最近系统全面升级到https,之前AmazonS3大文件分片上传直接使用http://ip:9000访问minio的方式已然行不通,https服务器访问http资源会报Mixed Content混合内容错误。
一般有两种解决方案,一是升级minio服务,配置ssl证书,支持https直接访问。另一种是使用现有的https证书配置nginx代理访问minio服务。
我采用的是第二种。
1. application.yml 配置文件:
# minio文件上传
minio:
minioUrl: http://localhost:9000
minioName: admin
minioPass: Aa1234admin
bucketName: exam-bucket
s3Endpoint: https://www.farling.coms3Endpoint作为 AmazonS3访问minio的地址。
2. 客户端配置如下:
import com.amazonaws.ClientConfiguration;
import com.amazonaws.Protocol;
import com.amazonaws.auth.AWSCredentials;
import com.amazonaws.auth.AWSStaticCredentialsProvider;
import com.amazonaws.auth.BasicAWSCredentials;
import com.amazonaws.client.builder.AwsClientBuilder;
import com.amazonaws.regions.Regions;
import com.amazonaws.services.s3.AmazonS3;
import com.amazonaws.services.s3.AmazonS3ClientBuilder;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
@Configuration
public class AmazonS3Config {
@Value(value = "${jeecg.minio.s3Endpoint}")
private String endpoint;
@Value(value = "${jeecg.minio.minioName}")
private String minioName;
@Value(value = "${jeecg.minio.minioPass}")
private String minioPass;
@Bean(name = "amazonS3Client")
public AmazonS3 amazonS3Client() {
//设置连接时的参数
ClientConfiguration config = new ClientConfiguration();
//设置连接方式,可选参数为HTTP和HTTPS
config.setProtocol(endpoint.startsWith("https:") ? Protocol.HTTPS : Protocol.HTTP);
//设置网络访问超时时间
config.setConnectionTimeout(5000);
config.setUseExpectContinue(true);
AWSCredentials credentials = new BasicAWSCredentials(minioName, minioPass);
//设置Endpoint
AwsClientBuilder.EndpointConfiguration endPoint = new AwsClientBuilder.EndpointConfiguration(endpoint, Regions.US_EAST_1.name());
AmazonS3 amazonS3 = AmazonS3ClientBuilder.standard()
.withClientConfiguration(config)
.withCredentials(new AWSStaticCredentialsProvider(credentials))
.withEndpointConfiguration(endPoint)
.withPathStyleAccessEnabled(true).build();
return amazonS3;
}
}
3. nginx配置文件增加如下内容:
server {
listen 443 ssl;
server_name www.farling.com;
ssl_certificate /home/ssl/www.farling.com_bundle.crt;
ssl_certificate_key /home/ssl/www.farling.com.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
ssl_prefer_server_ciphers on;
location ^~ /exam-bucket {
proxy_buffering off;
proxy_request_buffering off;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_http_version 1.1;
proxy_set_header Connection "";
chunked_transfer_encoding off;
proxy_pass http://localhost:9000;
client_max_body_size 1024m;
}
}exam-bucket为minio的桶。 表示以exam-bucket桶开头的https请求都转发到minio。为什么要这样设置呢,因为AmazonS3客户端请求会带上bucketName。
