缘起
最近感觉OSS比较有意思,然后发现网上有一款开源的软件Minio,算是OSS技术的的开源实现吧,最近玩了一下。想搞一下Https访问,但是Minio官方文档里面实在没看太懂,就想曲线救国,用Nginx转发一下,本次记录做法和期间遇到的问题。
版本
Nginx 1.16.1
Minio RELEASE.2021-01-08T21:18:21Z
Java 1.8u255
Https 腾讯云申请的ssl证书
Minio Java客户端版本:
<dependency>
<groupId>io.minio</groupId>
<artifactId>minio</artifactId>
<version>8.0.3</version>
</dependency>
Nginx配置
上传腾讯云申请的ssl证书文件到服务器,Nginx的话上传解压后的nginx
文件夹下的1_xxx.key
和2_xxx.crt
文件
server{
listen 443 ssl;
server_name xxx.com;
ssl_certificate /home/certs/1_xxx.com.crt;
ssl_certificate_key /home/certs/2_xxx.com.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
# 下面这个顺序不要颠倒
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://localhost:9000;
# 下面这三个记得加上
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
上面配置了Nginx转发,重启Nginx后,https就生效了
Minio配置
下载minio二进制文件,在minio所在的文件夹执行:
./minio server /data
minio默认9000端口,记得不要占用这个端口 其它设置详细见minio文档。
java客户端
封装Minio上传文件方法:
@SneakyThrows //lombok的注解
public String uploadFile(InputStream inputStream, String bucket, String uploadFileName, String contentType,long size){
MinioClient minioClient = MinioClient.builder()
//endpoint是Minio的地址,443是ssl的端口,取决于上面Nginx配置的端口
//true是开启ssl连接
.endpoint(endPoint,443,true)
.credentials(accessKey,accessSecret)
.build();
minioClient.putObject(PutObjectArgs.builder().bucket(bucket)
.object(uploadFileName).stream(inputStream,size,-1).contentType(contentType).build());
return minioClient.getPresignedObjectUrl(GetPresignedObjectUrlArgs.builder()
.bucket(bucket).object(uploadFileName).method(Method.GET).build());
}
遇到错误:
request signature we calculated does not match the signature you provided. Check your key and signing method.
是https签名问题,解决此问题的方法是:
- Nginx配置中添加(上面已经给出提示):
proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- Java客户端添加ssl支持
至此,Minio借助Nginx实现Https访问MinioClient minioClient = MinioClient.builder() //endpoint是Minio的地址,443是ssl的端口,取决于上面Nginx配置的端口 //true是开启ssl连接 .endpoint(endPoint,443,true) .credentials(accessKey,accessSecret) .build();