使用nginx + minio + imageproxy 搭建私有图床

MinIO 是一个基于Apache License v2.0开源协议的对象存储服务。它兼容亚马逊S3云存储服务接口,非常适合于存储大容量非结构化的数据,例如图片、视频、日志文件、备份数据和容器/虚拟机镜像等,而一个对象文件可以是任意大小,从几kb到最大5T不等。

图床的基础是Minio, 但minio并不提供图片缩略和裁剪功能,所以还需要用到Imageproxy和Nginx。

基于Docker安装更方便,但是不是很想用Docker,所以采用了编译安装。

编译安装nginx

安装第三方依赖:

yum -y install gcc gcc-c++ automake pcre pcre-devel zlib zlib-devel openssl openssl-devel

创建nginx用户:

groupadd nginx
useradd nginx -g nginx -s /sbin/nologin -M

从官方下载nginx源码包并解压:

wget https://nginx.org/download/nginx-1.17.0.tar.gz
tar -zxvf nginx-1.17.0.tar.gz
cd nginx-1.17.0

配置nginx

./configure --prefix=/usr/local/nginx --conf-path=/usr/local/nginx/conf/nginx.conf --error-log-path=/var/log/nginx/error.log --modules-path=/usr/lib64/nginx/modules --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --user=nginx --group=nginx --with-http_ssl_module --with-http_v2_module --with-http_dav_module --with-http_stub_status_module --with-threads --with-file-aio --with-http_gzip_static_module

安装

make && make install

配置管理,这里是centos7:

vim /usr/lib/systemd/system/nginx.service

输入以下

[Unit]
Description=The NGINX HTTP and reverse proxy server
After=syslog.target network.target remote-fs.target nss-lookup.target

[Service]
Type=forking
PIDFile=/var/run/nginx.pid
ExecStartPre=/usr/local/nginx/sbin/nginx -t
ExecStart=/usr/local/nginx/sbin/nginx
ExecReload=/usr/local/nginx/sbin/nginx -s reload
ExecStop=/bin/kill -s QUIT $MAINPID
PrivateTmp=true

[Install]
WantedBy=multi-user.target

启用nginx服务并设置为开机启动:

systemctl daemon-reload
systemctl start nginx.service
systemctl enable nginx.service

安装minio

直接下载minio的二进制包就可以直接使用:

cd /usr/local/bin
wget https://dl.min.io/server/minio/release/linux-amd64/minio
chmod +x minio

为minio创建本地存储位置:

mkdir -p /storage

编辑minio服务器配置,其中9159是服务端口,MINIO_ACCESS_KEY是访问秘钥,MINIO_SECRET_KEY是加密秘钥:

cat <<EOT >> /etc/default/minio
\# miinio存储名
MINIO_REGION_NAME=xman
\# minio存储卷.
MINIO_VOLUMES=/storage
\# 自定义MinIo管理.
MINIO_OPTS="--address :9159"
\# 服务器Access Key.
MINIO_ACCESS_KEY=admin
\# 服务器Secret key.
MINIO_SECRET_KEY=123456789
EOT

创建minio管理:

cd /etc/systemd/system/
curl -O https://raw.githubusercontent.com/minio/minio-service/master/linux-systemd/distributed/minio.service

注意修改其中的用户及群组

启用minio服务并设置开机启动

systemctl daemon-reload
systemctl start minio.service
systemctl enable minio.service

安装imageproxy

安装go

imageproxy是go编写的一款图片缩放裁剪代理程序,所以要先安装golang环境:

下载go并解压

wget https://golang.google.cn/dl/go1.15.6.linux-amd64.tar.gz
tar -zxvf go1.15.6.linux-amd64.tar.gz

将go加入系统环境:

vim /etc/profile

在文件尾部输入:

#golang env config
export GO111MODULE=on
export GOROOT=/usr/local/go 
export GOPATH=/home/gopath
export PATH=$PATH:$GOROOT/bin:$GOPATH/bin

