Network Security Internet Technology Development Database Servers Mobile Phone Android Software Apple Software Computer Software News IT Information

In addition to Weibo, there is also WeChat

Please pay attention

WeChat public account

Shulou

Introduction to the Security configuration of FastDFS

2025-03-29 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Internet Technology >

Share

Shulou(Shulou.com)06/02 Report--

The main content of this article is "introduction to the security configuration of FastDFS". Interested friends may wish to have a look at it. The method introduced in this paper is simple, fast and practical. Let's let the editor take you to learn "introduction to the Security configuration of FastDFS".

1. Course name: security configuration of FastDFS

2. Specific content

Now that FastDFS has been successfully configured and can also be called through java, there is a problem. Now anyone can call the transport, so your server is as if you were naked on Mars. So now we need to configure the security of the file server accordingly.

2.1. Link whitelist

Links have the concepts of blacklist and whitelist, and the so-called whitelist refers to the users who are allowed to access it. If you want to modify the whitelist, the main configuration item is in the tracker.conf file: vim/etc/fdfs/tracker.conf.

Allow_hosts=192.168.122.

The IP address between 192.168.122.198 and 192.168.122.202 now indicates that the host is allowed to upload.

Allow_hosts=192.168.122. [190198-202]

It now indicates that 192.168.122.190 can also be accessed. What was done in command-line mode before, what if you want to use a local program now? It doesn't really make sense to say that it's just an address configured with a local Windows, because it can't be accessed. You need to configure a connected gateway IP:

2.2. Hotlink prevention

Once the file server is turned on, the data in it actually means that all users access it directly through the address. If this goes on, it will cause a problem. Other people's servers directly refer to your pictures, causing your server's capacity to rise. This operation must be prohibited, so you must use the hotlink release feature.

The so-called hotlink means that you generate a random token, the token is valid for a certain period of time, and an error page will appear beyond the specified time. Hotlink protection can be used to modify the configuration of storage hosts.

1. [fastdfs-storage-group1-01] display image after uploading hotlink

Save the image to the path "/ etc/fdfs" of all fastdfs configuration files: mv/srv/ftp/noauth.gif/etc/fdfs/ copies the image to all hosts: scp/etc/fdfs/noauth.gif192.168.122.200:/etc/fdfs2, [fastdfs-storage-group1-01] modifies the hotlink protection configuration file: vim/etc/fdfs/http.conf

3. [fastdfs-storage-group1-01] copy the configuration of http.conf at this time to other hosts:

Copy other hosts: scp/etc/fdfs/http.conf192.168.122.200:/etc/fdfs/;4, [fastdfs-storage-*] need to restart storage service: / usr/bin/fdfs_storaged/etc/fdfs/storage.confrestart;5, [fastdfs-storage-*] all nginx services must be restarted: / usr/local/nginx/sbin/nginx-sreload 6. [fastdfs-storage-*] after all token expires, a fixed picture needs to be displayed, then the picture also needs to be authorized.

Chmod777-R/etc/fdfs/noauth.gif

7. Generate the client Token through the java program.

Premise: the date and time on your current computer is equivalent to the date and time on your server; modify the "fdfs_client.conf" configuration file

Tracker_server=192.168.122.198:22122 http.anti_steal_token=true http.secret_key=mldnjava01051283346heihei

Write a program to generate a Token message:

Packagecn.mldn.demo;importorg.csource.fastdfs.ClientGlobal;importorg.csource.fastdfs.ProtoCommon;importorg.csource.fastdfs.TrackerClient;importorg.csource.fastdfs.TrackerServer;importorg.springframework.core.io.ClassPathResource;public class FDFSToken {publicstaticvoidmain (String [] args) throwsException {/ / 1. Read the uploaded configuration file, which is ClassPathResourceres=newClassPathResource ("fdfs_client.conf") under the CLASSPATH path. / / 2. Initialize the environment ClientGlobal.init for FastDFS upload (res.getClassLoader (). GetResource ("fdfs_client.conf"). GetPath ()); / 3. Establish a client connection to Tracker TrackerClienttracker=newTrackerClient (); TrackerServertrackerServer=tracker.getConnection (); / / get the server connection / / do not increase the group name when defining the file id, otherwise you cannot access String fileId= "M00/00/00/wKh7yVg71i6ASCLbAAL6dz7aOB0963.jpg"; intts= (int) (System.currentTimeMillis () / 1000) Stringtoken=ProtoCommon.getToken (fileId,ts,ClientGlobal.g_secret_key); StringBufferfileUrl=newStringBuffer (); fileUrl.append ("http://"); fileUrl.append (trackerServer.getInetSocketAddress (). GetHostString ()); fileUrl.append (" / group2/ ") .append (fileId); fileUrl.append ("? token= ") .append (token) .append (& ts=") .append (ts); System.out.println (fileUrl); trackerServer.close ();}

If the generated Token is normal content, then you can have normal access, and if the token is incorrect, or if the valid time of the Token is up, then the path will display unauthorized images.

At this point, I believe you have a deeper understanding of the "introduction to the security configuration of FastDFS". You might as well do it in practice. Here is the website, more related content can enter the relevant channels to inquire, follow us, continue to learn!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

Views: 0

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.

Share To

Internet Technology

Wechat

© 2024 shulou.com SLNews company. All rights reserved.

12
Report