需求背景:
将Nginx做图片服务器时,需要对访问权限做校验,避免恶意访问图片.
- Nginx配置
#user nobody;
worker_processes 1;
#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;
#pid logs/nginx.pid;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
server {
listen 80;
server_name localhost;
charset utf-8;
location / {
root html;
index index.html index.htm;
}
location /file/ {
alias "E:\\excel\\";
}
location ^~ /file_server2/ {
# 文件路径
alias "E:\\excel\\";
}
location ^~ /file_server/ {
# 内部请求(即一次请求的Nginx内部请求),禁止外部访问,重要。
internal;
# 文件路径
alias "E:\\excel\\";
limit_rate 200k;
# 浏览器访问返回200,然后转由后台处理
error_page 404 =200 @backend;
}
# 文件下载鉴权
location @backend {
# 去掉访问路径中的 /file_server/,然后定义新的请求地址。
rewrite ^/file_server/(.*)$ /$1 break;
# 这里的url后面不可以再拼接地址
proxy_pass http://127.0.0.1:9001;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
}
- 服务端
package com.example.springbootdemo.controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.UnsupportedEncodingException;
/**
* @author JiangHeng
* @version 1.0.0
* @ClassName TestController.java
* @Description TODO
* @createTime 2021/08/10 17:52
*/
@RestController
public class NginxAuthoController {
@RequestMapping("/down")
public String selecVersionInfo(HttpServletRequest request,HttpServletResponse response) throws UnsupportedEncodingException {
String token = request.getParameter("token");
System.out.println("由Nginx转发过来的......"+token);
// 已被授权访问
// 文件下载
response.setHeader("Content-Disposition", "attachment; filename=\"" + new String("test.xlsx".getBytes("GBK"), "iso-8859-1") + "\"");
// 文件以二进制流传输
response.setHeader("Content-Type", "application/octet-stream;charset=utf-8");
// 返回真实文件路径交由 Nginx 处理,保证前端无法看到真实的文件路径。
// 这里的 "/file_server" 为 Nginx 中配置的下载服务名
response.setHeader("X-Accel-Redirect", "/file_server/20210810/test.xlsx");
// 限速,单位字节,默认不限
// response.setHeader("X-Accel-Limit-Rate","1024");
// 是否使用Nginx缓存,默认yes
// response.setHeader("X-Accel-Buffering","yes");
response.setHeader("X-Accel-Charset", "utf-8");
// 禁止浏览器缓存
response.setHeader("Pragma", "No-cache");
response.setHeader("Cache-Control", "No-cache");
response.setHeader("Expires", "0");
return "success";
}
@RequestMapping("/view")
public String view(HttpServletRequest request,HttpServletResponse response) throws UnsupportedEncodingException {
String token = request.getParameter("token");
System.out.println("由Nginx转发过来的......"+token);
// 已被授权访问
// 文件直接显示
response.setHeader("Content-Disposition", "inline; filename=\"" + new String("1.png".getBytes("GBK"), "iso-8859-1") + "\"");
if ("pdf".equals("1pdf")) {
// PDF
response.setHeader("Content-Type", "application/pdf;charset=utf-8");
} else {
// 图片
response.setHeader("Content-Type", "image/*;charset=utf-8");
}
// 返回真实文件路径交由 Nginx 处理,保证前端无法看到真实的文件路径。
// 这里的 "/file_server" 为 Nginx 中配置的下载服务名
response.setHeader("X-Accel-Redirect", "/file_server/20210810/1.png");
// 浏览器缓存 1 小时
response.setDateHeader("Expires", System.currentTimeMillis() + 1000 * 60 * 60);
return "success";
}
}