# ============================================================================= # MinIO Nginx 配置 # ============================================================================= # # 功能: # - MinIO API 反向代理 (S3 兼容) # - MinIO Console 反向代理 # - SSL/TLS 终止 # - 静态资源 CDN 缓存 # # 安装: # sudo cp minio.szaiai.com.conf /etc/nginx/sites-available/ # sudo ln -s /etc/nginx/sites-available/minio.szaiai.com.conf /etc/nginx/sites-enabled/ # sudo nginx -t && sudo systemctl reload nginx # # SSL 证书 (使用 certbot): # sudo certbot --nginx -d minio.szaiai.com -d cdn.szaiai.com # # ============================================================================= # 上游服务器定义 upstream minio_api { server 127.0.0.1:9000; keepalive 32; } upstream minio_console { server 127.0.0.1:9001; keepalive 32; } # ============================================================================= # MinIO API (S3 兼容) - minio.szaiai.com # ============================================================================= server { listen 80; listen [::]:80; server_name minio.szaiai.com; # 强制 HTTPS location / { return 301 https://$host$request_uri; } } server { listen 443 ssl http2; listen [::]:443 ssl http2; server_name minio.szaiai.com; # SSL 配置 (由 certbot 管理) ssl_certificate /etc/letsencrypt/live/minio.szaiai.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/minio.szaiai.com/privkey.pem; include /etc/letsencrypt/options-ssl-nginx.conf; ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # 日志 access_log /var/log/nginx/minio.szaiai.com.access.log; error_log /var/log/nginx/minio.szaiai.com.error.log; # 客户端配置 client_max_body_size 100M; client_body_buffer_size 128k; client_body_timeout 300s; # 代理缓冲配置 proxy_buffering off; proxy_request_buffering off; # MinIO API 代理 location / { proxy_pass http://minio_api; proxy_http_version 1.1; # 保持连接 proxy_set_header Connection ""; # 必要的头部 proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; # S3 特定头部 proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-Port $server_port; # 超时配置 proxy_connect_timeout 60s; proxy_send_timeout 300s; proxy_read_timeout 300s; # WebSocket 支持 (用于控制台实时日志) proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; } } # ============================================================================= # MinIO Console - console.minio.szaiai.com # ============================================================================= server { listen 80; listen [::]:80; server_name console.minio.szaiai.com; location / { return 301 https://$host$request_uri; } } server { listen 443 ssl http2; listen [::]:443 ssl http2; server_name console.minio.szaiai.com; # SSL 配置 ssl_certificate /etc/letsencrypt/live/minio.szaiai.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/minio.szaiai.com/privkey.pem; include /etc/letsencrypt/options-ssl-nginx.conf; ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # 日志 access_log /var/log/nginx/console.minio.access.log; error_log /var/log/nginx/console.minio.error.log; # MinIO Console 代理 location / { proxy_pass http://minio_console; proxy_http_version 1.1; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; # WebSocket 支持 (Console 实时功能) proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; # 超时配置 proxy_connect_timeout 60s; proxy_send_timeout 60s; proxy_read_timeout 60s; } } # ============================================================================= # CDN 静态资源 - cdn.szaiai.com # ============================================================================= # 用于公开访问的静态资源 (头像、资源文件等) # ============================================================================= server { listen 80; listen [::]:80; server_name cdn.szaiai.com; location / { return 301 https://$host$request_uri; } } server { listen 443 ssl http2; listen [::]:443 ssl http2; server_name cdn.szaiai.com; # SSL 配置 ssl_certificate /etc/letsencrypt/live/cdn.szaiai.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/cdn.szaiai.com/privkey.pem; include /etc/letsencrypt/options-ssl-nginx.conf; ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # 日志 access_log /var/log/nginx/cdn.szaiai.com.access.log; error_log /var/log/nginx/cdn.szaiai.com.error.log; # 缓存配置 proxy_cache_path /var/cache/nginx/minio levels=1:2 keys_zone=minio_cache:100m max_size=10g inactive=7d use_temp_path=off; # 公开存储桶 - avatars location /avatars/ { proxy_pass http://minio_api/avatars/; proxy_http_version 1.1; proxy_set_header Connection ""; # 缓存配置 proxy_cache minio_cache; proxy_cache_valid 200 7d; proxy_cache_valid 404 1m; proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504; proxy_cache_lock on; # 缓存头部 add_header X-Cache-Status $upstream_cache_status; add_header Cache-Control "public, max-age=604800"; # CORS 配置 add_header Access-Control-Allow-Origin "*"; add_header Access-Control-Allow-Methods "GET, HEAD, OPTIONS"; } # 公开存储桶 - resources location /resources/ { proxy_pass http://minio_api/resources/; proxy_http_version 1.1; proxy_set_header Connection ""; # 缓存配置 proxy_cache minio_cache; proxy_cache_valid 200 7d; proxy_cache_valid 404 1m; proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504; proxy_cache_lock on; # 缓存头部 add_header X-Cache-Status $upstream_cache_status; add_header Cache-Control "public, max-age=604800"; # CORS 配置 add_header Access-Control-Allow-Origin "*"; add_header Access-Control-Allow-Methods "GET, HEAD, OPTIONS"; } # 默认拒绝其他路径 location / { return 403; } }