{"id":13929941,"url":"https://github.com/lindenlab/caddy-s3-proxy","last_synced_at":"2026-01-16T16:55:51.944Z","repository":{"id":38440037,"uuid":"292761878","full_name":"lindenlab/caddy-s3-proxy","owner":"lindenlab","description":"s3 proxy plugin for caddy","archived":false,"fork":false,"pushed_at":"2024-07-26T22:42:41.000Z","size":339,"stargazers_count":88,"open_issues_count":21,"forks_count":24,"subscribers_count":9,"default_branch":"master","last_synced_at":"2025-07-19T15:35:18.480Z","etag":null,"topics":["caddy-s3-proxy","caddy2"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/lindenlab.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2020-09-04T05:54:19.000Z","updated_at":"2025-07-09T21:58:10.000Z","dependencies_parsed_at":"2023-12-11T18:39:56.753Z","dependency_job_id":"ab05622c-2bae-451f-9859-4acde4f7f56b","html_url":"https://github.com/lindenlab/caddy-s3-proxy","commit_stats":null,"previous_names":[],"tags_count":23,"template":false,"template_full_name":null,"purl":"pkg:github/lindenlab/caddy-s3-proxy","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lindenlab%2Fcaddy-s3-proxy","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lindenlab%2Fcaddy-s3-proxy/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lindenlab%2Fcaddy-s3-proxy/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lindenlab%2Fcaddy-s3-proxy/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/lindenlab","download_url":"https://codeload.github.com/lindenlab/caddy-s3-proxy/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lindenlab%2Fcaddy-s3-proxy/sbom","scorecard":{"id":590527,"data":{"date":"2025-08-11","repo":{"name":"github.com/lindenlab/caddy-s3-proxy","commit":"850db193cb7f48546439d236f2a6de7bd7436e2e"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":3.4,"checks":[{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: no topLevel permission defined: .github/workflows/golangci-lint.yml:1","Warn: no topLevel permission defined: .github/workflows/test.yml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Code-Review","score":2,"reason":"Found 8/27 approved changesets -- score normalized to 2","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/golangci-lint.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/lindenlab/caddy-s3-proxy/golangci-lint.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/golangci-lint.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/lindenlab/caddy-s3-proxy/golangci-lint.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/golangci-lint.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/lindenlab/caddy-s3-proxy/golangci-lint.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/lindenlab/caddy-s3-proxy/test.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/lindenlab/caddy-s3-proxy/test.yml/master?enable=pin","Warn: containerImage not pinned by hash: Dockerfile:1: pin your Docker image by updating debian:buster-slim to debian:buster-slim@sha256:bb3dc79fddbca7e8903248ab916bb775c96ec61014b3d02b4f06043b604726dc","Info:   0 out of   4 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of   1 third-party GitHubAction dependencies pinned","Info:   0 out of   1 containerImage dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: Apache License 2.0: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'master'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Vulnerabilities","score":8,"reason":"2 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GO-2022-0635","Warn: Project is vulnerable to: GO-2022-0646"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 28 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}}]},"last_synced_at":"2025-08-20T21:46:08.194Z","repository_id":38440037,"created_at":"2025-08-20T21:46:08.194Z","updated_at":"2025-08-20T21:46:08.194Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28480081,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-16T11:59:17.896Z","status":"ssl_error","status_checked_at":"2026-01-16T11:55:55.838Z","response_time":107,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["caddy-s3-proxy","caddy2"],"created_at":"2024-08-07T18:02:37.998Z","updated_at":"2026-01-16T16:55:51.922Z","avatar_url":"https://github.com/lindenlab.png","language":"Go","funding_links":[],"categories":["others","Go"],"sub_categories":[],"readme":"[![golangci-lint Actions Status](https://github.com/lindenlab/caddy-s3-proxy/workflows/golangci-lint/badge.svg)](https://github.com/lindenlab/caddy-s3-proxy/actions)\n[![Test Actions Status](https://github.com/lindenlab/caddy-s3-proxy/workflows/Test/badge.svg)](https://github.com/lindenlab/caddy-s3-proxy/actions)\n[![All Contributors](https://img.shields.io/badge/all_contributors-2-orange.svg?style=flat-square)](#contributors)\n\n# caddy-s3-proxy\n\ncaddy-s3-proxy allows you to proxy requests directly from S3.\n\nS3 does have the website option, in which case, a normal reverse proxy could be used to display S3 data.\nHowever, it is sometimes inconvient to do that.  This module lets you access S3 data even if website access\nis not configured on your bucket.\n\n## Making a version of caddy with this plugin\n\nWith caddy 2 you can use [xcaddy](https://github.com/caddyserver/xcaddy) to build a version of caddy\nwith this plugin installed.  To install xcaddy do:\n```\ngo install github.com/caddyserver/xcaddy/cmd/xcaddy@latest\n```\n\nThis repo has a Makefile to make it easier to build a new version of caddy with this plugin.  Just type:\n```\nmake build\n```\n\nYou can run ```make docker``` do build a local image you can test with.