This document provides instructions for running a docker container with gcsproxy and NGINX setup to proxy connections to gcsproxy requiring API key auth.
An example of a potential use case for this setup is to proxy connections to a GCS bucket that is not publicly accessible but requires a basic HTTP(S) connection. For example for connecting a Cloudfront Distribution to GCS.
This can be done by running a docker container with gcsproxy and NGINX setup to proxy connections to gcsproxy requiring API key auth. The diagram below shows the architecture of this setup:
Before proceeding, ensure that you have the following:
- Docker installed
- GCP project with the necessary permissions to access the required GCS buckets
- API key for NGINX authentication
- Clone/download the repository to your local machine:
git clone https://github.com/withriley/gcsproxy.git- Navigate to the cloned/downloaded directory:
cd gcsproxy- Build the docker container:
docker build -t gcsproxy .- Run the docker container:
docker run \
-v "$HOME/.config/gcloud/application_default_credentials.json":/gcp/creds.json:ro \
-p 8081:8081 \
-e GOOGLE_APPLICATION_CREDENTIALS=/gcp/creds.json \
-e API_KEY=<YOUR_API_KEY> \
gcsproxywhere:
"$HOME/.config/gcloud/application_default_credentials.json"is the path to your GCP credentials file8081is the port that NGINX will listen onGOOGLE_APPLICATION_CREDENTIALS=/gcp/creds.jsonis the environment variable thatgcsproxywill use to authenticate to GCPgcsproxyis the name of the docker containerAPI_KEYis the API key that you will use to authenticate to NGINX
To then connect to the bucket:
curl -X GET -H "X-APIkey: <YOUR_API_KEY>" http://localhost:8081/bucket-name/object-nameThis project is licensed under the MIT License - see the LICENSE file for details.