nginx - build your letitbit
There was a desire to make a service similar to letitbit.net in a single country on the outskirts of Europe.
Required:
For implementation, we chose NGINX in conjunction with PHP via fastcgi.
In NGINX added:
PHP took the most common and launched through spawn-fcgi .
Put a servachok, stuffed there 12 pieces of terabyte disks.
The programmer wrote PHP code, and Maris Ruskulis came up with the following trick with rewrite for NGINX, which allows you to avoid accessing PHP when downloading a file.
As a result, the NGINX configuration looked like this:
A remarkable thing in this config is the fact that when downloading a file from a generated temporary protected link (the check is performed by secure_link), PHP is not called followed by X-Accel-Redirect .
Perhaps this solution imposes a restriction on the presence of logic in front of the file's immediate return, but nevertheless, in my opinion, is a rather original trick that allows saving a little on fastcgi.
Required:
- allow upload / download of large files;
- Do not allow republish direct links to files;
- limit the number of simultaneously downloaded files.
For implementation, we chose NGINX in conjunction with PHP via fastcgi.
In NGINX added:
- a great Nginx upload module , which allows you to avoid multiple copying of the downloaded file on the NGINX-PHP path. In addition, with a slight refinement, you can download directly to the right folder, which allows you to use simple renaming instead of copying in PHP
- the necessary patch to the secure_link module that allows you to make secure links valid for a limited time
PHP took the most common and launched through spawn-fcgi .
Put a servachok, stuffed there 12 pieces of terabyte disks.
The programmer wrote PHP code, and Maris Ruskulis came up with the following trick with rewrite for NGINX, which allows you to avoid accessing PHP when downloading a file.
As a result, the NGINX configuration looked like this:
http {
limit_zone regular $zonekey 10m;
limit_zone premium $zonekey 10m;
server {
root /www/oursiteishere;
location / { try_files $uri @files; }
location ~ \.php$ { try_files $uri @files; fastcgi_stuff_here; }
location @files { rewrite ^(.*)$ /index.php?$1 last; }
location /storage/ { root /storages/; internal; }
# Location for regular users
location ~ /download/.+/(.+)/0/.+/.*/(.+)$ {
set $fname $2;
set $username $1;
set $zonekey "$binary_remote_addr $username";
limit_conn regular 1;
limit_rate '100k';
secure_link_secret megasecret;
secure_link_ttl on;
if ($secure_link = "") { return 403; }
add_header Content-Disposition "attachment; filename*=UTF-8''$fname";
rewrite ^/download/([a-f0-9]+)/([\.~0-9a-zA-Z_]+)/([01])/([0-9]+)/(.+)/.+$ /storage/$4/$5 break;
}
# Location for premium users
# Location for upload using upload module
}
}
A remarkable thing in this config is the fact that when downloading a file from a generated temporary protected link (the check is performed by secure_link), PHP is not called followed by X-Accel-Redirect .
Perhaps this solution imposes a restriction on the presence of logic in front of the file's immediate return, but nevertheless, in my opinion, is a rather original trick that allows saving a little on fastcgi.
')
Source: https://habr.com/ru/post/76100/
All Articles