执行:

source /etc/profile

立即启用go

安装Aws cli
imageproxy需要 aws s3的支持,所以需要安装 aws cli

使用pip安装最新版本

yum -y install epel-release
yum -y install python-pip
pip install awscli

安装完成需要进行配置

aws configure

按照提示输入

AWS Access Key ID [None]: Q3AM3UQ867SPQQA43P2F  # 输入刚才设置的MINIO_ACCESS_KEY
AWS Secret Access Key [None]: zuf+tfteSlswRu7BJ86wekitnifILbZam1KYY3TG # 输入刚才设置的MINIO_SECRET_KEY
Default region name [None]: us-east-1  #输入这个就可以
Default output format [None]: 回车默认就介意
aws configure set default.s3.signature_version s3v4

配置成功后,使用aws创建存储桶以验证配置是否正确,也未下一步做准备:
创建存储桶:

aws --endpoint-url http://127.0.0.1:9159 s3 mb s3:/imageproxy

安装imageproxy
直接通过go安装:

go get willnorris.com/go/imageproxy/cmd/imageproxy

安装完成后配置管理

vim /etc/systemd/system/imageproxy.service

输入以下内容:

[Unit]
Description=ImageProxy
Documentation=https://github.com/willnorris/imageproxy
Wants=network-online.target
After=network-online.target
AssertFileIsExecutable=/usr/local/bin/minio

[Service]
WorkingDirectory=/usr/local

User=root
Group=root

EnvironmentFile=-/etc/default/minio
ExecStartPre=/bin/bash -c "if [ -z \"${MINIO_ACCESS_KEY}\" ]; then echo \"Variable MINIO_ACCESS_KEY not set in /etc/default/minio\"; exit 1; fi"
ExecStartPre=/bin/bash -c "if [ -z \"${MINIO_SECRET_KEY}\" ]; then echo \"Variable MINIO_SECRET_KEY not set in /etc/default/minio\"; exit 1; fi"

ExecStart=/home/gopath/imageproxy  -cache "s3://us-east-1/imageproxy/thumbnail?endpoint=127.0.0.1:9159&disableSSL=1&s3ForcePathStyle=1" -addr 0.0.0.0:8001

# Let systemd restart this service always
Restart=always

# Specifies the maximum file descriptor number that can be opened by this process
LimitNOFILE=65536

# Disable timeout logic and wait until process is stopped
TimeoutStopSec=infinity
SendSIGKILL=no

[Install]
WantedBy=multi-user.target

# Built for ${project.name}-${project.version} (${project.name})

启用imageproxy并设置开机启动:

systemctl daemon-reload
systemctl start imageproxy.service
systemctl enable imageproxy.service

配置nginx反代

imageproxy和minio都提供对外的web服务,但要将二者结合就最好使用nginx反代。

服务器配置如下

server {
    listen 80;

    server_name youdomian.com;

    location ~ /thumb/ {
        rewrite ^/(?i)thumb(.*) $1 break;
        add_header Access-Control-Allow-Origin *;
        add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS";
        proxy_set_header Host $proxy_host;
        proxy_set_header X-Forwarded-For  $proxy_add_x_forwarded_for;
        proxy_pass http://127.0.0.1:8001;
    }

    location ~ /ImageView/ {
        rewrite ^(.*)/(?i)ImageView/(.*) /$2/http://127.0.0.1:9159$1 break;
        add_header Access-Control-Allow-Origin *;
        add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS";
        proxy_set_header Host $proxy_host;
        proxy_set_header X-Forwarded-For  $proxy_add_x_forwarded_for;
        proxy_pass http://127.0.0.1:8001;
    }

    location / {
        proxy_set_header Host $http_host;
        proxy_pass http://127.0.0.1:9159;
    }
}

使用

访问
http://youdomain.com/test/2.jpeg
这是直接反代到minio的

访问
http://youdomian.com/test/2.jpeg/ImageView/100
这是先反代到imageproxy, 再缩略缓存至minio的方式

访问
http://youdomian.com/thumb/100/http://youdomain.com/test/2.jpeg
这是先反代到imageproxy, 再缩略缓存至minio的方式, 和上面的方式的区别在于这是imageproxy原反代方式, 而且可以反代非minio外部站点的url

发表回复

您的电子邮箱地址不会被公开。