通過(guò)反向代理實(shí)現(xiàn)特定場(chǎng)景下OBS對(duì)象存儲(chǔ)資源的訪問(wèn)

1??????背景：

·?????有防火墻的或希望使用固定IP方式訪問(wèn)OBS的客戶(hù):

華為云OBS? 是基于Restful API對(duì)外提供服務(wù)。一般情況下終端用戶(hù)會(huì)通過(guò)OBS服務(wù)默認(rèn)的域名或者綁定的自定義域名來(lái)訪問(wèn)（ex：https：//bucket.obs.cn-north-1.myhuaweicloud.com）?。這樣就可以進(jìn)行服務(wù)訪問(wèn)了，但是華為云OBS出于安全保護(hù)考慮，桶對(duì)應(yīng)的域名通過(guò)DNS解析的IP是會(huì)發(fā)生變化的。所以，您無(wú)法獲取某個(gè)Bucket對(duì)應(yīng)的長(zhǎng)期有效IP地址。但是在一些企業(yè)公司，也同樣出于安全考慮對(duì)于可訪問(wèn)的外部地址需要設(shè)置黑白名單，而這個(gè)時(shí)候?qū)τ贠BS的訪問(wèn)則需要一個(gè)固定的IP。

·?????客戶(hù)希望從OBS下載對(duì)象按照帶寬來(lái)使用和計(jì)費(fèi)：

在使用 華為云OBS作為網(wǎng)站?網(wǎng)盤(pán)等數(shù)據(jù)源提供數(shù)據(jù)下載能力時(shí)候，OBS 當(dāng)前是基于流量進(jìn)行計(jì)費(fèi)，在經(jīng)常性下載使用情況下，費(fèi)用過(guò)高。那么這個(gè)時(shí)候可以使用ECS購(gòu)買(mǎi)固定帶寬的EIP，通過(guò)此ECS在內(nèi)網(wǎng)從OBS下載數(shù)據(jù)再代理下載至終端用戶(hù)。

·?????客戶(hù)使用專(zhuān)線條件下，解決內(nèi)網(wǎng)訪問(wèn)可能出現(xiàn)的地址沖突：

部分專(zhuān)屬云客戶(hù)或者使用專(zhuān)線客戶(hù)在將線下IDC和線上公有云打通訪問(wèn)OBS時(shí)候，可能因?yàn)镮DC的內(nèi)網(wǎng)地址規(guī)劃為100.125.0.0/16,此時(shí)會(huì)和OBS服務(wù)在內(nèi)網(wǎng)訪問(wèn)地址100.125.0.0/16產(chǎn)生沖突；這個(gè)時(shí)候訪問(wèn)OBS通過(guò)一個(gè)代理則可以解決此類(lèi)問(wèn)題。

2??????基于ECS搭建反向代理訪問(wèn)OBS

2.1??????業(yè)務(wù)原理圖

為了有效的解決上述三個(gè)問(wèn)題，我們可以通過(guò)搭建一個(gè)反向代理服務(wù)器/集群來(lái)實(shí)現(xiàn)。其業(yè)務(wù)邏輯圖如下：

2.2??????環(huán)境搭建

下面我們使用Nginx+ECS實(shí)現(xiàn)一個(gè)反向代理來(lái)訪問(wèn)OBS：

1.?????????確定桶所在的Region和桶域名如：?obs-training.obs.cn-north-1.myhuaweicloud.com，Region為華北一（cn-north-1）；

2.?????????在同一Region創(chuàng)建ECS，創(chuàng)建ELB（可選，當(dāng)需要提高訪問(wèn)的可靠性或者需要提高代理訪問(wèn)的處理性能時(shí)候可以創(chuàng)建多個(gè)ECS并使用ELB）;

3.?????????在ECS上部署Nginx并配置反向代理。

2.2.1??????????????在ECS上安裝Nginx

l??前提：

1.?????????已經(jīng)完成ECS的創(chuàng)建，操作系統(tǒng)為L(zhǎng)inux；本文以CentOS系統(tǒng)舉例

2.?????????ECS上有申請(qǐng)EIP。用于從公網(wǎng)下載必要的安裝包

l??安裝Nginx

yum?-y?install?nginx

默認(rèn)的安裝位置如下：

/usr/sbin/nginx??????#運(yùn)行程序位置 /etc/nginx/nginx.conf???#主配置文件所在位置 /usr/share/nginx?????#存放靜態(tài)文件? /var/log/nginx/?????#存放日志,里面有access.log和?error.log

