MinIO Installation and Configuration Guide
Samuel Ajisafe
Posted on August 6, 2024
MinIO is an object storage system released under the GNU Affero General Public License v3.0. It is API-compatible with the Amazon S3 cloud storage service, capable of handling unstructured data like photos, videos, log files, backups, and container images, with a maximum supported object size of 50TB.
Architecture
MinIO's storage stack consists of three major components:
MinIO Server: The main server application.
MinIO Client (mc): A command-line client for object and file management with any Amazon S3-compatible servers.
MinIO Client SDK: Used by application developers to interact with any Amazon S3-compatible server.
This guide will help you install MinIO on a Linux system or server. The example below uses CentOS Stream 9.
Steps for Setting Up MinIO and Mapping It with a Domain Name
Install Required Packages:
dnf install mlocate wget unzip firewalld net-tools -y
Download and Install MinIO:
cd /opt/
wget https://dl.min.io/server/minio/release/linux-amd64/archive/minio-20240716234641.0.0-1.x86_64.rpm -O minio.rpm
dnf install minio.rpm
Create MinIO Volume Directory:
cd /var/lib/
mkdir minio-volume
Set Hosts File:
vi /etc/hosts
Ensure that your host file matches your URL:
127.0.0.1 <minio.example.com>
44.44.44.89 <minio.example.com>
Configure MinIO:
vi /etc/default/minio
Add the following lines:
MINIO_VOLUMES="/var/lib/minio-volume"
MINIO_OPTS="--certs-dir /etc/default/certs --console-address :9090"
MINIO_ROOT_USER=<minio-user>
MINIO_ROOT_PASSWORD=<minio-root-pass>
MINIO_UPDATE=off
MINIO_SERVER_URL="https://<minio.example.com>"
MINIO_BROWSER_REDIRECT_URL="https://<<>:9090/minio/ui"
Create MinIO as a Service:
vi /usr/lib/systemd/system/minio.service
Add the following lines:
[Unit]
Description=MinIO
Documentation=https://docs.min.io
Wants=network-online.target
After=network-online.target
AssertFileIsExecutable=/usr/local/bin/minio
[Service]
Type=notify
WorkingDirectory=/usr/local
User=root
Group=root
ProtectProc=invisible
EnvironmentFile=-/etc/default/minio
ExecStart=/usr/local/bin/minio server $MINIO_OPTS $MINIO_VOLUMES
Restart=always
LimitNOFILE=1048576
MemoryAccounting=no
TasksMax=infinity
TimeoutSec=infinity
SendSIGKILL=no
[Install]
WantedBy=multi-user.target
# Built for ${project.name}-${project.version} (${project.name})
Disable SELinux Before Restarting MinIO Service:
setenforce 0
Reload SystemD Service:
systemctl daemon-reload
systemctl restart minio
systemctl status minio
Load Balancing the Traffic:
dnf install nginx -y
Configure Nginx:
vi /etc/nginx/nginx.conf
Add the following lines:
include /etc/nginx/conf.d/*.conf;
upstream minio_s3 {
least_conn;
server <minio.example.com>:9000;
}
upstream minio_console {
least_conn;
server <minio.example.com>:9090;
}
server {
listen 443 ssl;
listen [::]:443;
server_name <URL>;
ssl_certificate /etc/nginx/ssl/public.crt;
ssl_certificate_key /etc/nginx/ssl/private.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
include /etc/nginx/mime.types;
ignore_invalid_headers off;
client_max_body_size 100m;
proxy_buffering off;
proxy_request_buffering off;
location / {
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_connect_timeout 300;
proxy_http_version 1.1;
proxy_pass https://minio_s3;
}
location /minio/ui/ {
rewrite ^/minio/ui/(.*) /$1 break;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-NginX-Proxy true;
add_header X-Content-Type-Options nosniff always;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-XSS-Protection "1; mode=block" always;
add_header X-Robots-Tag none always;
add_header X-Download-Options noopen always;
add_header X-Permitted-Cross-Domain-Policies none always;
real_ip_header X-Real-IP;
allow all;
proxy_connect_timeout 300;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Origin '';
chunked_transfer_encoding off;
proxy_pass https://minio_console;
}
}
Ensure that your domain certificate are kept in this location or location of your choice that is been reference in Nginx config:
/etc/nginx/ssl/public.crt;
/etc/nginx/ssl/private.key
Also the .crt and .ca of your certicate must be bundled together in public.crt
Connect Your Browser to the MinIO Server:
Open https://minio.example.com/minio/ui/ in a web browser to access the MinIO Console. You can alternatively enter any of the network addresses specified as part of the server command output.
While the port 9000 is used for connecting to the API, MinIO automatically redirects browser access to the MinIO Console.
You can now access the API via https://minio.example.com/
Amazon #S3 #AWS #MinIO #SystemEngineer #DevOps #SysAdmin #Cloud
Posted on August 6, 2024
Join Our Newsletter. No Spam, Only the good stuff.
Sign up to receive the latest update from our blog.