silverstripe/s3 问题修复 & 功能扩展

解决BUG、新增功能、兼容多环境部署,快速响应你的开发需求

邮箱:yvsm@zunyunkeji.com | QQ:316430983 | 微信:yvsm316

silverstripe/s3

Composer 安装命令:

composer require silverstripe/s3

包简介

Adds SilverStripe support for using the S3 adapter for Flysystem

README 文档

README

SilverStripe module to store assets in S3 rather than on the local filesystem.

composer require silverstripe/s3

Warning

This module does not currently implement any kind of bucket policy for protected assets. It is up to you to implement this yourself using AWS bucket policy.

Caution

This replaces the built-in local asset store that comes with SilverStripe with one based on S3. Any files that had previously been uploaded to an existing asset store will be unavailable (though they won't be lost - just run composer remove silverstripe/s3 to remove the module and restore access).

Environment setup

The module requires a few environment variables to be set.

  • AWS_REGION: The AWS region your S3 bucket is hosted in (e.g. eu-central-1)
  • AWS_BUCKET_NAME: The name of the S3 bucket to store assets in.

If running outside of an EC2 instance it will be necessary to specify an API key and secret.

  • AWS_ACCESS_KEY_ID: Your AWS access key that has access to the bucket you want to access
  • AWS_SECRET_ACCESS_KEY: Your AWS secret corresponding to the access key

Example YML Config when running outside of EC2:

---
Only:
    envvarset: AWS_BUCKET_NAME
After:
    - "#assetsflysystem"
---
SilverStripe\Core\Injector\Injector:
    Aws\S3\S3Client:
        constructor:
            configuration:
                region: "`AWS_REGION`"
                version: latest
                credentials:
                    key: "`AWS_ACCESS_KEY_ID`"
                    secret: "`AWS_SECRET_ACCESS_KEY`"

(Optional) CDN Implementation

If you're serving assets from S3, it's recommended that you utilize CloudFront. This improves performance and security over exposing from S3 directly.

Once you've set up your CloudFront distribution, ensure that assets are reachable within the assets directory of the cdn (for example; https://cdn.example.com/assets/Uploads/file.jpg) and set the following environment variable:

  • AWS_PUBLIC_CDN_PREFIX: Your CloudFront distribution domain that has access to the bucket you want to access

For example, adding this to your .env:

AWS_PUBLIC_CDN_PREFIX='https://cdn.example.com/'

will change your URLs from something like:

https://s3.ap-southeast-2.amazonaws.com/mycdn/public/example/live/assets/Uploads/file.jpg

to something like:

https://cdn.example.com/assets/Uploads/file.jpg

You can override the default /assets/ path by declaring the PublicCDNAdapter constructor, with the parameter for the cdnAssetsDir set to a string of your folder name. In your app/_config/assets.yml file add the following:

---
Name: app#silverstripes3-cdn
Only:
    envvarset: AWS_PUBLIC_CDN_PREFIX
After:
    - "#assetsflysystem"
    - "#silverstripes3-flysystem"
---
SilverStripe\Core\Injector\Injector:
    SilverStripe\Assets\Flysystem\PublicAdapter:
        class: SilverStripe\S3\Adapter\PublicCDNAdapter
        constructor:
            s3Client: '%$Aws\S3\S3Client'
            bucket: "`AWS_BUCKET_NAME`"
            prefix: "`AWS_PUBLIC_BUCKET_PREFIX`"
            visibility: null
            mimeTypeDetector: null
            cdnPrefix: "`AWS_PUBLIC_CDN_PREFIX`"
            options: []
            cdnAssetsDir: "cms-assets" # example of a custom assets folder name

Configuration

Assets are classed as either 'public' or 'protected' by SilverStripe. Public assets can be freely downloaded, whereas protected assets (e.g. assets not yet published) shouldn't be directly accessed.

The module supports this by streaming the contents of protected files down to the browser via the web server (as opposed to linking to S3 directly) by default. To ensure that protected assets can't be accessed, ensure you setup an appropriate bucket policy (see below for an untested example).

