目录
前言
云服务器用起来感觉最难受的就是带宽了,国内的云服务器普遍带宽都很小,但买国外或者香港的话延迟大还容易被封IP。一般网站/app最占带宽的是图片和音视频等文件的上传下载,下面我们要聊的cos和cdn就是解决这个问题来的。
简介
对象存储COS
- 对象存储不同于我们平时操作系统里的文件存储,它就像一个map,存储的所有文件都有一个唯一的名称作为key,文件内容作为value。而没有目录的概念。
- 这样做的意义在于,当文件很多,目录结构深时,文件存储需要根据那颗目录树一步一步找到文件,显然是比对象存储直接按文件名一步到位得到要来得慢。
- 但目前很多云服务厂商都有在对象存储上提供目录功能,这大多是模拟出来的。比如腾讯云是将文件名中的 / 识别为目录模拟得到的。
- 比如:放进两个文件:
- aaa.txt
- wow/abc.cpp
- 由于 "wow/abc.cpp" 的文件名带有 / ,则可以模拟解析为是放在wow目录下,存在一个文件叫abc.cpp。
- 我们使用云服务提供的COS来替换我们的服务器实现文件的上传和下载。一般云服务COS不限制下载速度,且用户上传也免费。但用户的下载流量、存储空间占用、请求次数是要收钱的。
- 注意这不是三选一的问题,是三个方面都要收钱的!
- 比如:在一个月的时间里,我们向COS上传了 100 MB 文件,发送过 1 w 次读写请求,且用户外网下载文件使用过 10G 的流量。
- 那么结算时,需要支付:A + B + C
- A:100M/1个月 的存储空间占用费用
- B:1w次读取请求费用
- C:外网下载 10 G 流量费用
- 显然,外网下载流量很容易被人攻击,盗刷流量,然后疯狂扣流量包扣费,容易出现一觉醒来,没了一套海景房的刺激。后面我们用CDN来防止一部分攻击,因为COS的流量费比CDN贵非常多,而且CDN能设置更多的访问限制,降低被攻击的损失,所以可以用CDN抗在前面。
CDN
- cdn的用途很广泛,由于用户在地域上分布全国甚至全球各地,而我们的服务器一般是只在一个或几个地方而已,cdn在地域上可以分散多个节点,作为一个中间人,缓存用户访问服务器上的文件,并在用户下一次请求这个文件时,cdn就可以直接提供给用户,而不需要大老远来请求服务器,提高用户的访问速度。
- 这里我们可以利用这个特性,且其价格低,来帮助COS降低被攻击的损失。
使用问题
盗刷COS流量
- 前面我们已经提到,COS的外网下载流量是比较贵的,而且速度快,容易被攻击刷流量。
- 解决办法:
- 把COS访问权限设置为 私有读私有写
- 当用户需要上传文件时,使用云厂商提供的SDK,服务端预签名上传文件的URL,并将签名后的链接发送给用户,客户端只能按照签名链接指定参数、请求头、请求类型的上传文件到COS,上传不需要使用CDN。
- 当用户需要下载时,使用SDK获取COS上对应文件名的文件链接,并将链接的域名替换为CDN的域名,然后返回替换后的链接给用户下载文件,并在CDN设置限制IP访问速度、下载速度等限制即可。
防盗链/限速
- 由于浏览器不允许伪造请求头中的Referer、Host、Origin,因此可以在CDN/COS都配置防盗链,限制请求的Referer。这个可以阻止别人的网站直接把你的资源链接放到他的网站使用的情况,减少一些被偷资源流量的问题,但他直接下载你的资源然后上传到他的服务器还是可以的。
- 注意网页是可以指定浏览器不携带Referer的,即请求是空Referer。而在浏览器直接敲网址进入网页时的请求也是空Referer,你需要考虑是否需要允许空Referer的请求。防盗链挡不住客户端请求,因为客户端是可以随意伪造请求中的任意值的。如APP、nodejs、命令行、服务端程序等,只要是非标准浏览器环境就可以随意伪造。
- 在CDN中,可以限制下载速度、IP访问速度等。
https网站中使用http资源
- 由于CDN的Https目前很多云厂商是收费的,虽然不贵,但也是钱。
- 如果你CDN访问使用了http,但网站是https协议时,直接在https网站里获取http资源(图片、音视频等)会被浏览器认为是不安全的,并在浏览器的开发者工具中打印警告,但也是能用的。但默认不会带上Referer,因此如果你设置了防盗链不允许空Referer的话,就有问题了,这个时候可以在网页的<head></head>中添加配置:<meta content="always" name="referrer" >,这样浏览器在获取Http资源时也会带上Referer了
- https网站中发起http请求是不允许的!
