature=awssig4.signatureV4(r,awscred.Now(),region,SERVICE,r.variables.request_uri,queryParams,host,credentials);returnsignature;}

Examples:

ProjectNJS example
nginx-s3-gateways3gateway.js
nginx-lambda-gatewaylambdagateway.js

Contributing

Please see thecontributing guide for guidelines on how to best contribute to this project.

Authors and acknowledgment

This project was inspired the on the great work bynginx-s3-gateway andnginx-serverless.

License

Apache License, Version 2.0

©F5, Inc. 2023

About

NGINX AWS Signature Library to authenticate AWS services such as S3 and Lambda via NGINX and NGINX Plus.

Topics

Resources

License

Code of conduct

Security policy

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Contributors4

  •  
  •  
  •  
  •  
[8]ページ先頭
©2009-2025 Movatter.jp