标签归档:阿里云OSS

宝塔 Linux 面板生成阿里云 OSS 绑定域名 HTTPS 证书

发表评论

背景

阿里云上面的【数字证书管理服务】在个人测试证书由之前无限量,改为20个上限,根本不够用。然后产品升级,产品改为:个人测试证书(免费版)、个人测试证书(pro)。

对比项目个人测试证书(免费版)个人测试证书(pro)
费用免费68 元/张
证书服务周期仅支持3个月(即证书的有效期是3个月,过期后必须重新申请和安装证书,运维管理成本高)SSL签发后有效期为12个月,且提供托管服务(在证书即将过期时,自动提交新证书的申请),支持最长3年的服务周期
支持的证书类型DVDV
人工客服支持不支持支持
支持保护的网站域名类型仅支持保护一个单域名。不支持后缀为特殊词的域名申请免费证书。仅支持保护一个单域名。不支持后缀为特殊词的域名申请免费证书。

免费用完了,换个思路,既然再用宝塔在维护网站,也支持生成SSL证书,开整。

方案流程

涉及到4个产品:

  1. 宝塔Linux面板、
  2. 阿里云云解析DNS(其他也行)
  3. 阿里云对象存储 OSS
  4. 阿里云数字证书管理服务

一、生成宝塔Linux面板生成SSL证书

  1. DNS:增加目标域名。如:s1.webclown.net,A记录,值为服务器IP。
  2. 宝塔:网站-创建新站点(PHP类型)
  3. 宝塔:网站-站点列表-新站点-设置-SSL-申请证书
  4. 宝塔:申请证书,成功之后不部署,下载证书。

二、把证书绑定到阿里云对象存储 OSS

  1. 宝塔:暂停站点
  2. DNS:把刚刚新增的A记录暂停解析。
  3. 阿里云:数字证书管理服务 – SSL证书管理 – 上传证书 – 选择刚刚下载的证书
  4. 阿里云:对象存储OSS – 选择对应的Bucket – Bucket设置 – 域名管理 – 新增域名
  5. 阿里云:对象存储OSS – 新增域名
    • 阿里云云解析
      • 输入域名,绑定
      • 开启自动添加CNAME解析即可
    • 其他服务商
      • 增加对应的TXT记录即可
  6. 阿里云:对象存储OSS – 域名列表 – 证书托管 – 选择对应的证书即可。

至此配置成功。

总结

免费是昂贵的,这些折腾下来几个小时过去了。这只是记录一个方案,如果你恰好想要用这种方案,也是可以的。

BTW,也可以把这套整成一个解决方案,变成一个Flow。

使用Rclone把阿里云ECS文件同步到阿里云对象存储OSS

发表评论

背景

需要把大约 25G 的图片、视频文件同步到阿里云对象存储OSS。

解决方案

1、安装 Rclone

> curl https://rclone.org/install.sh | sudo bash

2、配置 Rclone

> rclone config

No remotes found, make a new one?
n) New remote
s) Set configuration password
q) Quit config
n/s/q> n

Enter name for new remote.
name> webclown-net

Option Storage.
Type of storage to configure.
Choose a number from below, or type in your own value.
 1 / 1Fichier
   \ (fichier)
 2 / Akamai NetStorage
   \ (netstorage)
 3 / Alias for an existing remote
   \ (alias)
 4 / Amazon S3 Compliant Storage Providers including AWS, Alibaba, ArvanCloud, Ceph, ChinaMobile, Cloudflare, DigitalOcean, Dreamhost, GCS, HuaweiOBS, IBMCOS, IDrive, IONOS, LyveCloud, Leviia, Liara, Linode, Magalu, Minio, Netease, Outscale, Petabox, RackCorp, Rclone, Scaleway, SeaweedFS, Selectel, StackPath, Storj, Synology, TencentCOS, Wasabi, Qiniu and others
   \ (s3)
 5 / Backblaze B2
....
Storage> 4

Option provider.
Choose your S3 provider.
Choose a number from below, or type in your own value.
Press Enter to leave empty.
 1 / Amazon Web Services (AWS) S3
   \ (AWS)
 2 / Alibaba Cloud Object Storage System (OSS) formerly Aliyun
   \ (Alibaba)
 3 / Arvan Cloud Object Storage (AOS)
   \ (ArvanCloud)
 4 / Ceph Object Storage
   \ (Ceph)
...
provider> 2

