使用nginx代理Minio端口
minio默认开放两个端口,一个时9090为可视化控制台端口,可以访问web端,一个时9000为API端口,通过外链或者SDK调用API的时候则需要用到这个端口。正常通过http直接调用这两个端口都是正常的。
需求
- 使用https访问公共库的资源。
-
通过https上传图片。
前置条件
-
已安装nginx
-
已安装minio
-
拥有可访问的域名
-
ssl证书
编写nginx配置文件
upstream minio-s3-api {
server 127.0.0.1:9000 max_fails=60 fail_timeout=60s;
}
upstream minio-admin {
server 127.0.0.1:9090 max_fails=60 fail_timeout=60s;
}
server{
listen 4430 ssl;
server_name www.xxxxx.com; #替换成你自己的域名
ssl_certificate xxxxx.crt; #替换成你自己的证书绝对路径
ssl_certificate_key xxxxx.key; #替换成你自己的证书私钥绝对路径
ssl_session_timeout 10m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
ssl_prefer_server_ciphers on;
location / {
proxy_set_header Host http_host;
proxy_set_header X-Real-IPremote_addr;
proxy_set_header X-Forwarded-For proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Protoscheme;
proxy_set_header X-NginX-Proxy true;
real_ip_header X-Real-IP;
proxy_connect_timeout 300;
proxy_http_version 1.1;
proxy_set_header Upgrade http_upgrade;
proxy_set_header Connection "upgrade";
chunked_transfer_encoding off;
proxy_pass http://minio-s3-api;
}
}
server{
listen 4431 ssl;
server_name www.xxxxx.com; #替换成你自己的域名
ssl_certificate xxxxx.crt; #替换成你自己的证书绝对路径
ssl_certificate_key xxxxx.key; #替换成你自己的证书私钥绝对路径
ssl_session_timeout 10m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
ssl_prefer_server_ciphers on;
location / {
proxy_set_header Hosthttp_host;
proxy_set_header X-Real-IP remote_addr;
proxy_set_header X-Forwarded-Forproxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto scheme;
proxy_set_header X-NginX-Proxy true;
real_ip_header X-Real-IP;
proxy_connect_timeout 300;
proxy_http_version 1.1;
proxy_set_header Upgradehttp_upgrade;
proxy_set_header Connection "upgrade";
chunked_transfer_encoding off;
proxy_pass http://minio-admin;
}
}
配置生效
sudo service nginx reload
关键配置
红框部分为关键配置,如果缺失会导致异常
- 控制台无法查看对象详情
-
使用API上传图片失败(SignatureDoesNotMatch)
