For the image server, and often need to use with nginx, nginx can use a reverse proxy features, so you need to install nginx on a linux server before you set up vsftpd, refer to the article prior to installation entry nginx installation
vsftpd server installation
Using yum installation, the following command
yum -y install vsftpd
After installation is complete, there /etc/vsftpd/vsftpd.conf file is vsftp profile.
Let's set the user name and password back again to modify the configuration file
Set ftp username
This user name is used to log in using ftp server.
Such a user to build complete, you can use this login, remember to use common logon do not use the anonymity. The default login path for the / home / ftpuser.
useradd ftpuser
After the user name setting is completed, nginx default installation directory is / usr / local / nginx / sbin / nginx, nginx configuration on the need to look at, modify nginx.conf file
into the directory
/usr/local/nginx/nginx/conf
Configuration files are as follows
#user nobody;
worker_processes 1;
#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;
#pid logs/nginx.pid;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
#log_format main '$remote_addr - $remote_user [$time_local] "$request" '
# '$status $body_bytes_sent "$http_referer" '
# '"$http_user_agent" "$http_x_forwarded_for"';
#access_log logs/access.log main;
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
#gzip on;
#设置上游服务器,端口是要没有被占用的
upstream zhouym{
server 127.0.0.1:8080 weight=1; #weight表示权重,谁的权重大则表示请求被分配的机会越大
server 127.0.0.1:8081 weight=2;
}
server {
listen 80;
server_name localhost;
#charset koi8-r;
#access_log logs/host.access.log main;
#/表示拦截所有的请求
location / {
proxy_pass http://zhouym; #这里的名字就是上面设置的上游服务器的的名字
proxy_redirect default;
#root html;
#index index.html index.htm;
}
#拦截所有的请求,括号中为静态资源的匹配规则
location ~ .*\.(js|css|ico|png|jpg|eot|svg|ttf|woff|html|txt|pdf|) {
#所有静态文件直接读取硬盘
root /home/ftpuser;
expires 30d; #缓存30天
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
# proxy the PHP scripts to Apache listening on 127.0.0.1:80
#
#location ~ \.php$ {
# proxy_pass http://127.0.0.1;
#}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
#location ~ \.php$ {
# root html;
# fastcgi_pass 127.0.0.1:9000;
# fastcgi_index index.php;
# fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
# include fastcgi_params;
#}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}
# another virtual host using mix of IP-, name-, and port-based configuration
#
#server {
# listen 8000;
# listen somename:8080;
# server_name somename alias another.alias;
# location / {
# root html;
# index index.html index.htm;
# }
#}
# HTTPS server
#
#server {
# listen 443 ssl;
# server_name localhost;
# ssl_certificate cert.pem;
# ssl_certificate_key cert.key;
# ssl_session_cache shared:SSL:1m;
# ssl_session_timeout 5m;
# ssl_ciphers HIGH:!aNULL:!MD5;
# ssl_prefer_server_ciphers on;
# location / {
# root html;
# index index.html index.htm;
# }
#}
}
Set a password for the user ftp
passwd ftpuser
You need to enter the password twice
Firewall open port 21
Because ftp default port is 21, while centos default is not open, so to modify iptables file
under / etcsysconfig / iptables, but after entering the file and did not find it iptables file, only ip6tables-config and iptables-config so the two documents. centos7 default iptables is not a file, if the Firewall, need to update or reinstall the firewall service.
Specific solutions:
1. installing or updating iptables-services
yum install iptables-services;
2. Start iptables
systemctl enable iptables
This time, / etc / sysconfig directory will have iptables files.
3. Open iptables
systemctl start iptables
4. Edit
vim / etc / sysconfig / iptables
follows:
# sample configuration for iptables service
# you can edit this manually or use system-config-firewall
# please do not ask us to add additional ports/services to this default configuration
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 21 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT
~
~
~
"/etc/sysconfig/iptables" 17L, 754C
Port 22 -j ACCEPT the following new line, the same content, just put 22 into 21, and then create a new row in the open port 80, then: wq save.
5. Restart the firewall
service iptables restart
Modify selinux
Outside the network can access up, but found not return directory (using ftp active mode, passive mode or inaccessible), or upload can not, because selinux mischief.