上传文件大小/数量限制
- 用户向我们的服务端申请用于上传文件的预签名URL时,需要携带参数:文件大小、文件MD5,然后我们可以指定该链接发送时必须携带:
- Content-Length=500
- x-cos-meta-md5: {文件md5值}
- 由此就可以防止用户拿到预签名URL后,上传了其他文件的问题
- 文件大小限制,就是在我们服务端给预签名URL时进行检查。
- 文件数量限制,可以将用户、IP获取上传链接时写入数据库记录,根据这个记录来设计用户上传文件的数量和总大小等。
腾讯云COS的SDK/c++
- 整了老半天,终于写好了cmakelist能编译运行release,但debug版一直找不到链接符号。
- 看了大概是因为他是SDK源码里有一个文件夹three-party存放了已经编译好的第三方依赖库,但这些库是release的,因此需要我们编译debug的依赖库。但我的项目里也依赖openssl,改来改去才能release,最终debug版放弃了。
- 后来开始用上go了,学1天然后上手引入他的sdk和框架开发完cos相关的接口。有c基础还是很快上手的。
Technological improvements have grown to be centralオナドール in all aspects of our lives, including the subject of sexuality.
x people are watching this item,” unnecessary countdown timers, etc. Those are fake, deceptive, and unprofessional.
Another choice For those who have wood flooring エロ 人形is to maneuver the box in phases. If the box comes upright, as in the image higher than, you can begin by diligently easing one facet of it all the way down to the ground inside the way you would like to go it.
Our testers could not locate a standard denominator;ドール エロ neither elements nor brand name looked as if it would affect their availability.
top casino
online casinos
Nice post. I was checking continuously this weblog and I
am inspired! Extremely useful information specially the
remaining section 🙂 I maintain such information a lot. I used to be looking for this particular info for a long time.
Thanks and good luck.
に魅力的で現実的なオプションを幅広くオナドール提供することで、男性的な存在の魅力を称賛しています。
Toughness commences with resources, which involve different ラブドール 中古upkeep stages determined by the way you use them.
Roofing Oshawa Url: https://www.expatriates.com/cls/55919532.html Phone: 647-477-2056 372-378 Chaleur Ave Oshawa, Ontario L1J 6N7 Your power to break down intricate topics sets you apart. Keep it up!
After all, what a great site and informative posts, I will upload inbound link – bookmark this web site? Regards, Reader.Seo Paketi Skype: By_uMuT@KRaLBenim.Com -_- live:by_umut
Thank you great posting about essential oil. Hello Administ . Seo Paketi Skype: By_uMuT@KRaLBenim.Com -_- live:by_umut
Everything is very open and very clear explanation of issues. was truly information.Seo Paketi Skype: By_uMuT@KRaLBenim.Com -_- live:by_umut
Good ѡay oof describing, and nice article t᧐ take data
concerning my presentation toρic, which i am going to present
in institution of higher education. https://csirt.tanahbumbukab.go.id/singha/?instagram=palu4d
Thank you for great article. Hello Administ .Seo Paketi Skype: By_uMuT@KRaLBenim.Com -_- live:by_umut
Hello! I could have sworn I’ve been to this blog before but after browsing through some of the post I realized it’s new to me.Seo Paketi Skype: By_uMuT@KRaLBenim.Com -_- live:by_umut
I will immediately snatch your rss feed as I can’t in finding your e-mail subscription hyperlink or e-newsletter service.
Do you’ve any? Please permit me understand in order that I may subscribe.
Thanks.
