碼上快樂

相關內容    簡體    繁體

Minio設置永久下載鏈接

本文轉載自   查看原文   2022-03-11 11:25   3194    MinIO

目前了解到的有如下兩種方法

建議采用第二種辦法

第一種方法:設置Access Policy為public

不論文件是否已經操作過分享動作,只要存儲桶中有這個文件就能通過如下形式直接訪問: http://x.x.x.x:9000/bucket/xxx.jpg

第二種方法:設置存儲桶或路徑策略為 download

必須通過minio client才能設置下載策略

wget https://dl.min.io/client/mc/release/linux-amd64/mc
chmod +x mc
./mc --help

# mc config host add <ALIAS> <YOUR-S3-ENDPOINT> <YOUR-ACCESS-KEY> <YOUR-SECRET-KEY> [--api API-SIGNATURE]

# ./mc config host add minio http://192.168.20.102:9000 minioadmin minioadmin --api s3v4
Added `minio` successfully.

# cat ~/.mc/config.json
{
        "version": "10",
        "aliases": {
                "minio": {
                        "url": "http://192.168.20.102:9000",
                        "accessKey": "minioadmin",
                        "secretKey": "minioadmin",
                        "api": "s3v4",
                        "path": "auto"
                },
                "gcs": {
                        "url": "https://storage.googleapis.com",
                        "accessKey": "YOUR-ACCESS-KEY-HERE",
                        "secretKey": "YOUR-SECRET-KEY-HERE",
                        "api": "S3v2",
                        "path": "dns"
                },
                "local": {
                        "url": "http://localhost:9000",
                        "accessKey": "",
                        "secretKey": "",
                        "api": "S3v4",
                        "path": "auto"
                },
                "play": {
                        "url": "https://play.min.io",
                        "accessKey": "Q3AM3UQ867SPQQA43P2F",
                        "secretKey": "zuf+tfteSlswRu7BJ86wekitnifILbZam1KYY3TG",
                        "api": "S3v4",
                        "path": "auto"
                },
                "s3": {
                        "url": "https://s3.amazonaws.com",
                        "accessKey": "YOUR-ACCESS-KEY-HERE",
                        "secretKey": "YOUR-SECRET-KEY-HERE",
                        "api": "S3v4",
                        "path": "dns"
                }
        }
}


# 查詢所有的存儲桶
# /usr/local/minio/bin/mc ls minio
[2022-03-10 17:53:49 CST]     0B test/

policy命令 - 管理存儲桶策略

  1. 通過 mc policy 命令 獲取 policy 相關的所有命令
# /usr/local/minio/bin/mc policy
Name:
  mc policy - manage anonymous access to buckets and objects

USAGE:
  mc policy [FLAGS] set PERMISSION TARGET
  mc policy [FLAGS] set-json FILE TARGET
  mc policy [FLAGS] get TARGET
  mc policy [FLAGS] get-json TARGET
  mc policy [FLAGS] list TARGET

FLAGS:
  --recursive, -r               list recursively
  --config-dir value, -C value  path to configuration folder (default: "/root/.mc")
  --quiet, -q                   disable progress bar display
  --no-color                    disable color theme
  --json                        enable JSON lines formatted output
  --debug                       enable debug output
  --insecure                    disable SSL certificate verification
  --help, -h                    show help
  
PERMISSION:
  Allowed policies are: [none, download, upload, public].

FILE:
  A valid S3 policy JSON filepath.

EXAMPLES:
  1. Set bucket to "download" on Amazon S3 cloud storage.
     $ mc policy set download s3/burningman2011

  2. Set bucket to "public" on Amazon S3 cloud storage.
     $ mc policy set public s3/shared

  3. Set bucket to "upload" on Amazon S3 cloud storage.
     $ mc policy set upload s3/incoming

  4. Set policy to "public" for bucket with prefix on Amazon S3 cloud storage.
     $ mc policy set public s3/public-commons/images

  5. Set a custom prefix based bucket policy on Amazon S3 cloud storage using a JSON file.
     $ mc policy set-json /path/to/policy.json s3/public-commons/images

  6. Get bucket permissions.
     $ mc policy get s3/shared

  7. Get bucket permissions in JSON format.
     $ mc policy get-json s3/shared

  8. List policies set to a specified bucket.
     $ mc policy list s3/shared

  9. List public object URLs recursively.
     $ mc policy --recursive links s3/shared/
  1. 查看存儲桶或路徑策略
# /usr/local/minio/bin/mc policy get minio/test
Access permission for `minio/test` is `public`
  1. 設置存儲桶或路徑策略為 download
# download 后面 跟存儲桶或路徑
# /usr/local/minio/bin/mc policy set download minio/test
Access permission for `minio/test` is set to `download`

