站長資訊網1、安裝vsftpd組件
安裝完后,有/etc/vsftpd/vsftpd.conf 文件,是vsftp的配置文件。
[root@linuxidc ~]# yum -y install vsftpd
2、創建虛擬用戶登錄
2.1 創建文本格式的用戶名、密碼列表
首先需要建立一個文本格式的用戶名/密碼列表文件,奇數行為用戶名,偶數行為上一行中用戶名所對應的密碼。
例如:添加兩個用戶jene、john,密碼分別為abc123、abc456執行以下的操作:
[root@linuxidc ~]# vi /etc/vsftpd/juser.txt
jene
abc123
john
abc456
2.2 生成數據庫:
db_load:安裝 db4,db4-devel,db4-utils
# cd //etc/vsftpd //切換到/etc/vsftpd的目錄下
# yum -y install db4*
# db_load -T -t hash -f juser.txt juser.db //將剛創建的juser.list列表轉換為juser.list.db
file juser.db //查看轉換后的文件類型
2.3 修改數據文件訪問權限:
chmod 600 /etc/vsftpd/juser.db
2.4 修改pam配置:
vi /etc/pam.d/juser.pam //為虛擬用戶創建PAM認證文件,文件名為juser.pam(見名之義)
auth required pam_userdb.so db=/etc/vsftpd/juser
account required pam_userdb.so db=/etc/vsftpd/juser
注意:db=/etc/vsftpd/vsftpd_login 后面的.db必須去掉
2.5 創建虛擬賬號對應的系統用戶:
# useradd -d /home/ftpuser -s /sbin/nologin ftpuser //添加用戶ftpuser,指定到新建的家目錄,將虛擬用戶對應到這個系統賬號上,這個賬號無需設置密碼及登錄Shell
# chmod 755 /home/ftpuser/ //調整權限以允許瀏覽目錄
2.6 修改vsftpd配置文件
vsftpd端口是1335,訪問目錄為/opt/upload(即為圖片路徑),被動模式
vi /etc/vsftpd/vsftpd.conf
anonymous_enable=no
local_enable=YES
write_enable=YES
local_umask=022
connect_from_port_20=YES
#ftp_data_port=1334
chroot_local_user=YES
listen=YES
listen_port=1335
#pam_service_name=vsftpd
pam_service_name=juser.pam
tcp_wrappers=YES
local_root=/opt/upload
pasv_enable=yes
pasv_min_port=31000
pasv_max_port=31999
guest_enable=YES
guest_username=ftpuser
user_config_dir=/opt/ftpuser_dir
userlist_enable=YES
2.7 定義jene虛擬用戶配置文件,允許jene用戶可以上傳
#vi /opt/ftpuser_dir/jene
anon_upload_enable=YES
anon_other_write_enable=YES
anon_umask=062 (權限062是創建目錄為715,文件為604)
2.8 定義john虛擬用戶配置文件,允許john用戶可以上傳及創建目錄
anon_upload_enable=YES
anon_mkdir_write_enable=YES
anon_other_write_enable=YES
anon_umask=062
# service vsftpd restart
3、配置nginx.conf,使其成為圖片服務器
# vi /opt/nginx/conf/nginx.conf
user nginx nginx;
worker_processes 1;
pid /opt/nginx/run/nginx/nginx.pid;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
log_format main ‘$remote_addr – $remote_user [$time_local] “$request” ‘
‘$status $body_bytes_sent “$http_referer” ‘
‘”$http_user_agent” “$http_x_forwarded_for”‘
‘$upstream_addr $upstream_response_time $request_time ‘;
log_format log404 ‘$status [$time_local] $remote_addr $host$request_uri $sent_http_location’;
access_log logs/nginx/access.log main;
access_log logs/nginx/host.access.404.log log404;
sendfile on;
keepalive_timeout 65;
server {
listen 8010;
server_name localhost;
large_client_header_buffers 4 128k;
client_max_body_size 300m;
client_body_buffer_size 128k;
proxy_connect_timeout 600;
proxy_read_timeout 600;
proxy_send_timeout 600;
proxy_buffer_size 64k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
location /nginxstatus{
stub_status on;
access_log on;
auth_basic “nginxstatus”;
auth_basic_user_file htpasswd;
}
location ~ .*.(gif|jpg|jpeg|png)$ {
expires 24h;
root /opt/upload;
access_log /opt/nginx/logs/images.log;
proxy_store on;
proxy_store_access user:rw group:rw all:rw;
proxy_temp_path /opt/upload;
proxy_redirect off;
proxy_set_header Host 192.168.8.15;
client_max_body_size 10m;
client_body_buffer_size 1280k;
proxy_connect_timeout 900;
proxy_send_timeout 900;
proxy_read_timeout 900;
proxy_buffer_size 40k;
proxy_buffers 40 320k;
proxy_busy_buffers_size 640k;
proxy_temp_file_write_size 640k;
}
location / {
root html;
index index.html index.htm;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
5、圖片路徑權限
# ll /opt/
total 4
drwxr-xr-x. 3 root root 4096 Jan 31 13:08 upload
也可將upload目錄設置屬主為nginx用戶
# chmod nginx /opt/upload
# ll /opt/
total 4
drwxr-xr-x. 3 nginx root 4096 Jan 31 13:08 upload
upload目錄下pthoimanges存放圖片目錄屬主與屬組都為虛擬用戶映射的本地用戶(ftpuser)
#chmod -R ftpuser.ftpuser /opt/upload/pthoimanges
# ll /opt/upload/
total 4
drwxr-xr-x. 6 ftpuser ftpuser 4096 Jan 31 13:09 pthoimanges
