Minio S3 Storage Nginx proxy_pass config with SSL and Static-Site

Nginx config for Minio S3 proxy_pass :9000 to :443 (with support SSL and Hosting Static Site from *.zip archives).

See Issue to support correct Content-Type: text/javascript of the assets from zip-archive: https://github.com/minio/minio/issues/19440

nano /etc/nginx/sites-available/s3.DOMAIN.com.ua.conf

upstream minio_s3 {
   least_conn;
   server localhost:9000;
   #server minio-02.internal-domain.com:9000;
   #server minio-03.internal-domain.com:9000;
   #server minio-04.internal-domain.com:9000;
}

upstream minio_console {
   least_conn;
   server localhost:9001;
   #server minio-02.internal-domain.com:9001;
   #server minio-03.internal-domain.com:9001;
   #server minio-04.internal-domain.com:9001;
}

server {
    listen 80;
    server_name s3.DOMAIN.com.ua;

    location ^~ /.well-known/acme-challenge/ {
        default_type "text/plain";
        root /var/www/html;
        #alias /var/www/html/.well-known/acme-challenge/;
    }

    location / {
        return 301 https://$host$request_uri;
    }
}

## @see BugReport: https://github.com/minio/minio/issues/19440
map $uri $assets_content_type {
    # if $http_host contains the word staging
    "~.+\.js$"  "text/javascript";
    "~.+\.css$" "text/css";
    default     "text/plain";
}

server {
    listen       443 ssl;
    server_name  s3.DOMAIN.com.ua;

    ssl_certificate     /root/.acme.sh/s3.DOMAIN.com.ua/fullchain.cer;
    ssl_certificate_key /root/.acme.sh/s3.DOMAIN.com.ua/s3.edprofi.com.ua.key;

    # Allow special characters in headers
    ignore_invalid_headers off;
    # Allow any size file to be uploaded.
    # Set to a value such as 1000m; to restrict file size to a specific value
    client_max_body_size 0;
    # Disable buffering
    proxy_buffering off;
    proxy_request_buffering off;

    location = /favicon.ico {
        access_log off;
        return 204;
        #add_header "Content-Type" "image/png";
    }

    ## Can used instead map
    #if ($uri ~ '.+\.js$') {
    #    set $assets_content_type "text/javascript";
    #}

    location / {
        #proxy_cache mycache;

       ## Gzip Settings
       #gzip on;
       #gzip_vary on;
       #gzip_proxied any;
       #gzip_comp_level 6;
       #gzip_buffers 16 8k;
       #gzip_http_version 1.1;
       #gzip_types image/jpeg text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;

       ## My: Use Indexing for extract Zip archives (Zip Extract). Example: /site.zip/index.html
       proxy_set_header X-Minio-Extract true;

       ## Proxy to :9000
       proxy_set_header Host $http_host;
       proxy_set_header X-Real-IP $remote_addr;
       proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
       proxy_set_header X-Forwarded-Proto $scheme;

       proxy_connect_timeout 300;
       # Default is HTTP/1, keepalive is only enabled in HTTP/1.1
       proxy_http_version 1.1;
       proxy_set_header Connection "";
       chunked_transfer_encoding off;

       # This uses the upstream directive definition to load balance
       proxy_pass https://minio_s3;

       #proxy_hide_header X-Content-Type-Options;
       #proxy_hide_header X-Content-Type;
       #add_header X-Content-Type text/javascript;
    }

    ####
    ## (!) Fixed an error: Refused to apply style from 'https://s3.DOMAIN.com.ua/public/site.zip/src/style.css' because its MIME type ('text/plain') is not a supported stylesheet MIME type, and strict MIME checking is enabled.
    ####
    location ~.+\.(js|css)$ {
       ## My: Use Indexing for extract Zip archives (Zip Extract). Example: /site.zip/index.html
       proxy_set_header X-Minio-Extract true;

       ## Proxy to :9000
       proxy_set_header Host $http_host;
       proxy_set_header X-Real-IP $remote_addr;
       proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
       proxy_set_header X-Forwarded-Proto $scheme;

       proxy_connect_timeout 300;
       # Default is HTTP/1, keepalive is only enabled in HTTP/1.1
       proxy_http_version 1.1;
       proxy_set_header Connection "";
       chunked_transfer_encoding off;

       # This uses the upstream directive definition to load balance
       proxy_pass https://minio_s3;

       #proxy_hide_header X-Content-Type-Options;
       proxy_hide_header Content-Type;
       add_header Content-Type "$assets_content_type";
       #add_header X-My-Content-Type "$assets_content_type";
       #add_header Content-Type 'application/javascript; charset=utf-8';
    }

    ## Require: MINIO_BROWSER_REDIRECT_URL="https://s3.DOMAIN.com.ua/minio/"
    location /minio/ {
        rewrite ^/minio/(.*) /$1 break;
        proxy_set_header Host $http_host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-NginX-Proxy true;

        # This is necessary to pass the correct IP to be hashed
        real_ip_header X-Real-IP;

        proxy_connect_timeout 300;

        # To support websockets in MinIO versions released after January 2023
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        # Some environments may encounter CORS errors (Kubernetes + Nginx Ingress)
        # Uncomment the following line to set the Origin request to an empty string
        # proxy_set_header Origin '';

        chunked_transfer_encoding off;

        # This uses the upstream directive definition to load balance
        proxy_pass https://minio_console;
    }
}

#minio #s3 #storage #nginx #proxy_pass #hosting #file server #upload