腾讯云COS对象存储 私有读 代理支持与配置说明
集成私有读类型的存储桶,依赖版本 >= v0.20.0
业务流程图
graph TD;
subgraph "Cos private-read";
user --> |HTTP| gateway
gateway --> |?imageView| imageproxy-server
gateway --> |HTTP| s3-proxy
imageproxy-server --> |HTTP| s3-proxy
s3-proxy --> |HTTP-签名认证| Cos(cos)
subgraph Cos;
space;
widget;
public;
develop;
end
end1. s3-proxy组件安装配置
This is a reverse proxy for AWS S3, which is able to provide basic authentication as well ,官网地址:https://hub.docker.com/r/pottava/s3-proxy
k8s版本安装配置文件s3-proxy.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: s3-proxy
namespace: vika-app
labels:
app: s3-proxy
spec:
replicas: 2
selector:
matchLabels:
app: s3-proxy
template:
metadata:
labels:
app: s3-proxy
spec:
containers:
- name: s3-proxy
image: pottava/s3-proxy
ports:
- containerPort: 80
protocol: TCP
env:
#替换为项目真实配置
- name: AWS_S3_BUCKET
value: vk-assets-ltd
- name: AWS_ACCESS_KEY_ID
value: admin
- name: AWS_SECRET_ACCESS_KEY
value: 73VyYWygp7VakhRC6hTf #
- name: AWS_API_ENDPOINT
value: http://minio.vika-app:9000
- name: AWS_REGION
value: us-east-1
resources: {}
imagePullPolicy: IfNotPresent
restartPolicy: Always
terminationGracePeriodSeconds: 30
dnsPolicy: ClusterFirst
securityContext: {}
schedulerName: default-scheduler
strategy:
type: RollingUpdate
rollingUpdate:
maxUnavailable: 25%
maxSurge: 25%
revisionHistoryLimit: 10
progressDeadlineSeconds: 600
---
apiVersion: v1
kind: Service
metadata:
name: s3-proxy
namespace: vika-app
spec:
ports:
- protocol: TCP
port: 80
targetPort: 80
selector:
app: s3-proxy
type: ClusterIP
sessionAffinity: None
ipFamilyPolicy: SingleStack
internalTrafficPolicy: Cluster安装方法
kubectl apply -f s3-proxy.yaml -n vika-app网关配置接入示例
location /vk-assets-ltd {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_connect_timeout 300;
# enable cache
proxy_cache cache_one;
proxy_cache_valid 200 302 3h;
proxy_cache_valid any 1m;
chunked_transfer_encoding off;
proxy_pass http://imageproxy-server;
set $isNotPreview 1;
if ( $args !~* ^imageView ){
set $isNotPreview 1$request_method;
}
if ( $isNotPreview = 1GET ){
rewrite /vk-assets-ltd/(.*) /$1 break;
proxy_pass http://s3-proxy;
}
if ( $request_method = PUT ){
proxy_pass http://minio.vika-app:9000;
}
}注意:需要替换桶路径vk-assets-ltd
2. K8S - cos 配置
示例参数,根据实现情况修改
桶: vikadata-1254196833
区域: ap-guangzhou
config:
custom:
openresty_server_config: |
location /vikadata-1254196833 {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_connect_timeout 300;
# enable cache
proxy_cache cache_one;
proxy_cache_valid 200 302 3h;
proxy_cache_valid any 1m;
chunked_transfer_encoding off;
proxy_pass http://imageproxy-server;
set $isNotPreview 1;
if ( $args !~* ^imageView ){
set $isNotPreview 1$request_method;
}
if ( $isNotPreview = 1GET ){
rewrite /vikadata-1254196833/(.*) /$1 break;
proxy_pass http://s3-proxy;
}
# for minio private
#if ( $request_method = PUT ){
# proxy_pass http://minio.vika-app:9000;
#}
}
backend_server:
OSS_CLIENT_TYPE: "aws"
AWS_ACCESS_KEY: "替换secretid"
AWS_ACCESS_SECRET: "替换secretKey"
AWS_ENDPOINT: "https://cos.ap-guangzhou.myqcloud.com"
AWS_REGION: "ap-guangzhou"
ASSETS_LTD_URL: "vikadata-1254196833"
ASSETS_LTD_BUCKET: "vikadata-1254196833"
ASSETS_URL: "vikadata-1254196833"
ASSETS_BUCKET: "vikadata-1254196833"
room_server:
OSS_HOST: "/vikadata-1254196833"
fusion_server:
OSS_HOST: "/vikadata-1254196833"
nest_rest_server:
OSS_HOST: "/vikadata-1254196833"
imageproxy_server:
BASEURL: http://s3-proxy
init_data:
minio:
host: "cos.ap-guangzhou.myqcloud.com"
port: 443
accessKey: "替换secretid"
schema: https
secretKey: "替换secretKey"
bucket: vikadata-12541968333.更新init-settings 镜像
涉及key如下
QNY1=/vikadata-1254196833
QNY2=/vikadata-1254196833
QNY3=/vikadata-1254196833