Debian - MinIO

Linux
Page content

Minio on Debian

Need some S3 Storage for Reasons ? Here a few Lines, how to Setup and enable TLS.

Install Minio

login as root for the whole installation. Or use sudo/doas if preferred.

Upgrade you Box

apt update && apt upgrade -y

reboot if needed

add User

Let’s add User as we don’t wanna run it as root

useradd -r minio-user -s /sbin/nologin

Get Minio

Download, set execute permission and move it

wget https://dl.min.io/server/minio/release/linux-amd64/minio
chmod +x ./minio
chown minio-user:minio-user ./minio
mv minio /usr/local/bin

Directory for Data

mkdir /usr/local/share/minio
chown minio-user:minio-user /usr/local/share/minio

Directory for Config

mkdir /etc/minio
chown minio-user:minio-user /etc/minio

Config File

if you have i3 installed … (https://ip.inno.ch/), otherwise, set your public ip by hand.

ip=$(i3 -b -4)
cat << EOF >/etc/default/minio
MINIO_ACCESS_KEY="some_access_key"
MINIO_SECRET_KEY="some_secret_key"

MINIO_VOLUMES="/usr/local/share/minio/"
MINIO_OPTS="-C /etc/minio --address ${ip}:9000"
EOF

Startup Script

get Startup Script and Reload Daemon

curl -O https://raw.githubusercontent.com/minio/minio-service/master/linux-systemd/minio.service
mv minio.service /etc/systemd/system
systemctl daemon-reload

Enable and Start Minio

systemctl enable minio
systemctl start minio
systemctl status minio

Test Minio

now, you should be able to reach your Box. If not working, check local firewall rules (ufw), or some firewalls of your hoster in front of you.

http://ip-of-your-box:9000
user: some_access_key
pass: some_secret_key

enable TLS

we wanna secure our Traffic with TLS and a given Certifacte / Private Key. Ideally, you also have a matching A/AAAA Record pointing to your Box.

install Cert & Key

copy your key/cert to /tmp first, then run:

cp /tmp/private.key /etc/minio/certs/private.key
cp /tmp/fullchain.pem /etc/minio/certs/public.crt

set permission

chown minio-user:minio-user /etc/minio/certs/private.key
chown minio-user:minio-user /etc/minio/certs/public.crt

Restart Service

systemctl restart minio
systemctl status minio

Access Portal

http://ip-of-your-box:9000

and you should be redirected to

http://ip-of-your-box:xxxx

where xxx is some Highport between 30k and 65k

Fix Mgmt Port

if you wanna run the Mgmt Portal on a certain Port, you can fix with the following snippet.

sed -i '/^MINIO_OPTS/d' /etc/default/minio
ip=$(i3 -b -4)
cat << EOF >>/etc/default/minio
MINIO_OPTS="-C /etc/minio --address ${ip}:9000 --console-address ${ip}:9001"
EOF

Reverse Proxy

if you wanna run MinIO with Standart Ports and a NGINX Reverse Proxy in Front, then you can do the following:

  • Install Nginx
  • minio.yourdomain.de -> S3 Storage
  • console.yourdomain.de -> Console Access

Keep in Mind the TLS Termination is done with MinIO. Nginx is just listening on Port 80 and redirecting to the right Ports.

Switch the Service to Localhost

sed -i '/^MINIO_OPTS/d' /etc/default/minio
cat << EOF >>/etc/default/minio
MINIO_OPTS="-C /etc/minio --address 127.0.0.1:9000 --console-address 127.0.0.1:9001"
EOF

Restart MinIO

systemctl restart minio
systemctl status minio

Build Nginx Config

replace ‘yourdomain.de’ appropriate.

Storage: minio.yourdomain.de

Console: console.yourdomain.de

domain="yourdomain.de"

cat << 'EOF' >> /etc/nginx/sites-available/minio.conf
upstream minio {
least_conn;
server 127.0.0.1;
}

server {
listen 80;
listen [::]:80;
server_name minio.yourdomain.de;

# Allow special characters in headers

ignore_invalid_headers off;

# Allow any size file to be uploaded.

# Set to a value such as 1000m; to restrict file size to a specific value

client_max_body_size 0;

# Disable buffering

proxy_buffering off;
proxy_request_buffering off;

location / {
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;

      proxy_connect_timeout 300;
      # Default is HTTP/1, keepalive is only enabled in HTTP/1.1
      proxy_http_version 1.1;
      proxy_set_header Connection "";
      chunked_transfer_encoding off;

      proxy_pass http://minio:9000; # This uses the upstream directive definition to load balance

}
}

server {

listen 80;
listen [::]:80;
server_name console.yourdomain.de;

# Allow special characters in headers

ignore_invalid_headers off;

# Allow any size file to be uploaded.

# Set to a value such as 1000m; to restrict file size to a specific value

client_max_body_size 0;

# Disable buffering

proxy_buffering off;
proxy_request_buffering off;

location / {
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-NginX-Proxy true;

      # This is necessary to pass the correct IP to be hashed
      real_ip_header X-Real-IP;

      proxy_connect_timeout 300;

      # To support websocket
      proxy_http_version 1.1;
      proxy_set_header Upgrade $http_upgrade;
      proxy_set_header Connection "upgrade";

      chunked_transfer_encoding off;

      # This uses the upstream directive definition to load balance and assumes a static Console port of 9001
      proxy_pass http://minio:9001;

}
}
EOF
sed -i "s/yourdomain.de/${domain}/g" /etc/nginx/sites-available/minio.conf

Enable Service

ln -s /etc/nginx/sites-available/minio.conf /etc/nginx/sites-enabled/minio.conf

Restart Nginx

systemctl restart nginx
systemctl status nginx

Have Fun!

Any Comments ?

sha256: 66d1b29407dbee8b7b73c7eab8e05eeea0d87681dcddff639812e6cfdd500f48