l??配置Nginx

1.?打開(kāi)Nginx配置文件，處于可編輯狀態(tài)

vi?/etc/nginx/nginx.conf

2.?在配置文件中填寫(xiě)?如下內(nèi)容：

#?For?more?information?on?configuration,?see: #???*?Official?English?Documentation:?http://nginx.org/en/docs/ #???*?Official?Russian?Documentation:?http://nginx.org/ru/docs/ user?nginx; worker_processes?auto; error_log?/var/log/nginx/error.log; pid?/run/nginx.pid; #?Load?dynamic?modules.?See?/usr/share/nginx/README.dynamic. include?/usr/share/nginx/modules/*.conf; events?{ ????worker_connections?1024; } http?{ ????log_format??main??'$remote_addr?-?$remote_user?[$time_local]?"$request"?' ??????????????????????'$status?$body_bytes_sent?"$http_referer"?' ??????????????????????'"$http_user_agent"?"$http_x_forwarded_for"'; ????access_log??/var/log/nginx/access.log??main; ????sendfile????????????on; ????tcp_nopush??????????on; ????tcp_nodelay?????????on; ????keepalive_timeout???65; ????types_hash_max_size?2048; ????underscores_in_headers?on; ????include?????????????/etc/nginx/mime.types; ????default_type????????application/octet-stream; ????client_body_buffer_size?2048k; ????client_max_body_size?100M;??#設(shè)定下載上傳時(shí)候單個(gè)http請(qǐng)求的數(shù)據(jù)量大小，建議在客戶(hù)端上傳下載使用分段，過(guò)大會(huì)導(dǎo)致Nginx負(fù)載過(guò)高 ????fastcgi_buffer_size?1024k; ????fastcgi_buffers?6?256k; ????fastcgi_busy_buffers_size?1024k; ????#?Load?modular?configuration?files?from?the?/etc/nginx/conf.d?directory. ????#?See?http://nginx.org/en/docs/ngx_core_module.html#include ????#?for?more?information. ????include?/etc/nginx/conf.d/*.conf; ????#使用固定地址代理?OBS訪問(wèn) ????server?{ ????????listen???????80?default_server; ????????listen???????443; ????????listen???????[::]:80?default_server; ????????server_name??114.115.168.79; ????????root?????????/usr/share/nginx/html; ????????#?Load?configuration?files?for?the?default?server?block. ????????include?/etc/nginx/default.d/*.conf; ????????allow?192.168.160.151;?#?可以配置允許訪問(wèn)的主機(jī)地址 ????????#deny?all;?#根據(jù)需要打開(kāi) ????????location?/?{ ????????????proxy_pass??http://obs.cn-north-1.myhuaweicloud.com;??#?OBS?桶所在Region的域名? ????????????proxy_redirect?off; ????????????proxy_set_header?X-Real-IP?$remote_addr; ????????????proxy_set_header?X-Forwarded-For?$proxy_add_x_forwarded_for; ????????????proxy_set_header?Host?obs.cn-north-4.myhuaweicloud.com; ????????} ????????error_page?404?/404.html; ????????????location?=?/40x.html?{ ????????} ????????error_page?500?502?503?504?/50x.html; ????????????location?=?/50x.html?{ ????????} ????} ???? ???? ?#訪問(wèn)OBS區(qū)域域名的配置??? ????server?{ ????????listen???????80; ????????listen???????443; ????????server_name???????obs.cn-north-1.myhuaweicloud.com;? ????????location?/?{ ????????????proxy_pass?http://obs.cn-north-1.myhuaweicloud.com/; ????????????proxy_redirect?off; ????????????proxy_set_header?X-Real-IP?$remote_addr; ????????????proxy_set_header?X-Forwarded-For?$proxy_add_x_forwarded_for; ????????????proxy_set_header?Host?obs.cn-north-1.myhuaweicloud.com; ????????} ????} ????#訪問(wèn)OBS全局域名的配置 ????server?{ ????????listen???????80; ????????listen???????443; ????????server_name???????obs.myhuaweicloud.com; ????????location?/?{ ????????????proxy_pass?http://obs.cn-north-1.myhuaweicloud.com/; ????????????proxy_redirect?off; ????????????proxy_set_header?X-Real-IP?$remote_addr; ????????????proxy_set_header?X-Forwarded-For?$proxy_add_x_forwarded_for; ????????????proxy_set_header?Host?obs.cn-north-1.myhuaweicloud.com; ????????} ????} ?#以虛擬主機(jī)方式訪問(wèn)OBS全局域名的配置?? ????server?{ ????????listen???????80; ????????listen???????443; ????????server_name???????~^((?.*).)obs.myhuaweicloud.com$; ????????if?($subdomain?=?"")?{ ????????????set?$subdomain?"_"; ????????} ????????location?/?{ ????????????proxy_pass?http://$subdomain.obs.cn-north-1.myhuaweicloud.com; ????????????proxy_redirect?off; ????????????proxy_set_header?X-Real-IP?$remote_addr; ????????????proxy_set_header?X-Forwarded-For?$proxy_add_x_forwarded_for; ????????????proxy_set_header?Host?$proxy_host; ????????} ????????????resolver?100.125.1.250;?#具體的值填入?華為云不同區(qū)域?內(nèi)網(wǎng)DNS地址? ????} #以虛擬主機(jī)方式訪問(wèn)OBS區(qū)域域名的配置? ???server?{ ????listen???????80; ????listen???????443; ????server_name???????~^((?.*).)obs.cn-north-1.myhuaweicloud.com$; ????access_log??/var/log/nginx/th_access.log??main; ????if?($subdomain?=?"")?{ ????????set?$subdomain?"_"; ????} ????proxy_connect_timeout????600; ????proxy_read_timeout???????600; ????proxy_send_timeout???????600; ????location?/?{ ????????proxy_pass?http://$subdomain.obs.cn-north-1.myhuaweicloud.com; ????????proxy_redirect?off; ????????proxy_set_header?X-Real-IP?$remote_addr; ????????proxy_set_header?X-Forwarded-For?$proxy_add_x_forwarded_for; ????????proxy_set_header?Host?$proxy_host; ????} ???????resolver?100.125.1.250;?#具體的值填入?華為云不同區(qū)域?內(nèi)網(wǎng)DNS地址? ????}