Configuring S3

The 'protected' S3 asset store should be protected using standard AWS IAM policies that disallow all access to anonymous users, but still allow the action s3:GetObject for both public and protected files. Protected files will be streamed from AWS, so they do not need to be accessed by users directly. Therefore, something similar to the following bucket policy may be useful.

Make sure you replace <bucket-name> below with the appropriate values.

Note: The below policy has not been extensively tested - feedback welcome.

{
    "Policy": {
        "Version": "2012-10-17",
        "Statement": [
            {
                "Sid": "AddPerm",
                "Effect": "Allow",
                "Principal": "*",
                "Action": "s3:GetObject",
                "Resource": "arn:aws:s3:::<bucket-name>/public/*"
            }
        ]
    }
}

If you are utilizing a CloudFront distribution for your public assets, you will have the option of securing your S3 bucket against all public access while still allowing access to your public files via your CloudFront distribution and access to your protected files via signed URLs.

For developers

Read Setting up a local sandbox for developing the Silverstripe S3 module if you wish to do some local development.

Performance

This module comes with a basic in-memory cache for calls to S3. It is highly recommended to add an additional layer of caching to achieve the best results.

See https://docs.silverstripe.org/en/5/developer_guides/performance/caching/ for more information.

Name: silverstripes3-flysystem-memcached
After:
    - "#silverstripes3-flysystem"
---
SilverStripe\Core\Injector\Injector:
    MemcachedClient:
        class: "Memcached"
        calls:
            - [addServer, ["localhost", 11211]]
    MemcachedCacheFactory:
        class: 'SilverStripe\Core\Cache\MemcachedCacheFactory'
        constructor:
            client: "%$MemcachedClient"
    SilverStripe\Core\Cache\CacheFactory: "%$MemcachedCacheFactory"

Uninstalling

Run composer remove silverstripe/s3 to remove the module.

silverstripe/s3 适用场景与选型建议

silverstripe/s3 是一款 基于 PHP 开发的 Composer 扩展包,目前已累计 344.28k 次下载、GitHub Stars 达 19, 最近一次更新时间为 2017 年 09 月 11 日, 在 PHP 生态内属于活跃度较高的组件。

它主要适用于以下技术方向: 「filesystem」 「s3」 「aws」 「silverstripe」 等业务场景。在实际项目中,围绕这些方向常见需要落地的问题包括:接口对接、性能调优、并发安全、与既有框架(Laravel / ThinkPHP / Yii / Webman 等)的兼容适配,以及生产环境的日志埋点与稳定性保障。

我们在过去多个企业项目中使用过 silverstripe/s3 或与其功能相近的方案,如果你在选型或落地过程中遇到问题,例如 版本兼容、二次改造、私有化封装、与内部系统对接、生产 BUG 排查,欢迎联系我们协助评估。

围绕 silverstripe/s3 我们能提供哪些服务?
定制开发 / 二次开发

基于 silverstripe/s3 在你已有业务上做功能扩展、字段裁剪、UI 适配、与内部账号 / 权限 / 日志系统的深度对接。

BUG 修复 & 性能优化

线上偶发问题、内存泄漏、慢查询、并发异常等排查修复;针对高流量场景做缓存、队列、索引层面的调优。

项目外包 & 长期维护

承接完整的项目从需求 → 设计 → 开发 → 上线 → 长期运维;也可按月提供技术保姆服务。

yvsm@zunyunkeji.com QQ:316430983 微信:yvsm316 西安尊云信息科技 · 专注 PHP / Go / 分布式系统研发

统计信息

  • 总下载量: 344.28k
  • 月度下载量: 0
  • 日度下载量: 0
  • 收藏数: 19
  • 点击次数: 24
  • 依赖项目数: 1
  • 推荐数: 0

GitHub 信息

  • Stars: 19
  • Watchers: 11
  • Forks: 26
  • 开发语言: PHP

其他信息

  • 授权协议: BSD-3-Clause
  • 更新时间: 2017-09-11