Option env_auth.
Get AWS credentials from runtime (environment variables or EC2/ECS meta data if no env vars).
Only applies if access_key_id and secret_access_key is blank.
Choose a number from below, or type in your own boolean value (true or false).
Press Enter for the default (false).
 1 / Enter AWS credentials in the next step.
   \ (false)
 2 / Get AWS credentials from the environment (env vars or IAM).
   \ (true)
env_auth> 1

Option access_key_id.
AWS Access Key ID.
Leave blank for anonymous access or runtime credentials.
Enter a value. Press Enter to leave empty.
access_key_id> 8888888888888

Option secret_access_key.
AWS Secret Access Key (password).
Leave blank for anonymous access or runtime credentials.
Enter a value. Press Enter to leave empty.
secret_access_key> Xxxxxxxxxxxxxxxxxxxx

Option endpoint.
Endpoint for OSS API.
Choose a number from below, or type in your own value.
Press Enter to leave empty.
1 / Global Accelerate
   \ (oss-accelerate.aliyuncs.com)
 2 / Global Accelerate (outside mainland China)
   \ (oss-accelerate-overseas.aliyuncs.com)
 3 / East China 1 (Hangzhou)
   \ (oss-cn-hangzhou.aliyuncs.com)
 4 / East China 2 (Shanghai)
   \ (oss-cn-shanghai.aliyuncs.com)
 5 / North China 1 (Qingdao)
   \ (oss-cn-qingdao.aliyuncs.com)
 6 / North China 2 (Beijing)
   \ (oss-cn-beijing.aliyuncs.com)
...
endpoint> 6

Option acl.
Canned ACL used when creating buckets and storing or copying objects.
This ACL is used for creating objects and if bucket_acl isn't set, for creating buckets too.
For more info visit https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#canned-acl
Note that this ACL is applied when server-side copying objects as S3
doesn't copy the ACL from the source but rather writes a fresh one.
If the acl is an empty string then no X-Amz-Acl: header is added and
the default (private) will be used.
Choose a number from below, or type in your own value.
Press Enter to leave empty.
   / Owner gets FULL_CONTROL.
 1 | No one else has access rights (default).
....
acl>

Option storage_class.
The storage class to use when storing new objects in OSS.
Choose a number from below, or type in your own value.
Press Enter to leave empty.
 1 / Default
   \ ()
 2 / Standard storage class
   \ (STANDARD)
 3 / Archive storage mode
   \ (GLACIER)
 4 / Infrequent access storage mode
   \ (STANDARD_IA)
storage_class>

Edit advanced config?
y) Yes
n) No (default)
y/n> n

Configuration complete.
Options:
- type: s3
- provider: Alibaba
- access_key_id: 8888888888888
- secret_access_key: Xxxxxxxxxxxxxxxxxxxx
- endpoint: oss-cn-beijing.aliyuncs.com
Keep this "webclown-net" remote?
y) Yes this is OK (default)
e) Edit this remote
d) Delete this remote
y/e/d> y

Current remotes:

Name                 Type
====                 ====
webclown-net        s3

e) Edit existing remote
n) New remote
d) Delete remote
r) Rename remote
c) Copy remote
s) Set configuration password
q) Quit config
e/n/d/r/c/s/q> q

Done。接下来是同步命令:

> rclone sync /www/wwwroot/www.webclown.net/uploadfile/202201 webclown-net:webclown-net/uploadfile/202202 --progress --transfers=1
  • –progress:显示进度。
  • –transfers:使用线程上传,根据服务器带宽来配置。

其他:阿里云官方工具ossutil

使用的是「命令行工具ossutil 2.0(预览版)」,同步速度有点慢,均速在 600 kb/s 左右。传到猴年马月了。所以尝试Rclone。

同步命令:

> ossutil cp -r /www/wwwroot/www.webclown.net/uploadfile/202201 oss://webclown-net/uploadfile/202201

链接

  1. Rclone
  2. 阿里云OSS:命令行工具ossutil 2.0(预览版)