Hi there, constantly i used to check weblog posts here early in the dawn, since i love to learn more and more.
Thanks for finally writing about > [腾讯云/COS/CDN]对象存储和CDN配合 – 猫薄荷 < Liked it!
best fish and ski boats https://medium.com/@bouchardju35/top-fish-and-ski-boat-brands-65b44763b8fa
It is perfect time to make a few plans for the longer
term and it is time to be happy. I’ve learn this publish and if I
may I desire to counsel you some interesting issues or advice.
Perhaps you can write subsequent articles regarding this article.
I desire to learn more things approximately it!
BeYourLoverでToyCod TARAシリーズ全4種工場直売り、いざ吸うやつが肝心の部位に当たった途端、足の裏がつるようなビリビリとした痺れと何も考えられないほどの気持ちよさ。予測不能な快感の波に溺れることができる女性おもちゃクリ責めです!
I really like reading through a post that can make men and women think. Also, thank you for allowing me to comment!
Heya! I just wanted to ask if you ever have any trouble with hackers?
My last blog (wordpress) was hacked and I ended up losing a few months of hard work due to no backup.
Do you have any solutions to prevent hackers?
teraryum malzemeleri
veganchoicecbd.com
Zhang Jing이 떠나려고 할 때 많은 아이들이 눈에 사랑스러운 별을 들고 그를 따라갔습니다.
you are actually a excellent webmaster. The site loading speed is amazing.
It sort of feels that you are doing any distinctive trick.
In addition, The contents are masterpiece. you have done a great activity on this subject!
A naked person probably sleeps with crystals under her pillow to ward off negative stuff and leaves candles burningラブドール オナニー and pees with the door open. I think I’m naked the appropriate amount.
Opéré par MTM corp, société licenciée et soumise aux
lois de Curaçao, le casino Lucky31 est présent sur
le marché des casinos en ligne depuis plusieurs années.
Le Kings Chance Casino propose à ses adhérents une multitude de jeux de cartes très passionnants et très
lucratifs.
Terrific Site, Continue the wonderful work. Appreciate it!
https://www.kariera24.info
I love reading an article that will make men and women think.
Also, many thanks for allowing for me to comment!
Pretty! This has been a really wonderful post. Many thanks for providing these details.
There is definately a lot to find out about this subject. I like all the points you made
What’s up colleagues, good paragraph and pleasant urging commented here, I am truly enjoying by these.
Thank you for sharing your info. I truly appreciate your efforts and I will
be waiting for your next write ups thanks once again.
https://avto-dublikat.ru/
I really like your blog.. very nice colors & theme.
Did you create this website yourself or did you hire someone
to do it for you? Plz respond as I’m looking to create my own blog and would like to find out where u
got this from. cheers
Maintain the spectacular job !! Lovin’ it!
mojegliwice.pl
Presa din Romania Ziare online, stiri de actualitate din Romania Presa din Romania.
Really wished to emphasize Now i’m thankful that i happened upon your
page!
https://www.ta-praca.pl
Really wished to mention I’m happy I stumbled on your web page!
https://www.pilska.tv
Great looking site. Presume you did a bunch of your own html coding.
https://www.kurier-lokalny.com
The stuff is incredibly significant.
https://www.kopalniapracy.pl
Hello would you mind stating which blog platform you’re
using? I’m planning to start my own blog in the near future but
I’m having a tough time making a decision between BlogEngine/Wordpress/B2evolution and Drupal.
The reason I ask is because your design seems different then most blogs
and I’m looking for something completely unique.
P.S Apologies for being off-topic but I had to ask!
qiyezp.com
그는 세상에서 가장 놀라운 일을 만나도 침착함을 유지한다.
Great looking website. Think you did a great deal of your very own html coding.
https://www.polskapraca.info
Link exchange is nothing else but it is just placing the other
person’s website link on your page at appropriate place
and other person will also do similar in support of you.
You’re a very beneficial web site; could not make it without ya!
https://www.oto-praca.pl
Fantastic page, Preserve the excellent work.
Thanks a ton!
https://izyrardow.pl
Great web site! It looks extremely good! Keep up the great work!
jg24.pl