项目实战环境:
操作系统:CentOS Linux release 7.9.2009 (Core)
Web服务器软件:nginx version: nginx/1.20.2
网盘程序:File Browser 2.20.1
nginx简介: Nginx (engine x) 是一个高性能的HTTP和反向代理web服务器,其特点是占有内存少,并发能力强,事实上nginx的并发能力在同类型的网页服务器中表现最好,国内使用nginx网站用户有:百度、京东、新浪、网易、腾讯、淘宝等。
1、Nginx源码编译、安装
[root@nginx ~]# yum update
[root@nginx ~]# cat /etc/redhat-release
CentOS Linux release 7.9.2009 (Core)
#下载nginx
[root@nginx ~]# wget http://nginx.org/download/nginx-1.20.2.tar.gz
[root@nginx ~]# tar -zxvf nginx-1.20.2.tar.gz
[root@nginx ~]# cd nginx-1.20.2/
[root@nginx ~/nginx-1.20.2]#
#安装软件依赖包
[root@nginx ~]# yum -y install make zlib zlib-devel gcc-c++ libtool openssl openssl-devel wget pcre pcre-devel git
#配置nginx环境
[root@nginx ~]#./configure --with-http_stub_status_module --with-http_ssl_module
#编译、安装nignx
[root@nginx ~]#make && make install
2、编写nginx启动脚本
[root@nginx /]# vim /etc/systemd/system/nginx.service
[Unit]
Description=The nginx HTTP and reverse proxy server
After=network.target remote-fs.target nss-lookup.target
[Service]
Type=forking
PIDFile=/usr/local/nginx/logs/nginx.pid
ExecStartPre=/usr/bin/rm -f /usr/local/nginx/logs/nginx.pid
ExecStartPre=/usr/local/nginx/sbin/nginx -t
ExecStart=/usr/local/nginx/sbin/nginx
ExecReload=/bin/kill -s HUP $MAINPID
KillSignal=SIGQUIT
TimeoutStopSec=5
KillMode=process
PrivateTmp=true
[Install]
WantedBy=multi-user.target
3、管理Nginx服务
[root@nginx /]# systemctl start nginx #启动nginx服务
[root@nginx /]# systemctl restart nginx #重新启动nginx服务
[root@nginx /]# systemctl reload nginx #重载nginx服务
[root@nginx /]# systemctl stop nginx #关闭nginx服务
[root@nginx /]# systemctl enable nginx #设置nginx服务开机自启动
[root@nginx ~]# systemctl disable nginx.service #取消开机启动
[root@nginx /]# systemctl status nginx #查看nginx服务运行状态
4、安装、配置网盘程序
1)安装网盘系统
[root@nginx /]# mkdir -p /data/share #上传数据存放位置
[root@nginx /]#tar -zxvf linux-amd64-filebrowser.tar.gz
[root@nginx /]#cp filebrowser /usr/sbin/
2)配置网盘系统
# filebrowser -d /data/fb/filebrowser.db config init
# filebrowser -d /data/fb/filebrowser.db config set --address 0.0.0.0
# filebrowser -d /data/fb/filebrowser.db config set --port 8088
# filebrowser -d /data/fb/filebrowser.db config set --locale zh-cn
# filebrowser -d /data/fb/filebrowser.db config set --log /var/log/filebrowser.log
3)设置登录用户名与密码
# filebrowser -d /data/fb/filebrowser.db users add admin sky9890 --perm.admin
ID Username Scope Locale V. Mode S.Click Admin Execute Create Rename Modify Delete Share Download Pwd Lock
1 admin . zh-cn list false true true true true true true true true false
4)设置共享数据目录
# filebrowser -d /data/fb/filebrowser.db config set --root /data/share
5、启动与管理网盘系统
1)手动启动
# nohup filebrowser -d /data/fb/filebrowser.db >/dev/null 2>&1 &
[2] 38844
# kill -9 $(pidof filebrowser) #停止网盘系统服务
#设置开机自动启动服务
# echo 'nohup filebrowser -d /data/fb/filebrowser.db >/dev/null 2>&1 &' >>/etc/rc.local
# chmod +x /etc/rc.d/rc.local
2)通过systemctl管理服务
[root@nginx ~]# vim /etc/systemd/system/fb.service
[root@nginx ~]# cat /etc/systemd/system/fb.service
[Unit]
Description=The filebrowser Process Manager
After=network.target
[Service]
Type=simple
ExecStart=/usr/sbin/filebrowser -d /data/fb/filebrowser.db
ExecStop=/bin/killall filebrowser
PrivateTmp=true
[Install]
WantedBy=multi-user.target
[root@nginx ~]# systemctl start fb.service #启动服务
[root@nginx ~]# systemctl restart fb.service #重启服务
[root@nginx ~]# systemctl stop fb.service #停止服务
[root@nginx ~]# systemctl status fb.service # 查看运行状态
[root@nginx ~]# systemctl enable fb.service #开机启动
[root@nginx ~]# systemctl disable fb.service #取消开机启动
● fb.service - The filebrowser Process Manager
Loaded: loaded (/etc/systemd/system/fb.service; enabled; vendor preset: disabled)
Active: inactive (dead) since 二 2022-08-09 15:16:38 CST; 18s ago
Process: 1520 ExecStop=/bin/killall filebrowser (code=exited, status=0/SUCCESS)
Process: 1500 ExecStart=/usr/sbin/filebrowser -d /data/fb/filebrowser.db (code=exited, status=0/SUCCESS)
Main PID: 1500 (code=exited, status=0/SUCCESS)
8月 09 15:15:54 nginx systemd[1]: Started The filebrowser Process Manager.
