Mastodon接入B2对象存储

趣记博客
分类:

由于源站的存储限制,对于海量的外站缓存内容,无法存储大量的图片和视频,于是就要把这些附件存储在专业的对象存储平台上,例如backblazeb2,主要是最便宜。这是我的一个demo

采用nginx反代,方法如下。

创建一个域名,解析到反代服务器上。以下是nginx规则

server {
  listen 443 ssl http2;
  listen [::]:443 ssl http2;
  server_name files.xxx.xxx;
  root /var/www/html;


  ssl_protocols TLSv1.2 TLSv1.3;
  ssl_ciphers HIGH:!MEDIUM:!LOW:!aNULL:!NULL:!SHA;
  ssl_prefer_server_ciphers on;
  ssl_session_cache shared:SSL:10m;
  ssl_session_tickets off;

  # Uncomment these lines once you acquire a certificate:
   ssl_certificate     /etc/letsencrypt/live/files.xxx.xx/fullchain.pem;
   ssl_certificate_key /etc/letsencrypt/live/files.xxx.xx/privkey.pem;

   
  keepalive_timeout 30;

  location = / {
    index index.html;
  }

  location / {
    try_files $uri @s3;
  }

  set $s3_backend 'https://fxxx.backblazeb2.com/file/xxxx';
# 这个末尾要加上具体路径

  location @s3 {
    limit_except GET {
      deny all;
    }

    resolver 8.8.8.8;
    proxy_set_header Host xxxxx.backblazeb2.com;
    proxy_set_header Connection '';
    proxy_set_header Authorization '';
    proxy_hide_header Set-Cookie;
    proxy_hide_header 'Access-Control-Allow-Origin';
    proxy_hide_header 'Access-Control-Allow-Methods';
    proxy_hide_header 'Access-Control-Allow-Headers';
    proxy_hide_header x-amz-id-2;
    proxy_hide_header x-amz-request-id;
    proxy_hide_header x-amz-meta-server-side-encryption;
    proxy_hide_header x-amz-server-side-encryption;
    proxy_hide_header x-amz-bucket-region;
    proxy_hide_header x-amzn-requestid;
    proxy_ignore_headers Set-Cookie;
    proxy_pass $s3_backend$uri;
    proxy_intercept_errors off;

    proxy_cache CACHE;
    proxy_cache_valid 200 48h;
    proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
    proxy_cache_lock on;

    expires 1y;
    add_header Cache-Control public;
    add_header 'Access-Control-Allow-Origin' '*';
    add_header X-Cache-Status $upstream_cache_status;
    add_header X-Content-Type-Options nosniff;
    add_header Content-Security-Policy "default-src 'none'; form-action 'none'";
  }
}

然后 .env.production 配置文件代码加入

S3_ENABLED=true
S3_PROTOCOL=https
S3_BUCKET=xxxx
S3_REGION=eu-central-1
S3_HOSTNAME=s3.eu-central-003.backblazeb2.com
S3_ENDPOINT=https://s3.eu-central-003.backblazeb2.com
S3_ALIAS_HOST=files.xxxx.xx
AWS_ACCESS_KEY_ID=xxxxx
AWS_SECRET_ACCESS_KEY=xxxx

重启docker和nginx就可以了

阅读量:0