Difference between revisions of "Minio"
(→Install Minio server using nginx and letsencrypt cert.) |
(→Install Minio server using nginx and letsencrypt cert.) |
||
| Line 57: | Line 57: | ||
The system user minio we created earlier does not have permission to read these files, so we need to copy them to /opt/minio/config/tentant_x/certs ..but, when letsencrypt update the certs (every three months), we will need to copy them again. That's a pain.. anyway.. | The system user minio we created earlier does not have permission to read these files, so we need to copy them to /opt/minio/config/tentant_x/certs ..but, when letsencrypt update the certs (every three months), we will need to copy them again. That's a pain.. anyway.. | ||
| − | Configurar nginx | + | ===Configurar nginx=== |
server { | server { | ||
Revision as of 22:04, 19 September 2017
Contents
Install Minio server
Create minio user
adduser --disabled-login --shell /usr/sbin/nologin --home /opt/minio minio
Install minio
cd /opt/minio wget https://dl.minio.io/server/minio/release/linux-amd64/minio chmod +x minio mkdir /opt/minio/config mkdir /opt/minio/data chown -R minio /opt/minio
Start minio at boot with supervisor
apt-get install supervisor
Config /etc/supervisor/conf.d/minio.conf
command = /opt/minio/minio server -C "/opt/minio/config/" "/opt/minio/data/" directory = /opt/minio/ autorestart = True user = minio
/etc/init.d/supervisor restart
Install Minio for one client and include self signed certs
We don't want to share the same keys between different tenants(clients). We don't want one tenant to have access to another tenant's data. So we run a different minio server for each tenant.
/opt/minio/minio --config-dir /opt/minio/config/tenant_1 server --address :9001 /data/tenant_1
cd /opt/minio/config/tenant_1/certs openssl genrsa -out private.key 2048 openssl req -new -x509 -days 3650 -key private.key -out public.crt -subj "/C=US/ST=state/L=location/O=organization/CN=domain"
Start a minio server for tenant_1
apt-get install supervisor
Config /etc/supervisor/conf.d/minio_tenant_1.conf
/opt/minio/minio --config-dir /opt/minio/config/tenant_1 server --address :9001 /data/tenant_1 directory = /opt/minio/ autorestart = True user = minio
/etc/init.d/supervisor restart
Install Minio server using nginx and letsencrypt cert.
As I see it, this option is good if you aony have one tenant because of the following problem.
Letsencrypt certs are kept at /etc/letsencrypt/archive/min.my-domain.com/ and have these permission
-rw-r--r-- 1 root root 1830 Sep 4 20:32 cert1.pem -rw-r--r-- 1 root root 1647 Sep 4 20:32 chain1.pem -rw-r--r-- 1 root root 3477 Sep 4 20:32 fullchain1.pem -rw-r--r-- 1 root root 1708 Sep 4 20:32 privkey1.pem
The system user minio we created earlier does not have permission to read these files, so we need to copy them to /opt/minio/config/tentant_x/certs ..but, when letsencrypt update the certs (every three months), we will need to copy them again. That's a pain.. anyway..
Configurar nginx
server {
listen 80;
server_name min.my-domain.com;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl;
server_name min.my-domain.com;
ssl_certificate /etc/letsencrypt/live/min.my-domain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/min.my-domain.com/privkey.pem;
location / {
client_max_body_size 1000m;
client_body_buffer_size 1000m;
proxy_pass http://localhost:9000/;
proxy_set_header Host $host;
}
access_log /var/log/nginx/minio.access.log;
error_log /var/log/nginx/minio.error.log notice;
}
Find you access keys here
/opt/minio/config/config.json
Create Bucket and prefix (read/write) at https://min.my-domain.com
