diff --git a/File/Conf/minio-nginx-default-old.conf b/File/Conf/minio-nginx-default-old.conf new file mode 100644 index 0000000..11528be --- /dev/null +++ b/File/Conf/minio-nginx-default-old.conf @@ -0,0 +1,16 @@ +server { + listen 9000 ssl; + server_name localhost; # 这里替换自己的域名 + + client_max_body_size 1024m; # 限制上传文件大小 + + ssl_certificate /etc/nginx/conf.d/cert/tls.crt; + ssl_certificate_key /etc/nginx/conf.d/cert/tls.key; + + location / { + proxy_set_header X-FORWARDED-FOR $remote_addr; + proxy_set_header X-FORWARDED-PROTO $scheme; + proxy_set_header Host $http_host; + proxy_pass http://minio:9000; + } +} \ No newline at end of file diff --git a/File/Conf/minio-nginx-default.conf b/File/Conf/minio-nginx-default.conf new file mode 100644 index 0000000..c821fbc --- /dev/null +++ b/File/Conf/minio-nginx-default.conf @@ -0,0 +1,51 @@ +server { + listen 9000 ssl; + server_name localhost; + + # SSL配置 + ssl_certificate /etc/nginx/conf.d/cert/tls.crt; + ssl_certificate_key /etc/nginx/conf.d/cert/tls.key; + + # 文件大小限制 + client_max_body_size 1024m; + + # 基础安全设置 - 不会影响正常访问 + client_body_timeout 10s; + client_header_timeout 10s; + + # 只允许必要的HTTP方法(GET用于查看图片) + if ($request_method !~ ^(GET|HEAD|POST|PUT|DELETE|OPTIONS)$) { + return 405; + } + + # 阻止明显的恶意请求(不影响正常用户) + if ($http_user_agent ~* (nikto|sqlmap|nmap|masscan|metasploit|nessus|openvas)) { + return 403; + } + + location / { + # 连接超时设置 + proxy_connect_timeout 30s; + proxy_send_timeout 30s; + proxy_read_timeout 30s; + + # 代理设置 + proxy_set_header X-FORWARDED-FOR $remote_addr; + proxy_set_header X-FORWARDED-PROTO $scheme; + proxy_set_header Host $http_host; + + # 代理到MinIO + proxy_pass http://minio:9000; + + # 启用缓冲,提高图片加载性能 + proxy_buffering on; + proxy_buffer_size 128k; + proxy_buffers 4 256k; + + # 禁用代理缓冲中的最大临时文件大小限制 + proxy_max_temp_file_size 0; + } + + # 错误日志配置 + error_log /var/log/nginx/minio_error.log; +} diff --git a/File/Yaml/minio-gateway.yaml b/File/Yaml/minio-gateway.yaml new file mode 100644 index 0000000..ced0183 --- /dev/null +++ b/File/Yaml/minio-gateway.yaml @@ -0,0 +1,51 @@ + +apiVersion: apps/v1 +kind: Deployment +metadata: + namespace: minio + name: minio-gateway + labels: + app: minio-gateway +spec: + selector: + matchLabels: + app: minio-gateway + template: + metadata: + labels: + app: minio-gateway + spec: + hostNetwork: true + hostAliases: + - ip: "" #填入 Minio SVC IP + hostnames: + - "minio" + containers: + - name: minio-gateway + image: minio-gateway:v1.0 + imagePullPolicy: IfNotPresent + ports: + - containerPort: 9000 + protocol: TCP + readinessProbe: + failureThreshold: 3 + initialDelaySeconds: 5 + periodSeconds: 3 + successThreshold: 1 + tcpSocket: + port: 9000 + timeoutSeconds: 10 + resources: + requests: # 必须定义,供 HPA 计算使用率 + cpu: 100m # 例如:0.1 个 CPU 核心 + memory: 1024Mi + limits: # 限制是可选的,但建议设置 + cpu: 500m + memory: 2048Mi + volumeMounts: + - name: ssl + mountPath: "/etc/nginx/conf.d/cert/" + volumes: + - name: ssl + secret: + secretName: minio-ssl diff --git a/Helm/Helm部署Minio.md b/Helm/Helm部署Minio.md index 2cbe846..92296cf 100644 --- a/Helm/Helm部署Minio.md +++ b/Helm/Helm部署Minio.md @@ -87,47 +87,22 @@ helm install --namespace minio minio minio/minio -f minio-values.yaml ``` -6. 部署 Nginx 代理 +6. 下载 Nginx 配置文件 ```bash - vi default.conf - ``` - - 内容如下 - - ```nginx - server { - listen 9000 ssl; - server_name localhost; # 这里替换自己的域名 - - client_max_body_size 1024m; # 限制上传文件大小 - - ssl_certificate /etc/nginx/conf.d/cert/tls.crt; - ssl_certificate_key /etc/nginx/conf.d/cert/tls.key; - - location / { - proxy_set_header X-FORWARDED-FOR $remote_addr; - proxy_set_header X-FORWARDED-PROTO $scheme; - proxy_set_header Host $http_host; - proxy_pass http://minio:9000; - } - } + wget https://gitee.com/offends/Kubernetes/raw/main/File/Conf/minio-nginx-default.conf ``` 7. 编辑 Dockerfile - ```bash - vi Dockerfile - ``` - - 内容如下 - ```dockerfile + cat > Dockerfile <