修改Minio文档

2025-12-25 15:19:16 +08:00
parent c33e9109e0
commit d975566e4b
4 changed files with 126 additions and 82 deletions
--- a/File/Conf/minio-nginx-default-old.conf
+++ b/File/Conf/minio-nginx-default-old.conf
@@ -0,0 +1,16 @@
+server {
+    listen       9000 ssl;
+    server_name  localhost; # 这里替换自己的域名
+
+    client_max_body_size 1024m; # 限制上传文件大小
+
+    ssl_certificate     /etc/nginx/conf.d/cert/tls.crt; 
+    ssl_certificate_key /etc/nginx/conf.d/cert/tls.key;
+
+    location / {
+                    proxy_set_header    X-FORWARDED-FOR $remote_addr;
+                    proxy_set_header    X-FORWARDED-PROTO $scheme;
+                    proxy_set_header    Host   $http_host;
+                    proxy_pass          http://minio:9000;
+    }
+}
--- a/File/Conf/minio-nginx-default.conf
+++ b/File/Conf/minio-nginx-default.conf
@@ -0,0 +1,51 @@
+server {
+    listen       9000 ssl;
+    server_name  localhost;
+
+    # SSL配置
+    ssl_certificate     /etc/nginx/conf.d/cert/tls.crt; 
+    ssl_certificate_key /etc/nginx/conf.d/cert/tls.key;
+    
+    # 文件大小限制
+    client_max_body_size 1024m;
+    
+    # 基础安全设置 - 不会影响正常访问
+    client_body_timeout 10s;
+    client_header_timeout 10s;
+    
+    # 只允许必要的HTTP方法（GET用于查看图片）
+    if ($request_method !~ ^(GET|HEAD|POST|PUT|DELETE|OPTIONS)$) {
+        return 405;
+    }
+    
+    # 阻止明显的恶意请求（不影响正常用户）
+    if ($http_user_agent ~* (nikto|sqlmap|nmap|masscan|metasploit|nessus|openvas)) {
+        return 403;
+    }
+    
+    location / {
+        # 连接超时设置
+        proxy_connect_timeout 30s;
+        proxy_send_timeout 30s;
+        proxy_read_timeout 30s;
+        
+        # 代理设置
+        proxy_set_header    X-FORWARDED-FOR $remote_addr;
+        proxy_set_header    X-FORWARDED-PROTO $scheme;
+        proxy_set_header    Host   $http_host;
+        
+        # 代理到MinIO
+        proxy_pass          http://minio:9000;
+        
+        # 启用缓冲，提高图片加载性能
+        proxy_buffering on;
+        proxy_buffer_size 128k;
+        proxy_buffers 4 256k;
+        
+        # 禁用代理缓冲中的最大临时文件大小限制
+        proxy_max_temp_file_size 0;
+    }
+    
+    # 错误日志配置
+    error_log /var/log/nginx/minio_error.log;
+}
--- a/File/Yaml/minio-gateway.yaml
+++ b/File/Yaml/minio-gateway.yaml
@@ -0,0 +1,51 @@
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  namespace: minio
+  name: minio-gateway
+  labels:
+    app: minio-gateway
+spec:
+  selector:
+    matchLabels:
+      app: minio-gateway
+  template:
+    metadata:
+      labels:
+        app: minio-gateway
+    spec:
+      hostNetwork: true
+      hostAliases:
+      - ip: "" #填入 Minio SVC IP
+        hostnames:
+        - "minio"
+      containers:
+        - name: minio-gateway
+          image: minio-gateway:v1.0
+          imagePullPolicy: IfNotPresent
+          ports:
+            - containerPort: 9000
+              protocol: TCP
+          readinessProbe:
+            failureThreshold: 3
+            initialDelaySeconds: 5
+            periodSeconds: 3
+            successThreshold: 1
+            tcpSocket:
+              port: 9000
+            timeoutSeconds: 10
+          resources:
+            requests:        # 必须定义，供 HPA 计算使用率
+              cpu: 100m      # 例如：0.1 个 CPU 核心
+              memory: 1024Mi
+            limits:          # 限制是可选的，但建议设置
+              cpu: 500m
+              memory: 2048Mi
+          volumeMounts:
+            - name: ssl
+              mountPath: "/etc/nginx/conf.d/cert/"
+      volumes:
+        - name: ssl
+          secret:
+            secretName: minio-ssl