Adapting an S3 config from NGINX to Caddy

QuadRadical · July 26, 2025, 4:15pm

Hello! I’m wondering how I coulud go about adapting this NGINX config to Caddyfile:

locations."/media/" = {
  proxyPass = cfg.s3Url;
  extraConfig = ''
    auth_request /media-auth;
    auth_request_set $authHeader $upstream_http_authorization;
    auth_request_set $authDate $upstream_http_x_amz_date;
    auth_request_set $authContentSha256 $upstream_http_x_amz_content_sha256;

    proxy_set_header Authorization $authHeader;
    proxy_set_header X-Amz-Date $authDate;
    proxy_set_header X-Amz-Content-SHA256 $authContentSha256;

    add_header Content-Security-Policy "default-src 'none'" always;
  '';
};

The syntax is a bit different due to this being nix, but you get the idea.

Basically /media is proxied to an s3 store, but it has to authenticate with a local endpoint first (/media-auth) to get the credentials to do so. I don’t know if there is a way to do this in Caddy, so any help would be appreciated.

Thanks in advance!

QuadRadical · July 27, 2025, 3:07am

I ended up making a custom proxy that caddy reverse proxies to that handles this: Henry-Hiles/lasuite_docs_proxy - Forgejo: Beyond coding. We Forge.

Mohammed90 · July 27, 2025, 7:32am

You’re searching for forward_auth

system · August 26, 2025, 7:32am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.