l??啟動(dòng)Nginx服務(wù)

nginx?-t??#測(cè)試nginx配置文件狀態(tài) service?nginx?start???#啟動(dòng)Nginx驗(yàn)證

2.3? ? ?業(yè)務(wù)驗(yàn)證

說(shuō)明：

針對(duì)不同的桶，更換obs-training?為自己的桶名即可

root@charles-single?sbin]#?curl?http://114.115.168.79/obs-training/12323.jpg?-v?-o?/dev/null? *?About?to?connect()?to?114.115.168.79?port?80?(#0) *???Trying?114.115.168.79... ??%?Total????%?Received?%?Xferd??Average?Speed???Time????Time?????Time??Current ?????????????????????????????????Dload??Upload???Total???Spent????Left??Speed ??0?????0????0?????0????0?????0??????0??????0?--:--:--?--:--:--?--:--:--?????0*?Connected?to?114.115.168.79?(114.115.168.79)?port?80?(#0) >?GET?/obs-training/12323.jpg?HTTP/1.1 >?User-Agent:?curl/7.29.0 >?Host:?114.115.168.79 >?Accept:?*/* >?

通過(guò)web展示，在瀏覽器地址欄輸入http://114.115.168.79/obs-training/12323.jpg

3?其他說(shuō)明

1.使用ELB過(guò)程就不再詳述，可以參考ELB的使用指南：https://support.huaweicloud.com/productdesc-elb/zh-cn_topic_0015479966.html。

2.https默認(rèn)為無(wú)法進(jìn)行證書(shū)校驗(yàn)的訪問(wèn)，如有需要請(qǐng)導(dǎo)入證書(shū)至代理服務(wù)器。具體 參考Nginx幫助：https://www.cnblogs.com/jikexianfeng/p/8410166.html。

3.如果使用域名那么可以通過(guò)在DNS將域名 解析記錄地址 改為代理服務(wù)器地址來(lái)實(shí)現(xiàn)。

對(duì)象存儲(chǔ)服務(wù) OBS Nginx 存儲(chǔ)

版權(quán)聲明：本文內(nèi)容由網(wǎng)絡(luò)用戶(hù)投稿，版權(quán)歸原作者所有，本站不擁有其著作權(quán)，亦不承擔(dān)相應(yīng)法律責(zé)任。如果您發(fā)現(xiàn)本站中有涉嫌抄襲或描述失實(shí)的內(nèi)容，請(qǐng)聯(lián)系我們jiasou666@gmail.com 處理，核實(shí)后本網(wǎng)站將在24小時(shí)內(nèi)刪除侵權(quán)內(nèi)容。