Debian - MinIO
Minio on Debian
Need some S3 Storage for Reasons ? Here a few Lines, how to Setup and enable TLS.
Install Minio
login as root for the whole installation. Or use sudo/doas if preferred.
Upgrade you Box
apt update && apt upgrade -y
reboot if needed
add User
Let’s add User as we don’t wanna run it as root
useradd -r minio-user -s /sbin/nologin
Get Minio
Download, set execute permission and move it
wget https://dl.min.io/server/minio/release/linux-amd64/minio
chmod +x ./minio
chown minio-user:minio-user ./minio
mv minio /usr/local/bin
Directory for Data
mkdir /usr/local/share/minio
chown minio-user:minio-user /usr/local/share/minio
Directory for Config
mkdir /etc/minio
chown minio-user:minio-user /etc/minio
Config File
if you have i3 installed … (https://ip.inno.ch/), otherwise, set your public ip by hand.
ip=$(i3 -b -4)
cat << EOF >/etc/default/minio
MINIO_ACCESS_KEY="some_access_key"
MINIO_SECRET_KEY="some_secret_key"
MINIO_VOLUMES="/usr/local/share/minio/"
MINIO_OPTS="-C /etc/minio --address ${ip}:9000"
EOF
Startup Script
get Startup Script and Reload Daemon
curl -O https://raw.githubusercontent.com/minio/minio-service/master/linux-systemd/minio.service
mv minio.service /etc/systemd/system
systemctl daemon-reload
Enable and Start Minio
systemctl enable minio
systemctl start minio
systemctl status minio
Test Minio
now, you should be able to reach your Box. If not working, check local firewall rules (ufw), or some firewalls of your hoster in front of you.
http://ip-of-your-box:9000
user: some_access_key
pass: some_secret_key
enable TLS
we wanna secure our Traffic with TLS and a given Certifacte / Private Key. Ideally, you also have a matching A/AAAA Record pointing to your Box.
install Cert & Key
copy your key/cert to /tmp first, then run:
cp /tmp/private.key /etc/minio/certs/private.key
cp /tmp/fullchain.pem /etc/minio/certs/public.crt
set permission
chown minio-user:minio-user /etc/minio/certs/private.key
chown minio-user:minio-user /etc/minio/certs/public.crt
Restart Service
systemctl restart minio
systemctl status minio
Access Portal
http://ip-of-your-box:9000
and you should be redirected to
http://ip-of-your-box:xxxx
where xxx is some Highport between 30k and 65k
Fix Mgmt Port
if you wanna run the Mgmt Portal on a certain Port, you can fix with the following snippet.
sed -i '/^MINIO_OPTS/d' /etc/default/minio
ip=$(i3 -b -4)
cat << EOF >>/etc/default/minio
MINIO_OPTS="-C /etc/minio --address ${ip}:9000 --console-address ${ip}:9001"
EOF
Reverse Proxy
if you wanna run MinIO with Standart Ports and a NGINX Reverse Proxy in Front, then you can do the following:
- Install Nginx
- minio.yourdomain.de -> S3 Storage
- console.yourdomain.de -> Console Access
Keep in Mind the TLS Termination is done with MinIO. Nginx is just listening on Port 80 and redirecting to the right Ports.
Switch the Service to Localhost
sed -i '/^MINIO_OPTS/d' /etc/default/minio
cat << EOF >>/etc/default/minio
MINIO_OPTS="-C /etc/minio --address 127.0.0.1:9000 --console-address 127.0.0.1:9001"
EOF
Restart MinIO
systemctl restart minio
systemctl status minio
Build Nginx Config
replace ‘yourdomain.de’ appropriate.
Storage: minio.yourdomain.de
Console: console.yourdomain.de
domain="yourdomain.de"
cat << 'EOF' >> /etc/nginx/sites-available/minio.conf
upstream minio {
least_conn;
server 127.0.0.1;
}
server {
listen 80;
listen [::]:80;
server_name minio.yourdomain.de;
# Allow special characters in headers
ignore_invalid_headers off;
# Allow any size file to be uploaded.
# Set to a value such as 1000m; to restrict file size to a specific value
client_max_body_size 0;
# Disable buffering
proxy_buffering off;
proxy_request_buffering off;
location / {
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_connect_timeout 300;
# Default is HTTP/1, keepalive is only enabled in HTTP/1.1
proxy_http_version 1.1;
proxy_set_header Connection "";
chunked_transfer_encoding off;
proxy_pass http://minio:9000; # This uses the upstream directive definition to load balance
}
}
server {
listen 80;
listen [::]:80;
server_name console.yourdomain.de;
# Allow special characters in headers
ignore_invalid_headers off;
# Allow any size file to be uploaded.
# Set to a value such as 1000m; to restrict file size to a specific value
client_max_body_size 0;
# Disable buffering
proxy_buffering off;
proxy_request_buffering off;
location / {
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-NginX-Proxy true;
# This is necessary to pass the correct IP to be hashed
real_ip_header X-Real-IP;
proxy_connect_timeout 300;
# To support websocket
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
chunked_transfer_encoding off;
# This uses the upstream directive definition to load balance and assumes a static Console port of 9001
proxy_pass http://minio:9001;
}
}
EOF
sed -i "s/yourdomain.de/${domain}/g" /etc/nginx/sites-available/minio.conf
Enable Service
ln -s /etc/nginx/sites-available/minio.conf /etc/nginx/sites-enabled/minio.conf
Restart Nginx
systemctl restart nginx
systemctl status nginx
Have Fun!
Any Comments ?
sha256: 66d1b29407dbee8b7b73c7eab8e05eeea0d87681dcddff639812e6cfdd500f48