This allows me to proxy public objects, but not private. S3 auth requires stuff outside of what’s possible in the Caddyfile. Would this be doable with a plugin?
What I mean, of course, is that there is definitely some interest in a plugin that does this! That is, IF the proxy directive really can’t do it (I wouldn’t know off hand, not a whole lot of experience with S3, and there are many use cases).
It’d be cool if there was a way to setup bounties for plugins.
I need this for my personal file host, but I’d throw $20 at anyone who could make this happen.
It’d save me a ton of trouble if someone decided to DOS my DO Spaces bucket.
You could probably just hire someone to build it. I’ve been hired to build Caddy plugins before, but any skilled Go developer could do it. Probably in the process of building it, it’ll become clear whether a whole separate middleware is needed or just some layer of auth or even just a small change/improvement to the existing proxy middleware. We’ll see!
How do I go about that? It’s only for sharing screenshots and stuff with friends (doesn’t make money), so I can’t offer more than around $20, which doesn’t go far for dev time.
This is interesting to me. I’d also like some sort of authorization level in front of this. So essentially I’d have only authorized users to my app that can request a URL path inside my app domain and be transparently proxied to the content on a private DO spaces.
Perhaps I would have my app send back an X-Accel-Redirect header and then caddy would know how to proxy that to the DO space? Or maybe try the JWT middleware?
Jacob, I noticed that the invalid file returns a 403 status code. Couldn’t caddy just intercept that and display your own message using the errors directive?
I thought about that. But it’d still be security through obscurity. It’d be much cleaner to use proper authorization. Then you could protect files with basic auth in Caddy as well.
One thing a plugin might be able to fix is mime types.
Right now, I have to set mime types for each domain using the mime directive.
Otherwise, a text file named script.sh gets downloaded instead of shown.