MinIO Installation and Configuration Guide

sammy_cloud

Samuel Ajisafe

Posted on August 6, 2024

MinIO Installation and Configuration Guide

MinIO is an object storage system released under the GNU Affero General Public License v3.0. It is API-compatible with the Amazon S3 cloud storage service, capable of handling unstructured data like photos, videos, log files, backups, and container images, with a maximum supported object size of 50TB.

Architecture
MinIO's storage stack consists of three major components:

MinIO Server: The main server application.
MinIO Client (mc): A command-line client for object and file management with any Amazon S3-compatible servers.
MinIO Client SDK: Used by application developers to interact with any Amazon S3-compatible server.
This guide will help you install MinIO on a Linux system or server. The example below uses CentOS Stream 9.

Steps for Setting Up MinIO and Mapping It with a Domain Name

Install Required Packages:

dnf install mlocate wget unzip firewalld net-tools -y
Enter fullscreen mode Exit fullscreen mode

Download and Install MinIO:

cd /opt/
wget https://dl.min.io/server/minio/release/linux-amd64/archive/minio-20240716234641.0.0-1.x86_64.rpm -O minio.rpm
dnf install minio.rpm
Enter fullscreen mode Exit fullscreen mode

Create MinIO Volume Directory:

cd /var/lib/
mkdir minio-volume
Enter fullscreen mode Exit fullscreen mode

Set Hosts File:

vi /etc/hosts
Enter fullscreen mode Exit fullscreen mode

Ensure that your host file matches your URL:

127.0.0.1 <minio.example.com>
44.44.44.89 <minio.example.com>
Enter fullscreen mode Exit fullscreen mode

Configure MinIO:

vi /etc/default/minio
Enter fullscreen mode Exit fullscreen mode

Add the following lines:

MINIO_VOLUMES="/var/lib/minio-volume"
MINIO_OPTS="--certs-dir /etc/default/certs --console-address :9090"
MINIO_ROOT_USER=<minio-user>
MINIO_ROOT_PASSWORD=<minio-root-pass>
MINIO_UPDATE=off
MINIO_SERVER_URL="https://<minio.example.com>"
MINIO_BROWSER_REDIRECT_URL="https://<<>:9090/minio/ui"
Enter fullscreen mode Exit fullscreen mode

Create MinIO as a Service:

vi /usr/lib/systemd/system/minio.service
Enter fullscreen mode Exit fullscreen mode

Add the following lines:

[Unit]
Description=MinIO
Documentation=https://docs.min.io
Wants=network-online.target
After=network-online.target
AssertFileIsExecutable=/usr/local/bin/minio

[Service]
Type=notify
WorkingDirectory=/usr/local
User=root
Group=root
ProtectProc=invisible
EnvironmentFile=-/etc/default/minio
ExecStart=/usr/local/bin/minio server $MINIO_OPTS $MINIO_VOLUMES
Restart=always
LimitNOFILE=1048576
MemoryAccounting=no
TasksMax=infinity
TimeoutSec=infinity
SendSIGKILL=no

[Install]
WantedBy=multi-user.target

# Built for ${project.name}-${project.version} (${project.name})
Enter fullscreen mode Exit fullscreen mode

Disable SELinux Before Restarting MinIO Service:

setenforce 0
Enter fullscreen mode Exit fullscreen mode

Reload SystemD Service:

systemctl daemon-reload
systemctl restart minio
systemctl status minio
Enter fullscreen mode Exit fullscreen mode

Load Balancing the Traffic:

dnf install nginx -y
Enter fullscreen mode Exit fullscreen mode

Configure Nginx:

vi /etc/nginx/nginx.conf
Enter fullscreen mode Exit fullscreen mode

Add the following lines:

include /etc/nginx/conf.d/*.conf;

upstream minio_s3 {
    least_conn;
    server <minio.example.com>:9000;
}

upstream minio_console {
    least_conn;
    server <minio.example.com>:9090;
}

server {
    listen       443 ssl;
    listen  [::]:443;
    server_name  <URL>;

    ssl_certificate /etc/nginx/ssl/public.crt;
    ssl_certificate_key /etc/nginx/ssl/private.key;
    ssl_protocols       TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
    ssl_ciphers         HIGH:!aNULL:!MD5;

    include /etc/nginx/mime.types;
    ignore_invalid_headers off;
    client_max_body_size 100m;
    proxy_buffering off;
    proxy_request_buffering off;

    location / {
        proxy_set_header Host $http_host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_connect_timeout 300;
        proxy_http_version 1.1;
        proxy_pass https://minio_s3;
    }

    location /minio/ui/ {
        rewrite ^/minio/ui/(.*) /$1 break;
        proxy_set_header Host $http_host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-NginX-Proxy true;
        add_header X-Content-Type-Options nosniff always;
        add_header X-Frame-Options "SAMEORIGIN" always;
        add_header X-XSS-Protection "1; mode=block" always;
        add_header X-Robots-Tag none always;
        add_header X-Download-Options noopen always;
        add_header X-Permitted-Cross-Domain-Policies none always;
        real_ip_header X-Real-IP;
        allow all;
        proxy_connect_timeout 300;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header Origin '';
        chunked_transfer_encoding off;
        proxy_pass https://minio_console;
    }
}
Enter fullscreen mode Exit fullscreen mode

Ensure that your domain certificate are kept in this location or location of your choice that is been reference in Nginx config:

/etc/nginx/ssl/public.crt;
/etc/nginx/ssl/private.key
Enter fullscreen mode Exit fullscreen mode

Also the .crt and .ca of your certicate must be bundled together in public.crt

Connect Your Browser to the MinIO Server:

Open https://minio.example.com/minio/ui/ in a web browser to access the MinIO Console. You can alternatively enter any of the network addresses specified as part of the server command output.

While the port 9000 is used for connecting to the API, MinIO automatically redirects browser access to the MinIO Console.
You can now access the API via https://minio.example.com/

Amazon #S3 #AWS #MinIO #SystemEngineer #DevOps #SysAdmin #Cloud

💖 💪 🙅 🚩
sammy_cloud
Samuel Ajisafe

Posted on August 6, 2024

Join Our Newsletter. No Spam, Only the good stuff.

Sign up to receive the latest update from our blog.

Related