更安全的alist手动安装挂载本机存储并使用nginx反代
alist的手动安装挂载本机存储并使用nginx反代
一、下载最新alist软件包
wget https://github.com/alist-org/alist/releases/download/v3.36.0/alist-linux-amd64.tar.gz
二、手动安装alist
1. 创建alist目录
sudo mkdir /opt/alist
#创建运行alist的用户
sudo useradd -r -s /usr/sbin/nologin -d /opt/alist -U -M alist
-r
:创建一个系统账户。-s
: /usr/sbin/nologin:禁止登录。-d
: /opt/ddnsgo:设置用户家目录,-U
:创建一个同名组。-M
:不创建家目录。
2. 解压到alist目录
sudo tar -xzvf alist-linux-amd64.tar.gz -C /opt/alist
3. 创建alist的systemd服务
sudo tee /etc/systemd/system/alist.service << EOF
[Unit]
Description=Alist service
Wants=network.target
After=network.target network.service
[Service]
Type=simple
WorkingDirectory=/opt/alist
ExecStart=/opt/alist/alist server
KillMode=process
User=alist
Group=alist
[Install]
WantedBy=multi-user.target
EOF
4. 赋权启动alist服务修改alist配置文件
sudo chown -R alist:alist /opt/alist
#重载systemd 启动alist
sudo systemctl daemon-reload
sudo systemctl enable alist --now
#修改本地监听
sudo sed -i 's/0.0.0.0/127.0.0.1/g' /opt/alist/data/config.json
sudo systemctl restart alist
#设置admin登录密码
sudo /opt/alist/alist admin set YOUR_PASSWORD
5. 配置alist挂载本地存储
#创建本地目录
sudo mkdir /storage
sudo chown -R alist:alist /sotrage
#设置组的粘滞位权限,新文件和目录继承alist组
sudo chmod -R 2774 /storage
#将当前普通用户添加到alist组中,方便文件管理
sudo usermod -aG alist ubuntu
web页面中,驱动选择本机存储
,挂载路径填/本机存储
,根文件夹路径填/storage
三、配置nginx反代
接上节ddnsgo,稍作修改即可
sudo tee /etc/nginx/conf.d/alist.conf << EOF
server
{
listen 80;
listen [::]:80;
server_name yoursite;
return 301 https://$host$request_uri;
}
server
{
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name yoursite;
charset utf-8;
ssl_certificate /etc/nginx/ssl/cer.pem;
ssl_certificate_key /etc/nginx/ssl/key.pem;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
ssl_ciphers "TLS13-AES-256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-128-GCM-SHA256:TLS13-AES-128-CCM-8-SHA256:TLS13-AES-128-CCM-SHA256:EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5";
ssl_session_cache builtin:1000 shared:SSL:10m;
# openssl dhparam -out /etc/nginx/ssl/dhparam.pem 2048
#ssl_dhparam /etc/nginx/ssl/dhparam.pem;
location / {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $host:$server_port;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Range $http_range;
proxy_set_header If-Range $http_if_range;
proxy_redirect off;
proxy_pass http://127.0.0.1:5244;
# the max size of file to upload
client_max_body_size 20000m;
}
access_log /var/log/nginx/alist-access.log;
error_log /var/log/nginx/alist-error.log;
}
EOF
总结
alist完全可以不使用root用户运行,缩紧权限挂载本地存储更安全。