drive.nginx

proxy_cache_path /tmp/nginx_cache_d levels=1:2 keys_zone=cache_d:16m max_size=1g inactive=7d use_temp_path=off;

server {
    listen 80;
    listen [::]:80;
    listen 443 ssl http2;
    listen [::]:443 ssl http2;

    server_name drive.example.tld;
    ssl_session_cache shared:ssl_session_cache:10m;

    # To use Let's Encrypt certificate
    #ssl_certificate     /etc/letsencrypt/live/example.tld/fullchain.pem;
    #ssl_certificate_key /etc/letsencrypt/live/example.tld/privkey.pem;

    # To use Debian/Ubuntu's self-signed certificate (For testing or before issuing a certificate)
    ssl_certificate     /etc/ssl/certs/ssl-cert-snakeoil.pem;
    ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key;

    # SSL protocol settings
    ssl_protocols TLSv1.2;
    ssl_ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:AES128-SHA;
    ssl_prefer_server_ciphers on;

    set $s3_backend 'https://your-bucket.s3-us-west-2.amazonaws.com';

    location / {
        resolver 8.8.8.8 8.8.4.4;
        proxy_pass $s3_backend$uri;
        proxy_redirect off;

        # idiom for use keep-alive
        proxy_http_version 1.1;
        proxy_set_header Connection "";

        # Cache settings
        proxy_cache cache_d;
        proxy_cache_lock on;
        proxy_cache_use_stale updating;
        add_header X-Cache $upstream_cache_status always;

        # cors
        add_header Access-Control-Allow-Origin *;
    }
}