# /usr/local/minio/bin/mc policy get minio/test         
Access permission for `minio/test` is `download`



{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Principal": {
                "AWS": [
                    "*"
                ]
            },
            "Action": [
                "s3:GetBucketLocation",
                "s3:ListBucket"
            ],
            "Resource": [
                "arn:aws:s3:::test"
            ]
        },
        {
            "Effect": "Allow",
            "Principal": {
                "AWS": [
                    "*"
                ]
            },
            "Action": [
                "s3:GetObject"
            ],
            "Resource": [
                "arn:aws:s3:::test/*"
            ]
        }
    ]
}

注意: 這里強烈建議設置路徑的策略為 download 這樣 所屬存儲桶的策略就變為了 custom 如果直接將 bucket 設置為 download 那么就可以進入到minio客戶端,雖然只能看到 設置了相應策略的 bocket ,但是匿名者可以在其中隨意的創建與刪除文件!

policy命令 - 管理存儲桶策略

官方文檔地址:http://docs.minio.org.cn/docs/master/minio-client-complete-guide

管理匿名訪問存儲桶和其內部內容的策略。

用法:
  mc policy [FLAGS] PERMISSION TARGET
  mc policy [FLAGS] TARGET
  mc policy list [FLAGS] TARGET

PERMISSION:
  Allowed policies are: [none, download, upload, public].

FLAGS:
  --help, -h                       顯示幫助。

示例: 顯示當前匿名存儲桶策略

# 顯示當前mybucket/myphotos/2020/子文件夾的匿名策略。
mc policy play/mybucket/myphotos/2020/
Access permission for ‘play/mybucket/myphotos/2020/’ is ‘none’

示例:設置可下載的匿名存儲桶策略。

# 設置mybucket/myphotos/2020/子文件夾可匿名下載的策略。現在,這個文件夾下的對象可被公開訪問。比如:mybucket/myphotos/2020/yourobjectname可通過這個URL https://play.min.io/mybucket/myphotos/2020/yourobjectname訪問。
mc policy set download play/mybucket/myphotos/2020/
Access permission for ‘play/mybucket/myphotos/2020/’ is set to 'download'

示例:刪除當前的匿名存儲桶策略

# 刪除所有mybucket/myphotos/2020/這個子文件夾下的匿名存儲桶策略。
mc policy set none play/mybucket/myphotos/2020/
Access permission for ‘play/mybucket/myphotos/2020/’ is set to 'none'

第三種辦法

當前存儲桶策略策略是private,無法訪問圖片,但是進行如下設置后,就可以訪問圖片 (圖片不用分享也能訪問)

此時再查看當前存儲桶策略策略,不是private了,而是custom:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Principal": {
                "AWS": [
                    "*"
                ]
            },
            "Action": [
                "s3:GetBucketLocation"
            ],
            "Resource": [
                "arn:aws:s3:::aaa"
            ]
        },
        {
            "Effect": "Allow",
            "Principal": {
                "AWS": [
                    "*"
                ]
            },
            "Action": [
                "s3:ListBucket"
            ],
            "Resource": [
                "arn:aws:s3:::aaa"
            ],
            "Condition": {
                "StringEquals": {
                    "s3:prefix": [
                        "*"
                    ]
                }
            }
        },
        {
            "Effect": "Allow",
            "Principal": {
                "AWS": [
                    "*"
                ]
            },
            "Action": [
                "s3:GetObject"
            ],
            "Resource": [
                "arn:aws:s3:::aaa/**"
            ]
        }
    ]
}


免責聲明!

本站轉載的文章為個人學習借鑒使用,本站對版權不負任何法律責任。如果侵犯了您的隱私權益,請聯系本站郵箱yoyou2525@163.com刪除。



猜您在找 Minio存儲桶:部署存儲服務以及設置永久下載鏈接 minio 安裝 配置 修改秘鑰 設置永久訪問 解決Minio生成圖片文件的分享鏈接無法正常下載的問題 minio文件上傳與下載 為MinIO Server設置Nginx代理 設置Minio使用Https訪問 HTML a標簽鏈接 設置點擊下載文件 MinIO安裝及使用教程(windows) 及java 上傳 下載 windows minio 修改密碼修改 MINIO_ACCESS_KEY minio開機啟動 linux 下設置minio開機自啟 MinIO centos7 設置開機啟動服務
 
粵ICP備18138465號   © 2018-2025 CODEPRJ.COM