Custom domain with S3 Proxy

Currently, it is not possible to assign a custom domain name to a Bucket. If you want to use your own domain, you can set up domain forwarding manually.

This how-to guide explains how to forward S3 requests using a custom domain name via the Docker image oxynozeta/s3-proxy. For more information about S3 Proxy, see their GitHub repository.

Prerequisites:

• Your own domain
• A TLS/SSL certificate for your own domain (optional)
• A server with a public IP address
• A Bucket with objects (can be private)

Important: When you access your own domain, the S3 Proxy uses your S3 credentials to access the data from the Bucket. This makes the Bucket data publicly accessible via your own domain even if the Bucket visibility is set to "private". To increase security, this how-to guide explains, how to setup basic authentication. This way, the S3 Proxy will request a username and a password before it returns the data.

By the end of this how-to guide, the server should forward all requests directly to the Bucket.

1. Create a new DNS entry

   Create a new DNS record. Point the domain at the IP address of the server on which you plan to set up the S3 Proxy.

   Note that it can take several hours to propagate.

2. Install Docker

   Connect to the server and check if Docker is already installed. If it isn't, install it now.

   You can follow the instructions in the official Docker documentation: Install Docker Engine

3. Setup S3 Proxy

   Create a new directory for the S3 Proxy files:

   mkdir s3-proxy

   In the new directory, create the following files:

   s3-proxy/
   ├── .env
   └── conf/
       ├── server.yaml
       ├── target.yaml
       └── auth.yaml

   Now, add the following content:

   • .env

     Replace <your_access_key> and <your_secret_key> with your actual S3 credentials, and <password_for_authentication> with a password of your choice to access the files via the S3 Proxy.

     ACCESS_KEY=<your_access_key>
     SECRET_KEY=<your_secret_key>
     PASSWORD=<password_for_authentication>

   
   

   • conf/server.yaml

     server:
       listenAddr: "0.0.0.0"
       port: 8080
       ssl:
         # If you have an TLS/SSL certificate, replace "false" with "true" and uncomment the certificate lines below
         enabled: false
         #certificates:
         # '/domain/certs' will be the path on the Docker container.
         #  - certificateUrl: file:///domain/certs/fullchain.pem
         #    privateKeyUrl: file:///domain/certs/privkey.pem

   
   

   • conf/target.yaml

     Replace <bucket_name> and <region> with the name and region of your Bucket, and <user_name> with a username for authentication with S3 Proxy.

     targets:
       <bucket_name>:
         mount:
           path:
             # If you set /, you can access your Bucket files via example.com/<file_name>
             # If you set a path like /<bucket_name>/, for example, you can access your Bucket files via example.com/<bucket_name>/<file_name>
             - /
         # You need the resources section to enable basic authentication.
         # If you set /*, you will have to provide user credentials for ALL paths.
         resources:
           - path: /*
             provider: provider1
             basic:
               credentials:
                 - user: <user_name>
                   password:
                     env: PASSWORD
         bucket:
           name: <bucket_name>
           region: <region>
           s3Endpoint: https://<region>.your-objectstorage.com
           disableSSL: false
           # This example uses "env", see https://oxyno-zeta.github.io/s3-proxy/configuration/structure/#credentialconfiguration
           credentials:
             accessKey:
               env: ACCESS_KEY
             secretKey:
               env: SECRET_KEY

   
   

   • conf/auth.yaml

     The example below uses basic authentication. To increase security, you may also consider Oauth2-proxy.

     authProviders:
       basic:
         provider1:
           realm: My Basic Auth Realm

4. Start the Docker container

   Before you run the Docker command, navigate to the directory that contains your .env file and the conf directory. The variable $PWD will be replaced with the current working directory automatically.

   • Without SSL certificate:

     docker run -d --name s3-proxy \
                -p 80:8080 \
                -p 9090:9090 \
                -v $PWD/conf:/proxy/conf \
                --env-file $PWD/.env \
                oxynozeta/s3-proxy

   
   

   • With SSL certificate:

     Replace /etc/letsencrypt/live/example.com with the local path to your certificate files.

     docker run -d --name s3-proxy \
                -p 443:8080 \
                -p 9090:9090 \
                -v $PWD/conf:/proxy/conf \
                -v /etc/letsencrypt/live/example.com:/domain/certs \
                --env-file $PWD/.env \
                oxynozeta/s3-proxy

When you access a file via your domain, the server should now forward the request to the Bucket.