當前位置：首頁 > 运维知识 > Nginx >内容正文

Nginx

Aliyun OSS Nginx proxy module（阿里云OSS Nginx 签名代理模块）

發布時間：2024/8/26 Nginx 100 豆豆

生活随笔收集整理的這篇文章主要介紹了 Aliyun OSS Nginx proxy module（阿里云OSS Nginx 签名代理模块）小編覺得挺不錯的,現在分享給大家,幫大家做個參考.

1、此文章主要介紹內容

本文主要介紹怎樣利用Nginx lua 實現將阿里云OSS存儲空間做到同本地磁盤一樣使用。核心是利用Nginx lua 對OSS請求進行簽名并利用內部跳轉將全部訪問本地Nginx的請求加上OSS 簽名轉發給OSS，實現本地Nginx無縫銜接阿里云OSS，存儲空間無限擴展，存儲成本無限下降，數據安全%99.99…… 。

2、本篇文章使用到的一些工具技術及怎樣學習和獲取

1、lua

本文用到的都是一些主要的lua，基本上花半小時閱讀下lua的語法就能夠輕松理解本文內容

2、Nginx lua

主要是學習nginx lua 及環境部署，只是閱讀本文還不須要親自己主動手去學習及部署nginx lua 環境。讀者能夠從docker 官方鏡像源pull openresty 鏡像進行實驗。本文已openresty/1.7.7.2 作為實驗環境。

3、阿里云OSS

趕緊開通吧，用起來相當爽。一處存儲全球無限制訪問
https://www.aliyun.com/act/aliyun/ossdoc.html

4、參考博客

建議閱讀我的另外一篇博客。對深入理解OSS 及互聯網上提供的HTTP服務有更深刻的理解
http://blog.csdn.net/sunrain_chy/article/details/50804410

3、利用Nginx lua 實現請求簽名并轉發至OSS

Lua 簽名 code
注：此代碼并不是出自作者之手
oss_auth.lua

-- has been sorted in alphabetical order local signed_subresources = {'acl','append','bucketInfo','cname','commitTransition','comp','cors','delete','lifecycle','location','logging','mime','notification','objectInfo','objectMeta','partData','partInfo','partNumber','policy','position','referer','replication','replicationLocation','replicationProgress','requestPayment','response-cache-control','response-content-disposition','response-content-encoding','response-content-language','response-content-type','response-expires','restore','security-token','tagging','torrent','uploadId','uploads','versionId','versioning','versions','website' }function string.startswith(s, start)return string.sub(s, 1, string.len(start)) == start endlocal function get_canon_sub_resource()local args = ngx.req.get_uri_args()-- lower keyslocal keys = {}for k, v in pairs(args) dokeys[k:lower()] = vend-- make resource stringlocal s = ''local sep = '?'for i, k in ipairs(signed_subresources) dov = keys[k]if v then-- sub tablev = type(v) == 'table' and v[1] or vs = s .. string.format("%s%s=%s", sep, k, v)sep = '&'endendreturn s endlocal function get_canon_resource()resource = ''object = ngx.unescape_uri(ngx.var.uri)sub = get_canon_sub_resource() return string.format("/%s%s%s", ngx.var.oss_bucket, object, sub) end local function get_canon_headers()-- default: <lowerkey, value>local headers = ngx.req.get_headers()local keys = {}for k, v in pairs(headers) doif string.startswith(k, 'x-oss-') then-- client must assemble the same header keysif type(v) ~= 'string' then return nil endtable.insert(keys, k)endend-- sorted in alphabetical ordertable.sort(keys)for i, key in ipairs(keys) dokeys[i] = key .. ':' .. headers[key] .. '\n'endreturn table.concat(keys) endlocal function calc_sign(key, method, md5, type_, date, oss_headers, resource)-- string_to_sign:-- method + '\n' + content_md5 + '\n' + content_type + '\n'-- + date + '\n' + canonicalized_oss_headers + canonicalized_resourcelocal sign_str = string.format('%s\n%s\n%s\n%s\n%s%s',method, md5, type_,date, oss_headers, resource)ngx.log(ngx.ERR, "SignStr:", sign_str, "\n")local sign_result = ngx.encode_base64(ngx.hmac_sha1(key, sign_str))return sign_result, sign_str end local function oss_auth()-- ngx.log(ngx.INFO, 'auth')--local method = ngx.var.request_methodlocal method = ngx.req.get_method()local content_md5 = ngx.var.http_content_md5 or ''local content_type = ngx.var.http_content_type or ''-- get datelocal date = ngx.var.http_x_oss_date or ngx.var.http_date or ''if date == '' thendate = ngx.http_time(ngx.time())-- ngx.log(ngx.INFO, 'Date:', date)ngx.req.set_header('Date', date)endlocal resource = get_canon_resource()local canon_headers = get_canon_headers()local sign_result, sign_str = calc_sign(ngx.var.oss_auth_key, method, content_md5,content_type, date, canon_headers, resource)-- ngx.log(ngx.INFO, 'sign string:', sign_str)-- ngx.log(ngx.INFO, 'sign string len:', string.len(sign_str))local auth = string.format("OSS %s:%s", ngx.var.oss_auth_id, sign_result)ngx.req.set_header('Authorization', auth)ngx.exec("@oss") end -- main res = oss_auth()if res thenngx.exit(res) end

nginx.conf

server {listen 8000;proxy_http_version 1.1;proxy_buffering off;proxy_request_buffering off;location / {set $oss_bucket "your_oss_bucket";set $oss_auth_id "your_access_id";set $oss_auth_key "your_access_key";rewrite_by_lua_file "/path/oss_auth.lua";}# internal redirectlocation @oss {// endpoint eg: oss.aliyuncs.comproxy_pass http://your_oss_bucket.endpoint; }}

4、怎樣使用上述代碼

首先oss_auth.lua 無需做不論什么修改

nginx.conf 中須要將
your_oss_bucket 替換為阿里云OSS 的bucket名
your_access_id替換未AccessKeyId
your_access_key 替換為 AccessKeySecret

比如：

error_log logs/error.log debug; events {worker_connections 1024; } http {include mime.types;lua_package_path "/usr/servers/lualib/?.lua;";lua_package_cpath "/usr/servers/lualib/?.so;"; server {listen 80；location / {set $oss_bucket "bucket-example";set $oss_auth_id "za2127hbbsdhjal0ytocbzr";set $oss_auth_key "gMOG3o+HJdsgdHdpieCNMcsaH+Q=";rewrite_by_lua_file conf/lua/oss_auth.lua;}location @oss {proxy_pass http://bucket-example.oss-cn-qingdao.aliyuncs.com;}} }

轉載于:https://www.cnblogs.com/yangykaifa/p/7283085.html

總結

以上是生活随笔為你收集整理的Aliyun OSS Nginx proxy module（阿里云OSS Nginx 签名代理模块）的全部內容，希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網站內容還不錯，歡迎將生活随笔推薦給好友。

上一篇： ElasticStack系列之八 _s
下一篇： Nginx —— 检查配置文件ngi