Nginx: proxy remote content

I'm trying to create a proxy that would load images from remote sites. The reason for this is to enable secure content to be loaded on our end even though the URLs are unsecured (which breaks our SSL badge).

Basically, if I request https://proxy.app.com/?url=http://www.google.lt/images/nav_logo242_hr.png

It would send the image via secure connection back to our users.

So far I've come up with:

server {
    listen 80;
    listen 443 ssl;
    server_name proxy.app.com;
    charset utf-8;

    location /?url=(.*) {
        proxy_pass $1;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }
...
}

But it returns the default Nginx page. What am I doing wrong? Is this at all possible? I don't want to use a server side language for this.


Ok, I figured it out.

I ended up with:

server {
    listen 80;
    listen 443 ssl;
    server_name proxy.example.com;

    charset utf-8;

    location @error {
        return 404;
    }

    location / {
        # only allow GET requests
        if ($request_method != GET) {
            return 404;
        }

        # do not allow empty urls
        if ($arg_uri = "") {
            return 404;
        }

        # do not allow non-app request origin
        valid_referers none blocked *.example.com;
        if ($invalid_referer) {
            return 403;
        }

        resolver 8.8.8.8;
        proxy_intercept_errors on;
        proxy_pass $arg_uri;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

        error_page 500 = @error;
    }

    location = /favicon.ico { access_log off; log_not_found off; }
    location = /robots.txt  { access_log off; log_not_found off; }

    access_log off;
    error_log  /var/log/nginx/example.com-error.log error;

    sendfile off;

    client_max_body_size 100m;

    ssl_certificate     /etc/nginx/ssl/example.com.crt;
    ssl_certificate_key /etc/nginx/ssl/example.com.key;
}