drive/docker/files/development/etc/nginx/conf.d/default.conf

server {
    listen 8083;
    server_name localhost;
    charset utf-8;

    # Proxy auth for media
    location /media/ {
        # Auth request configuration
        auth_request /media-auth;
        auth_request_set $authHeader $upstream_http_authorization;
        auth_request_set $authDate $upstream_http_x_amz_date;
        auth_request_set $authContentSha256 $upstream_http_x_amz_content_sha256;

        # Pass specific headers from the auth response
        proxy_set_header Authorization $authHeader;
        proxy_set_header X-Amz-Date $authDate;
        proxy_set_header X-Amz-Content-SHA256 $authContentSha256;

        # Get resource from Minio
        proxy_pass http://minio:9000/drive-media-storage/;
        proxy_set_header Host minio:9000;
        # To use with ds_proxy
        # proxy_pass http://ds-proxy:4444/upstream/drive-media-storage/;
        # proxy_set_header Host ds-proxy:4444;
        add_header Content-Disposition "attachment";
    }

    # Proxy auth for media
    location /media/preview/ {
        # Auth request configuration
        auth_request /media-auth;
        auth_request_set $authHeader $upstream_http_authorization;
        auth_request_set $authDate $upstream_http_x_amz_date;
        auth_request_set $authContentSha256 $upstream_http_x_amz_content_sha256;

        # Pass specific headers from the auth response
        proxy_set_header Authorization $authHeader;
        proxy_set_header X-Amz-Date $authDate;
        proxy_set_header X-Amz-Content-SHA256 $authContentSha256;

        # Get resource from Minio
        proxy_pass http://minio:9000/drive-media-storage/;
        proxy_set_header Host minio:9000;
        # To use with ds_proxy
        # proxy_pass http://ds-proxy:4444/upstream/drive-media-storage/;
        # proxy_set_header Host ds-proxy:4444;
    }

    location /media-auth {
        proxy_pass http://app-dev:8000/api/v1.0/items/media-auth/;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Original-URL $request_uri;
        
        # Prevent the body from being passed
        proxy_pass_request_body off;
        proxy_set_header Content-Length "";
        proxy_set_header X-Original-Method $request_method;
    }

    location / {
        proxy_pass http://keycloak:8080;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }
}