我要评论为什么选择 nginx 作为文件服务器
1.性能优势
- 高并发处理 - 轻量级,支持大量并发连接
- 低资源消耗 - 内存占用少,cpu使用率低
- 静态文件服务 - 专门优化过的静态文件传输
- 高稳定性 - 长期运行稳定可靠
2.功能特性
- 简单的配置 - 配置文件简洁明了
- http基本认证 - 内置访问控制
- 目录浏览 - 自动显示目录内容
- 防盗链 - 防止他人盗用资源
基础配置
1.安装 nginx
# ubuntu/debian sudo apt update sudo apt install nginx # centos/rhel sudo yum install nginx # 或者使用 dnf (较新版本) sudo dnf install nginx # windows # 下载安装包并运行
2.基本文件服务器配置
# /etc/nginx/sites-available/fileserver
server {
listen 80;
server_name your-domain.com; # 或者使用ip地址
# 文件服务器根目录
location / {
root /var/www/files; # 指定文件存储目录
autoindex on; # 启用目录浏览
autoindex_exact_size off; # 文件大小显示为人类可读格式
autoindex_localtime on; # 显示本地时间而非gmt时间
# 设置基本认证(可选)
auth_basic "restricted access";
auth_basic_user_file /etc/nginx/.htpasswd;
}
# 限制访问日志(可选)
access_log /var/log/nginx/fileserver_access.log;
error_log /var/log/nginx/fileserver_error.log;
}
3.创建认证文件
# 安装htpasswd工具 sudo apt install apache2-utils # ubuntu/debian # 或 sudo yum install httpd-tools # centos/rhel # 创建用户和密码文件 sudo htpasswd -c /etc/nginx/.htpasswd username # 系统会提示输入密码
高级配置
1.https 配置
server {
listen 443 ssl http2;
server_name your-domain.com;
ssl_certificate /path/to/your/certificate.crt;
ssl_certificate_key /path/to/your/private.key;
# ssl 安全配置
ssl_protocols tlsv1.2 tlsv1.3;
ssl_ciphers ecdhe-rsa-aes256-gcm-sha512:dhe-rsa-aes256-gcm-sha512:ecdhe-rsa-aes256-gcm-sha384:dhe-rsa-aes256-gcm-sha384;
ssl_prefer_server_ciphers off;
location / {
root /var/www/files;
autoindex on;
autoindex_exact_size off;
autoindex_localtime on;
# 限制文件上传大小
client_max_body_size 100m;
}
}
# http 重定向到 https
server {
listen 80;
server_name your-domain.com;
return 301 https://$server_name$request_uri;
}
2.防盗链配置
server {
listen 80;
server_name your-domain.com;
location /files/ {
root /var/www;
autoindex on;
autoindex_exact_size off;
autoindex_localtime on;
# 防盗链配置
valid_referers none blocked server_names *.your-domain.com;
if ($invalid_referer) {
return 403;
}
}
}
3.压缩传输
server {
listen 80;
server_name your-domain.com;
# 启用gzip压缩
gzip on;
gzip_vary on;
gzip_min_length 1024;
gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
location / {
root /var/www/files;
autoindex on;
autoindex_exact_size off;
autoindex_localtime on;
}
}
4.自定义文件类型处理
server {
listen 80;
server_name your-domain.com;
# 自定义mime类型
location ~* \.pdf$ {
root /var/www/files;
add_header content-type application/pdf;
add_header content-disposition attachment;
}
location ~* \.(jpg|jpeg|png|gif)$ {
root /var/www/files;
expires 30d; # 缓存30天
add_header cache-control "public, immutable";
}
location ~* \.txt$ {
root /var/www/files;
add_header content-type text/plain;
}
}
完整的生产环境配置
# /etc/nginx/sites-available/fileserver.conf
upstream fileserver_backend {
server 127.0.0.1:8080; # 如果需要反向代理到应用服务器
}
server {
listen 80;
listen [::]:80;
server_name your-domain.com;
# 重定向到https
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name your-domain.com;
# ssl证书配置
ssl_certificate /path/to/certificate.crt;
ssl_certificate_key /path/to/private.key;
ssl_trusted_certificate /path/to/ca.crt;
# ssl安全配置
ssl_protocols tlsv1.2 tlsv1.3;
ssl_ciphers ecdhe-ecdsa-aes128-gcm-sha256:ecdhe-rsa-aes128-gcm-sha256:ecdhe-ecdsa-aes256-gcm-sha384:ecdhe-rsa-aes256-gcm-sha384;
ssl_prefer_server_ciphers off;
# 安全头
add_header x-frame-options deny always;
add_header x-content-type-options nosniff always;
add_header x-xss-protection "1; mode=block" always;
add_header strict-transport-security "max-age=63072000" always;
# 文件上传限制
client_max_body_size 100m;
