S3Proxy allows applications using the S3 API to access other object stores, e.g., EMC Atmos, Google Cloud Storage, Microsoft Azure, OpenStack Swift. It also allows local testing of S3 without the cost or latency associated with using AWS. Finally users can extend S3Proxy with custom middlewares, e.g., caching, encryption, tiering.
- create, remove, and list buckets (including user-specified regions)
- put, get, delete, and list objects
- multi-part uploads (emulated operation, see #2)
- copy objects (emulated operation, see #46)
- delete multiple objects
- store and retrieve object metadata, including user metadata
- set and get canned bucket and object ACLs (private and public-read only)
- authorization via AWS signature v2 (including pre-signed URLs) or anonymous access
- listen on HTTP or HTTPS
Supported object stores:
- atmos
- aws-s3
- azureblob
- filesystem (on-disk storage)
- google-cloud-storage
- hpcloud-objectstorage
- openstack-swift
- rackspace-cloudfiles-uk and rackspace-cloudfiles-us
- s3
- swift and swift-keystone (legacy)
- transient (in-memory storage)
Users can download releases
from GitHub. One can also build the project by running mvn package
which
produces a binary at target/s3proxy
. S3Proxy requires Java 7 to run.
Linux and Mac OS X users can run S3Proxy via the executable jar:
chmod +x s3proxy
s3proxy --properties s3proxy.conf
Windows users must explicitly invoke java:
java -jar s3proxy --properties s3proxy.conf
Users can configure S3Proxy via a properties file. An example using Rackspace CloudFiles (based on OpenStack Swift) as the backing store:
s3proxy.endpoint=http://127.0.0.1:8080
s3proxy.authorization=aws-v2
s3proxy.identity=local-identity
s3proxy.credential=local-credential
jclouds.provider=rackspace-cloudfiles-us
jclouds.identity=remote-identity
jclouds.credential=remote-credential
Another example using the local file system as the backing store with anonymous access:
s3proxy.authorization=none
s3proxy.endpoint=http://127.0.0.1:8080
jclouds.provider=filesystem
jclouds.identity=identity
jclouds.credential=credential
jclouds.filesystem.basedir=/tmp
S3Proxy can listen on HTTPS by setting the secure-endpoint
and
configuring a keystore.
An example:
s3proxy.secure-endpoint=https://127.0.0.1:8080
s3proxy.keystore-path=keystore.jks
s3proxy.keystore-password=password
To setup the keystore, do
$ keytool -keystore keystore.jks -alias aws -genkey -keyalg RSA
Use *.s3.amazonaws.com
as the CN
if you wish to proxy
access to Amazon S3 itself. Applications will reject the self-signed
certificate, unless you import it to the application's trusted
store. If the application is written in Java, you can do:
$ keytool -exportcert -keystore keystore.jks -alias aws -rfc > aws.crt
$ keytool -keystore $JAVA_HOME/jre/lib/security/cacerts -import -alias aws -file aws.crt -trustcacerts
Users can also set other Java, jclouds, and S3Proxy properties.
S3Proxy does not support:
- POST uploads
- object metadata with filesystem provider on Mac OS X (OpenJDK issue)
- object server-side encryption
- object versioning
- XML ACLs
- Apache jclouds provides object store support for S3Proxy
- Ceph s3-tests help maintain and improve compatibility with the S3 API
- fake-s3 provides functionality similar to S3Proxy when using the filesystem provider
- Another project named s3proxy provides HTTP access to non-S3-aware applications
- SwiftProxy provides similar functionality for the OpenStack Swift API
Copyright (C) 2014-2015 Andrew Gaul
Licensed under the Apache License, Version 2.0