Modify selinux:
Execute the following command to view the status:
getsebool -a | grep ftp
Discovery packet SELinux is disabled
This means selinux has been completely shut down, if you need to re-open selinux, execute the following command:
vi /etc/selinux/config
Change: SELINUX = 1
then you must restart the linux, is not no way to immediately restart open selinux and reboot again finished in the implementation of service iptables restart it
After executing the following command to check the status of
getsebool -a | grep ftp
See these two lines are off, on behalf of, it is not open to access the Internet, we need to open the external network access, according to your prefix to
execute the following command set to open external network access
setsebool -P allow_ftpd_full_access on
setsebool -P ftp_home_dir on
This should be no problem (if, or not, see if it is with the ftp client tools using the passive mode access, such as the prompt Entering Passive mode, on behalf of a passive mode, the default does not work, because the ftp passive mode is iptables blocked, the following will talk about how to open, if not bother to open the case, take a look at the options if you have a port mode ftp client, or the option of removing the passive mode. If the client does not work, look on the client host the computer is open a firewall, if you turn off the firewall turned on)
Turn off anonymous access
Vim /etc/vsftpd/vsftpd.conf modify the file
and then restart the iptables Service
service vsftpd restart
Turn passive mode
Is enabled by default, but to specify a range of ports, or open /etc/vsftpd/vsftpd.conf file, followed by the
pasv_min_port = 30,000
pasv_max_port = 30999
indicates the port range of 30000 to 30999, this can be freely changed. Change complete restart the vsftpd
service vsftpd restart
Because of this specified port range, iptables also appropriate to open this range, so open iptables file as above.
/ etc / sysconfig / iptables
is new on line 21 below, the content is almost, just need to read 21 30000: 30999, then: wq save and restart under iptables.
Set boot vsftpd ftp service
Run the following command
chkconfig vsftpd on
We, server configuration information in application.properties in spring boot project
ftp.host=10.0.0.11 //图片服务器的地址
ftp.port=21 //默认21端口
ftp.username=ftpuser //前面设置的用户名
ftp.password=123456 //用户的密码
ftp.base_path=/home/ftpuser //图片在服务器中存放的地址
Upload backend defined interfaces
package com.zhouym.baiwei.controller.dishes;
import com.zhouym.baiwei.bean.Food;
import com.zhouym.baiwei.bean.RespBean;
import com.zhouym.baiwei.service.FoodService;
import com.zhouym.baiwei.utils.FtpProperties;
import com.zhouym.baiwei.utils.FtpUtil;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.bind.annotation.*;
import org.springframework.web.multipart.MultipartFile;
import javax.servlet.http.HttpServletRequest;
import java.io.File;
import java.io.IOException;
import java.text.SimpleDateFormat;
import java.util.Date;
import java.util.HashMap;
import java.util.Map;
import java.util.UUID;
/**
* 〈〉
*
* @author zhouym
* @create 2019/8/29
* @since 1.0.0
*/
@RestController
@RequestMapping("/food/mana")
public class FoodController {
@Autowired
FoodService foodService;
@Autowired
FtpProperties ftpProperties;
SimpleDateFormat sdf = new SimpleDateFormat("/yyyy/MM/dd/");
/**
*@Description 图片上传接口
*@Param [file, food, req] 文件对象,实体类、httpservletrequest请求对象
*@Return com.zhouym.baiwei.bean.RespBean
*@Author zhouym
*@Date 2019/8/29
*@Time 10:48
*/
@PostMapping("/icon")
public RespBean updateFoodIcon(MultipartFile file, Food food, HttpServletRequest req) {
String realPath = req.getServletContext().getRealPath("/img");
String format = sdf.format(new Date());
File folder = new File(realPath + format);
if (!folder.exists()) {
folder.mkdirs();
}
String oldName = file.getOriginalFilename();
String newName = UUID.randomUUID().toString() + oldName.substring(oldName.lastIndexOf("."));
try {
FtpUtil.uploadFile(ftpProperties.getHost(), ftpProperties.getPort(), ftpProperties.getUsername(), ftpProperties.getPassword(), ftpProperties.getBasePath(), format, newName, file.getInputStream());
food.setIcon("http://" + ftpProperties.getHost() + ":80" + format + newName);
if (foodService.updateFoodIcon(food) == 1) {
return RespBean.ok("更新成功");
}
} catch (IOException e) {
e.printStackTrace();
}
return RespBean.error("更新失败");
}
}
FTP upload tool category reference articles on FTP upload tool like
front-end request
after upload pictures to see if we have the picture server, enter / home / ftpuser / 2019/08 /29 directory
successfully uploaded, the page to see pictures of address see if you can access
