使用Amazon S3限制Nginx的带宽

使用Amazon S3限制Nginx的带宽,nginx,amazon-s3,bandwidth,Nginx,Amazon S3,Bandwidth,我在AmazonS3上有大量的下载文件(有些大于5GB)。我的主服务器是Nginx。AmazonS3没有公共访问权限。文件由签名URL提供 使用AmazonS3时有没有限制带宽的方法?我知道AmazonS3上没有选项,但是我们可以使用Nginx作为代理并从那里开始吗 我尝试使用该链接中的示例: 此代码块: location ~* ^/proxy_private_file/(.*) { set $s3_bucket 'your_bucket.s3.amazonaws.com';

我在AmazonS3上有大量的下载文件(有些大于5GB)。我的主服务器是Nginx。AmazonS3没有公共访问权限。文件由签名URL提供

使用AmazonS3时有没有限制带宽的方法?我知道AmazonS3上没有选项,但是我们可以使用Nginx作为代理并从那里开始吗

我尝试使用该链接中的示例:

此代码块:

location ~* ^/proxy_private_file/(.*) {
  set $s3_bucket        'your_bucket.s3.amazonaws.com';
  set $aws_access_key   'AWSAccessKeyId=YOUR_ONLY_ACCESS_KEY';
  set $url_expires      'Expires=$arg_e';
  set $url_signature    'Signature=$arg_st';
  set $url_full         '$1$aws_access_key&$url_expires&$url_signature';

  proxy_http_version     1.1;
  proxy_set_header       Host $s3_bucket;
  proxy_set_header       Authorization '';
  proxy_hide_header      x-amz-id-2;
  proxy_hide_header      x-amz-request-id;
  proxy_hide_header      Set-Cookie;
  proxy_ignore_headers   "Set-Cookie";
  proxy_buffering        off;
  proxy_intercept_errors on;

  resolver               172.16.0.23 valid=300s;
  resolver_timeout       10s;

  proxy_pass             http://$s3_bucket$url_full;  
}


我不明白的是,如何将创建的签名URL从PHP传递到Nginx配置?因此,我可以告诉Nginx以代理身份转到该签名URL。

我找到了解决方案。这是:

首先在nginx配置中打开http块。我们将创建限制每个IP连接所需的区域

limit_conn_zone $binary_remote_addr zone=addr:10m;
现在在/etc/nginx/conf.d/sitename.conf或您定义的任何位置打开服务器块。创建一个内部位置。我们将PHP请求重定向到此处:

location ~* ^/internal_redirect/(.*?)/(.*) {
# Do not allow people to mess with this location directly
# Only internal redirects are allowed
internal;

# Location-specific logging, so we can clearly see which requests
# passing through proxy and what is happening there
access_log /var/log/nginx/internal_redirect.access.log main;
error_log /var/log/nginx/internal_redirect.error.log warn;

# Extract download url from the request
set $download_uri $2;
set $download_host $1;

# Extract the arguments from request.
# That is the Signed URL part that you require to get the file from S3 servers
if ($download_uri ~* "([^/]*$)" ) {
    set  $filename  $1;
}

# Compose download url
set $download_url $download_host/$download_uri?$args;

# Set download request headers
proxy_http_version      1.1;
proxy_set_header        Connection "";
proxy_hide_header       x-amz-id-2;
proxy_hide_header       x-amz-request-id;
proxy_hide_header       Set-Cookie;
proxy_ignore_headers    "Set-Cookie";

# Activate the proxy buffering, without it limiting bandwidth speed in proxy will not work!
proxy_buffering on;

# Buffer 512 KB data
proxy_buffers 32 16k;

proxy_intercept_errors  on;
resolver        8.8.8.8 valid=300s;
resolver_timeout        10s;

# The next two lines could be used if your storage
# backend does not support Content-Disposition
# headers used to specify file name browsers use
# when save content to the disk
proxy_hide_header Content-Disposition;
add_header Content-Disposition 'attachment; filename="$filename"';

# Do not touch local disks when proxying
# content to clients
proxy_max_temp_file_size 0;

# Limit the connection to one per IP address
limit_conn addr 1;

# Limit the bandwidth to 300 kilobytes
proxy_limit_rate 300k;

# Set logging level to info so we can see everything.
# All levels you can set: info | notice | warn | error
limit_conn_log_level info;   

# Finally download the file and send it to client
# Beware that you can shouldn't include "htttp://" or "https://"
# in proxy. Doing that will cause an "invalid port in upstream" error.
proxy_pass $download_url;
}
在PHP中完成最后一步,并将您的签名URL发送到Nginx:

header( 'X-Accel-Redirect: ' . '/internal_redirect/' . $YOUR_SIGNED_URL );

这似乎是可行的——也许是吧?是真的要限制“带宽”,还是每个客户端每秒的请求数,或者其他什么;我正在使用一个插件为AmazonS3创建签名URL。该插件使用PHP中的类似内容将用户重定向到签名URL:header('Location:'。$signedURL);在这种情况下,我可以把Nginx放在哪里?@Michael sqlbot我对服务器不是很在行,所以请容忍我。用户请求example.com/files/file1.txt PHP生成签名URL。类似于amazon/bucket/file1.txt,然后使用PHP的头文件提供。我需要在Nginx conf中获取amazon/bucket/file.txt URL并在那里发出代理请求。我该怎么做呢?简而言之:PHP创建了一个URL,我想用它作为Nginx的代理地址。