# 静态文件服务
location / {
root /var/www/files;
autoindex on;
autoindex_exact_size off;
autoindex_localtime on;
# 缓存静态文件
expires 1d;
add_header cache-control "public, immutable";
# 防盗链
valid_referers none blocked server_names *.your-domain.com;
if ($invalid_referer) {
return 403;
}
}
# 特定目录配置
location ^~ /private/ {
root /var/www;
auth_basic "private area - authorization required";
auth_basic_user_file /etc/nginx/.htpasswd;
}
# 日志配置
access_log /var/log/nginx/fileserver_access.log;
error_log /var/log/nginx/fileserver_error.log;
}
# 服务状态监控(可选)
server {
listen 127.0.0.1:8080; # 仅本地访问
location /nginx_status {
stub_status on;
access_log off;
allow 127.0.0.1;
deny all;
}
}
启用配置
1.启用站点
# 创建软链接(ubuntu/debian) sudo ln -s /etc/nginx/sites-available/fileserver.conf /etc/nginx/sites-enabled/ # 或者直接复制配置文件 sudo cp /etc/nginx/sites-available/fileserver.conf /etc/nginx/conf.d/fileserver.conf # 测试配置 sudo nginx -t # 重新加载配置 sudo systemctl reload nginx # 或 sudo nginx -s reload
2.创建文件目录
# 创建文件存储目录 sudo mkdir -p /var/www/files sudo chown www-data:www-data /var/www/files sudo chmod 755 /var/www/files # 或者使用自定义目录 mkdir -p ~/shared-files # 在配置中使用绝对路径
文件上传功能(配合后端)
1.nginx 配置(配合后端处理上传)
server {
listen 80;
server_name your-domain.com;
# 文件上传处理(需要后端应用)
location /upload {
proxy_pass http://127.0.0.1:3000; # 后端应用地址
client_max_body_size 100m;
proxy_set_header host $host;
proxy_set_header x-real-ip $remote_addr;
proxy_set_header x-forwarded-for $proxy_add_x_forwarded_for;
}
# 文件访问
location /files/ {
root /var/www;
autoindex on;
autoindex_exact_size off;
autoindex_localtime on;
}
}
2.简单的上传页面
<!doctype html>
<html>
<head>
<title>文件上传</title>
</head>
<body>
<h2>文件上传</h2>
<form action="/upload" method="post" enctype="multipart/form-data">
<input type="file" name="file" required>
<button type="submit">上传</button>
</form>
</body>
</html>
安全配置
1.访问控制
# ip白名单
location / {
root /var/www/files;
allow 192.168.1.0/24; # 允许特定ip段
allow 127.0.0.1;
deny all; # 拒绝其他所有ip
autoindex on;
}
# 基本认证
location /protected/ {
auth_basic "restricted";
auth_basic_user_file /etc/nginx/.htpasswd;
}
2.防止恶意文件上传
# 禁止执行脚本文件
location ~* \.(php|pl|py|jsp|asp|sh|cgi)$ {
deny all;
return 404;
}
# 限制上传文件类型
location /uploads {
location ~* \.(jpg|jpeg|png|gif|pdf|doc|docx|txt|zip|rar)$ {
# 允许的文件类型
}
location ~* \.(php|html|htm|js|css)$ {
deny all;
return 404;
}
}
性能优化
1.缓存配置
# 启用文件缓存
location / {
root /var/www/files;
autoindex on;
autoindex_exact_size off;
autoindex_localtime on;
# 设置缓存
expires 1y;
add_header cache-control "public, immutable";
# 启用sendfile
sendfile on;
tcp_nopush on;
tcp_nodelay on;
}
2.gzip压缩
# 全局启用gzip
gzip on;
gzip_vary on;
gzip_min_length 1024;
gzip_proxied expired no-cache no-store private must-revalidate auth;
gzip_types
text/plain
text/css
text/xml
text/javascript
application/javascript
application/xml+rss
application/json;
管理和监控
1.常用命令
# 启动nginx sudo systemctl start nginx # 停止nginx sudo systemctl stop nginx # 重启nginx sudo systemctl restart nginx # 重载配置 sudo systemctl reload nginx # 检查配置 sudo nginx -t # 查看状态 sudo systemctl status nginx
2.日志查看
# 查看访问日志
sudo tail -f /var/log/nginx/access.log
# 查看错误日志
sudo tail -f /var/log/nginx/error.log
# 统计访问量
sudo awk '{print $1}' /var/log/nginx/access.log | sort | uniq -c | sort -nr
总结
使用 nginx 作为文件服务器的优势:
- 高性能 - 静态文件服务效率极高
- 配置简单 - 配置文件直观易懂
- 功能丰富 - 支持认证、防盗链、缓存等
- 安全可靠 - 企业级稳定性
- 资源占用少 - 轻量级,适合各种规模部署
nginx 是搭建文件服务器的理想选择,特别适合用于静态文件分发、内网文件共享、cdn节点等场景。
以上就是使用nginx搭建文件服务器的全过程的详细内容,更多关于nginx搭建文件服务器的资料请关注代码网其它相关文章!
发表评论