\n\n## Configuration\nThe Caddyfile directive would look something like this:\n```\n\ts3proxy [\u003cmatcher\u003e] {\n\t\tbucket \u003cbucket_name\u003e\n\t\tregion \u003cregion_name\u003e\n                profile \u003caws profile\u003e\n\t\tindex  \u003clist of index file names\u003e\n\t\tendpoint \u003calternative S3 endpoint\u003e\n\t\troot   \u003ckey prefix\u003e\n\t\tenable_put\n\t\tenable_delete\n \t\tforce_path_style\n\t\terrors \u003chttp status\u003e \u003cS3 key to a custom error page for this http status\u003e\n\t\terrors \u003cS3 key to a default error page\u003e\n\t\tbrowse [\u003cpath to template\u003e]\n\t}\n```\n\n|  option   |  type  |  required | default | help |\n|-----------|:------:|-----------|---------|------|\n| bucket              | string   | yes |                          | S3 bucket name |\n| region              | string   | yes-ish  |  env AWS_REGION          | S3 region - if not give in the Caddyfile then AWS_REGION env var must be set.|\n| profile             | string   | no  |  empty string            | AWS profile if using shared credentials files. |\n| endpoint            | string   | no  |  aws default             | S3 hostname |\n| index               | string[] | no  |  [index.html, index.txt] | Index files to look up for dir path |\n| root                | string   | no  |    | Set a \"prefix\" to be added to key |\n| enable_put          | bool     | no  | false   | Allow PUT method to be sent through proxy |\n| enable_delete       | bool     | no  | false   | Allow DELETE method to be sent through proxy |\n| force_path_style    | bool     | no  | false   | Set this to `true` to force S3 request to use path-style addressing |\n| use_accelerate      | bool     | no  | false   | Set this to `true` to enable S3 Accelerate feature |\n| errors              | [int, ] string | no |  | Custom error page or use \"pass_through\" to write nothing for errors. |\n| browse              | [string] | no |  | Turns on a directory view for partial keys, an optional path to a template can be given |\n\n## Credentials\n\nThis module uses the default providor chain to get credentials for access to S3.  This provides several more\nsecure options to provide credentials for accessing S3 without putting the credentials in the Caddyfile.\nThe methods include (and are looked for in this order):\n\n1) Environment variables.  I.e. AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY\n\n2) Shared credentials file.  (Located at ~/.aws/credentials)\n   (You may pass the optional profile directive to select specific credentials.)\n\n3) If your application uses an ECS task definition or RunTask API operation, IAM role for tasks.\n\n4) If your application is running on an Amazon EC2 instance, IAM role for Amazon EC2.\n\nFor much more detail on the various options for setting AWS credentials see here:\nhttps://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html\n\n## Works with localstack!\n\nThe s3 proxy works great with localstack for local testing.  Just set the endpoint directive to your localstack\ninstance.  You will also want to set the `force_path_style` directive as well since localstack currently does not\nsupport virtual style addressing.  In fact, all of our examples use localstack - check out the examples directory.\n\n## Handling errors\n\nWhen accessing S3 you may get errors like keyNotFound, bucket does not exist, or ACL permissions problems.  By default\nthis proxy will map those errors to an http error - like 404, 403 or 500.\n\nHowever, with the `errors` directive you have a couple of more options.  You can specify a S3 key that may contain HTML\nto display rather than just returning an error code.  This can be done for a specific error or all errors.  For example,\n```\nerrors 403 /key/path/to/permissionerr.html\nerrors /key/path/to/defaulterr.html\n```\nThis will display the page permissionerr.html for any 403 errors and defaulterr.html for all other errors.\n\nThere is a special option to \"pass through\" on an error and let the next Caddy handler deal with the request.  For example,\n```\nerrors 404 pass_through\nerrors /key/path/to/defaulterr.html\n```\n\nWill pass 404 errors onto the next handler.  All other errors will show the page defaulterr.html.\n\nNote: The `errors` direction only applies to GET method requests.  PUT and DELETE errors just return the code.\n\n## Examples you can play with\n\nIn the examples directory is an example of using the s3proxy with localstack.\nLocalstack contains a working version of S3 you can use for local development.\n\nCheck out the examples [here](example/LOCALSTACK_EXAMPLE.md).\nYou can also just run ```make example``` to build a docker image with the plugin and launch the compose example.\n\n# Contributors\n\nA big thank you to folks who have contributed to this project!\n\n\u003c!-- ALL-CONTRIBUTORS-LIST:START - Do not remove or modify this section --\u003e\n\u003c!-- prettier-ignore-start --\u003e\n\u003c!-- markdownlint-disable --\u003e\n\u003ctable\u003e\n  \u003ctr\u003e\n    \u003ctd align=\"center\"\u003e\u003ca href=\"https://github.com/rayjlinden\"\u003e\u003cimg src=\"https://avatars0.githubusercontent.com/u/42587610?v=4\" width=\"100px;\" alt=\"\"/\u003e\u003cbr /\u003e\u003csub\u003e\u003cb\u003erayjlinden\u003c/b\u003e\u003c/sub\u003e\u003c/a\u003e\u003c/td\u003e\n    \u003ctd align=\"center\"\u003e\u003ca href=\"https://github.com/gilbsgilbs\"\u003e\u003cimg src=\"https://avatars2.githubusercontent.com/u/3407667?v=4\" width=\"100px;\" alt=\"\"/\u003e\u003cbr /\u003e\u003csub\u003e\u003cb\u003eGilbert Gilb's\u003c/b\u003e\u003c/sub\u003e\u003c/a\u003e\u003c/td\u003e\n    \u003ctd align=\"center\"\u003e\u003ca href=\"https://github.com/christoph-kluge\"\u003e\u003cimg src=\"https://avatars3.githubusercontent.com/u/1446269?v=4\" width=\"100px;\" alt=\"\"/\u003e\u003cbr /\u003e\u003csub\u003e\u003cb\u003eChristoph Kluge\u003c/b\u003e\u003c/sub\u003e\u003c/a\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n\u003c/table\u003e\n\n\u003c!-- markdownlint-enable --\u003e\n\u003c!-- prettier-ignore-end --\u003e\n\u003c!-- ALL-CONTRIBUTORS-LIST:END --\u003e\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Flindenlab%2Fcaddy-s3-proxy","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Flindenlab%2Fcaddy-s3-proxy","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Flindenlab%2Fcaddy-s3-proxy/lists"}