8月 09 15:15:54 nginx filebrowser[1500]: 2022/08/09 15:15:54 No config file used
8月 09 15:16:38 nginx systemd[1]: Stopping The filebrowser Process Manager...
8月 09 15:16:38 nginx systemd[1]: Stopped The filebrowser Process Manager.
[root@nginx ~]# systemctl start fb.service
6、部署nginx实现反向代理
要实现网盘安全稳定运行,我们还需要在网盘前端构建一个反向代理服务器,通过nginx屏蔽网盘系统直接暴露在网上,最大限度保障网盘安全。
[root@nginx ~]# vim /usr/local/nginx/conf/nginx.conf
# location / {
# root html;
# index index.html index.htm;
# }
location / {
proxy_pass http://192.168.10.10:8088;
proxy_set_header Host $proxy_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
#systemctl restart nginx.service
7、成功运行
#测试进程、查看端口,是否跑起来了
[root@nginx ~]# netstat -lntp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 1584/nginx: master
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 828/sshd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 958/master
tcp 0 0 0.0.0.0:5000 0.0.0.0:* LISTEN 1192/docker-proxy
tcp6 0 0 :::22 :::* LISTEN 828/sshd
tcp6 0 0 :::8088 :::* LISTEN 836/filebrowser
tcp6 0 0 ::1:25 :::* LISTEN 958/master
tcp6 0 0 :::5000 :::* LISTEN 1201/docker-proxy
[root@nginx ~]# lsof -i:8088
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
filebrows 836 root 7u IPv6 24374 0t0 TCP *:radan-http (LISTEN)
filebrows 836 root 9u IPv6 34968 0t0 TCP nginx:radan-http->192.168.10.1:31482 (ESTABLISHED)
filebrows 836 root 10u IPv6 36041 0t0 TCP nginx:radan-http->192.168.10.1:31512 (ESTABLISHED)
[root@nginx ~]# lsof -i:80
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
nginx 1584 root 6u IPv4 36208 0t0 TCP *:http (LISTEN)
nginx 1585 nobody 6u IPv4 36208 0t0 TCP *:http (LISTEN)
#现在通过nginx反向代理,保障了后端网盘系统的安全,但也会带来一些问题,例如,在网盘系统中上传大文件的时候,超过系统限制,如下错误:
#tail -n 1 error.log
2022/08/09 14:13:32 [error] 825#0: *33 client intended to send too large body: 13964472 bytes, client: 192.168.10.1, server: localhost, request: "POST /api/resources/01%20%E7%BD%91%E7%BB%9C%E5%AE%89%E5%85%A8%E5%85%A5%E9%97%A8%E6%8C%87%E5%8D%97202207.pdf?override=false HTTP/1.1", host: "192.168.10.10", referrer: "http://192.168.10.10/files/"
2022/08/09 15:26:09 [error] 825#0: *79 client intended to send too large body: 18416352 bytes, client: 192.168.10.1, server: localhost, request: "POST /api/resources/%E7%BD%91%E7%BB%9C%E5%AE%89%E5%85%A8%E5%85%A5%E9%97%A8%E6%8C%87%E5%8D%97.docx?override=false HTTP/1.1", host: "192.168.10.10", referrer: "http://192.168.10.10/files/"
在nginx配置文件nginx.conf中的http模块增加如下配置:
client_max_body_size 600m; #根据实际情况,设置上传文件大小。
小结:http://192.168.10.10:8088 http://192.168.10.10
最终实现了带端口和不带端口实现访问,后续可以配置域名访问、绑定SSL证书,实现https加密访问。