最近系统全面升级到https,之前AmazonS3大文件分片上传直接使用http://ip:9000访问minio的方式已然行不通,https服务器访问http资源会报Mixed Content混合内容错误。
一般有两种解决方案,一是升级minio服务,配置ssl证书,支持https直接访问。另一种是使用现有的https证书配置nginx代理访问minio服务。
我采用的是第二种。
1. application.yml 配置文件:
# minio文件上传minio:minioUrl: http://localhost:9000minioName: adminminioPass: Aa1234adminbucketName: exam-buckets3Endpoint: https://www.farling.coms3Endpoint作为 AmazonS3访问minio的地址。
2. 客户端配置如下:
import com.amazonaws.ClientConfiguration;
import com.amazonaws.Protocol;
import com.amazonaws.auth.AWSCredentials;
import com.amazonaws.auth.AWSStaticCredentialsProvider;
import com.amazonaws.auth.BasicAWSCredentials;
import com.amazonaws.client.builder.AwsClientBuilder;
import com.amazonaws.regions.Regions;
import com.amazonaws.services.s3.AmazonS3;
import com.amazonaws.services.s3.AmazonS3ClientBuilder;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;@Configuration
public class AmazonS3Config {@Value(value = "${jeecg.minio.s3Endpoint}")private String endpoint;@Value(value = "${jeecg.minio.minioName}")private String minioName;@Value(value = "${jeecg.minio.minioPass}")private String minioPass;@Bean(name = "amazonS3Client")public AmazonS3 amazonS3Client() {//设置连接时的参数ClientConfiguration config = new ClientConfiguration();//设置连接方式,可选参数为HTTP和HTTPSconfig.setProtocol(endpoint.startsWith("https:") ? Protocol.HTTPS : Protocol.HTTP);//设置网络访问超时时间config.setConnectionTimeout(5000);config.setUseExpectContinue(true);AWSCredentials credentials = new BasicAWSCredentials(minioName, minioPass);//设置EndpointAwsClientBuilder.EndpointConfiguration endPoint = new AwsClientBuilder.EndpointConfiguration(endpoint, Regions.US_EAST_1.name());AmazonS3 amazonS3 = AmazonS3ClientBuilder.standard().withClientConfiguration(config).withCredentials(new AWSStaticCredentialsProvider(credentials)).withEndpointConfiguration(endPoint).withPathStyleAccessEnabled(true).build();return amazonS3;}}
3. nginx配置文件增加如下内容:
server {listen 443 ssl; server_name www.farling.com; ssl_certificate /home/ssl/www.farling.com_bundle.crt; ssl_certificate_key /home/ssl/www.farling.com.key; ssl_session_timeout 5m;ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE; ssl_prefer_server_ciphers on;location ^~ /exam-bucket {proxy_buffering off;proxy_request_buffering off;proxy_set_header Host $http_host;proxy_set_header X-Real-IP $remote_addr;proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;proxy_set_header X-Forwarded-Proto $scheme;proxy_http_version 1.1;proxy_set_header Connection "";chunked_transfer_encoding off;proxy_pass http://localhost:9000;client_max_body_size 1024m;}}exam-bucket为minio的桶。 表示以exam-bucket桶开头的https请求都转发到minio。为什么要这样设置呢,因为AmazonS3客户端请求会带上bucketName。
)
)
显示器)
—— 筑梦之路)
)
