1、设置Access Policy为public
通过访问主机地址+文件的方式:http://x.x.x.x:9000/bucket/xxx.jpg
此时的规则是
2、通过MC设置存储桶或路径策略为 download
必须通过minio client才能设置下载策略
两种方式:
docker pull minio/mc
注意:此时要启动这个MC的话需要关联上之前已经启动的minio集群
docker run -it --entrypoint=/bin/sh minio/mc
mc config host add <ALIAS> <YOUR-S3-ENDPOINT> <YOUR-ACCESS-KEY> <YOUR-SECRET-KEY> [--api API-SIGNATURE]
mc config host add minio http://192.168.20.102:9000 minioadmin minioadmin --api s3v4
mc ls minio
ALIAS: 别名就是给你的云存储服务起了一个短点的外号。
S3 endpoint,access key和secret key是你的云存储服务提供的。
endpoint
access key、secret key 到这里大家肯定都知道啦。
API签名是可选参数,默认情况下,它被设置为"S3v4"。
mc anonymous set download minio/file
mc anonymous set public minio/file
cat ~/.mc/config.json
{
"version": "10",
"aliases": {
"minio": {
"url": "http://192.168.20.102:9000",
"accessKey": "minioadmin",
"secretKey": "minioadmin",
"api": "s3v4",
"path": "auto"
},
"gcs": {
"url": "https://storage.googleapis.com",
"accessKey": "YOUR-ACCESS-KEY-HERE",
"secretKey": "YOUR-SECRET-KEY-HERE",
"api": "S3v2",
"path": "dns"
},
"local": {
"url": "http://localhost:9000",
"accessKey": "",
"secretKey": "",
"api": "S3v4",
"path": "auto"
},
"play": {
"url": "https://play.min.io",
"accessKey": "Q3AM3UQ867SPQQA43P2F",
"secretKey": "zuf+tfteSlswRu7BJ86wekitnifILbZam1KYY3TG",
"api": "S3v4",
"path": "auto"
},
"s3": {
"url": "https://s3.amazonaws.com",
"accessKey": "YOUR-ACCESS-KEY-HERE",
"secretKey": "YOUR-SECRET-KEY-HERE",
"api": "S3v4",
"path": "dns"
}
}
}
通过 mc policy 命令 获取 policy 相关的所有命令如下:
# /usr/local/minio/bin/mc policy
Name:
mc policy - manage anonymous access to buckets and objects
USAGE:
mc policy [FLAGS] set PERMISSION TARGET
mc policy [FLAGS] set-json FILE TARGET
mc policy [FLAGS] get TARGET
mc policy [FLAGS] get-json TARGET
mc policy [FLAGS] list TARGET
FLAGS:
--recursive, -r list recursively
--config-dir value, -C value path to configuration folder (default: "/root/.mc")
--quiet, -q disable progress bar display
--no-color disable color theme
--json enable JSON lines formatted output
--debug enable debug output
--insecure disable SSL certificate verification
--help, -h show help
PERMISSION:
Allowed policies are: [none, download, upload, public].
FILE:
A valid S3 policy JSON filepath.
EXAMPLES:
1. Set bucket to "download" on Amazon S3 cloud storage.
$ mc policy set download s3/burningman2011
2. Set bucket to "public" on Amazon S3 cloud storage.
$ mc policy set public s3/shared
3. Set bucket to "upload" on Amazon S3 cloud storage.
$ mc policy set upload s3/incoming
4. Set policy to "public" for bucket with prefix on Amazon S3 cloud storage.
$ mc policy set public s3/public-commons/images
5. Set a custom prefix based bucket policy on Amazon S3 cloud storage using a JSON file.
$ mc policy set-json /path/to/policy.json s3/public-commons/images
6. Get bucket permissions.
$ mc policy get s3/shared
7. Get bucket permissions in JSON format.
$ mc policy get-json s3/shared
8. List policies set to a specified bucket.
$ mc policy list s3/shared
9. List public object URLs recursively.
$ mc policy --recursive links s3/shared/
查看存储桶或路径策略
# /usr/local/minio/bin/mc policy get minio/test
Access permission for `minio/test` is `public`
设置存储桶或路径策略为 download
# download 后面 跟存储桶或路径
# /usr/local/minio/bin/mc policy set download minio/test
Access permission for `minio/test` is set to `download`
# /usr/local/minio/bin/mc policy get minio/test
Access permission for `minio/test` is `download`
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": [
"*"
]
},
"Action": [
"s3:GetBucketLocation",
"s3:ListBucket"
],
"Resource": [
"arn:aws:s3:::test"
]
},
{
"Effect": "Allow",
"Principal": {
"AWS": [
"*"
]
},
"Action": [
"s3:GetObject"
],
"Resource": [
"arn:aws:s3:::test/*"
]
}
]
}
3、存储桶策略策略是private,无法访问图片,但是进行如下设置后,就可以访问图片 (图片不用分享也能访问)
