self-host/proxy/nginx/conf.d/s3.conf

# HTTP configuration
# -- Redirect all HTTP requests to HTTPS port
server {
	listen 80; # HTTP port
	server_name s3.systemsobscure.net;
	location / {
		return 301 https://$host$request_uri; # Variable is a placeholder for all requests to the server name
	}
}

# HTTPS configuration 

server {
	listen 443 ssl;
	server_name *.s3.systemsobscure.net s3.systemsobscure.net;

  client_max_body_size 100M; # Allow large image uploads

	# SSL configuration
	ssl_certificate /etc/letsencrypt/live/systemsobscure.net/fullchain.pem;
	ssl_certificate_key /etc/letsencrypt/live/systemsobscure.net/privkey.pem;

	# Security headers
  add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
    

	# S3 API for authenticated operations 
	
	location /api/ {
		proxy_pass http://172.18.0.1:3900/;
		proxy_set_header Host $host;
	
		# CORS headers for web access
    add_header Access-Control-Allow-Origin *;
		add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS";
    add_header Access-Control-Allow-Headers "Authorization, Content-Type";

		# Handle preflight requests
    if ($request_method = 'OPTIONS') {
			return 204;
    }
	}


	# Web endpoint for public file access 

	location / {
		proxy_pass http://172.18.0.1:3902;
		proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
  }
}
feat: add proxy routing for garage (S3) 2025-08-10 16:43:39 +01:00			`# HTTP configuration`
			`# -- Redirect all HTTP requests to HTTPS port`
			`server {`
			`listen 80; # HTTP port`
			`server_name s3.systemsobscure.net;`
			`location / {`
			`return 301 https://$host$request_uri; # Variable is a placeholder for all requests to the server name`
			`}`
			`}`

			`# HTTPS configuration`

			`server {`
			`listen 443 ssl;`
fix (infra): add support for Garage bucket subdoms 2025-08-12 15:48:19 +00:00			`server_name *.s3.systemsobscure.net s3.systemsobscure.net;`
feat: add proxy routing for garage (S3) 2025-08-10 16:43:39 +01:00
fix: enable 100M uploads S3 (garage) 2025-08-10 16:45:55 +01:00			`client_max_body_size 100M; # Allow large image uploads`

feat: add proxy routing for garage (S3) 2025-08-10 16:43:39 +01:00			`# SSL configuration`
			`ssl_certificate /etc/letsencrypt/live/systemsobscure.net/fullchain.pem;`
			`ssl_certificate_key /etc/letsencrypt/live/systemsobscure.net/privkey.pem;`

			`# Security headers`
			`add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;`


feat (infra): add web address for public Garage content 2025-08-12 16:24:38 +01:00			`# S3 API for authenticated operations`

			`location /api/ {`
			`proxy_pass http://172.18.0.1:3900/;`
			`proxy_set_header Host $host;`

feat: add proxy routing for garage (S3) 2025-08-10 16:43:39 +01:00			`# CORS headers for web access`
			`add_header Access-Control-Allow-Origin *;`
			`add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS";`
			`add_header Access-Control-Allow-Headers "Authorization, Content-Type";`
feat (infra): add web address for public Garage content 2025-08-12 16:24:38 +01:00
			`# Handle preflight requests`
feat: add proxy routing for garage (S3) 2025-08-10 16:43:39 +01:00			`if ($request_method = 'OPTIONS') {`
			`return 204;`
			`}`
feat (infra): add web address for public Garage content 2025-08-12 16:24:38 +01:00			`}`


			`# Web endpoint for public file access`

			`location / {`
			`proxy_pass http://172.18.0.1:3902;`
			`proxy_set_header Host $host;`
			`proxy_set_header X-Real-IP $remote_addr;`
			`proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;`
			`proxy_set_header X-Forwarded-Proto $scheme;`
feat: add proxy routing for garage (S3) 2025-08-10 16:43:39 +01:00			`}`
			`}`