Difference between revisions of "Minio"
(→Install Minio server using nginx and letsencrypt cert.) |
(→Install Minio for one client and include self signed certs) |
||
Line 30: | Line 30: | ||
/opt/minio/minio --config-dir /opt/minio/tenants/tenant_1/config server --address :9001 /opt/minio/tenants/tenant_1/data | /opt/minio/minio --config-dir /opt/minio/tenants/tenant_1/config server --address :9001 /opt/minio/tenants/tenant_1/data | ||
− | /opt/minio/tenants/tenant_1/config | + | cd /opt/minio/tenants/tenant_1/config/certs |
openssl genrsa -out private.key 2048 | openssl genrsa -out private.key 2048 | ||
openssl req -new -x509 -days 3650 -key private.key -out public.crt -subj "/C=US/ST=state/L=location/O=organization/CN=domain" | openssl req -new -x509 -days 3650 -key private.key -out public.crt -subj "/C=US/ST=state/L=location/O=organization/CN=domain" |
Revision as of 23:25, 19 September 2017
Contents
Install Minio server
Create minio user
adduser --disabled-login --shell /usr/sbin/nologin --home /opt/minio minio
Install minio
cd /opt/minio wget https://dl.minio.io/server/minio/release/linux-amd64/minio chmod +x minio mkdir /opt/minio/config mkdir /opt/minio/data chown -R minio /opt/minio
Start minio at boot with supervisor
apt-get install supervisor
Config /etc/supervisor/conf.d/minio.conf
[program:minio] command = /opt/minio/minio server -C "/opt/minio/config/" "/opt/minio/data/" directory = /opt/minio/ autorestart = True user = minio
/etc/init.d/supervisor restart
Install Minio for one client and include self signed certs
We don't want to share the same keys between different tenants(clients). We don't want one tenant to have access to another tenant's data. So, we run a different minio server for each tenant.
/opt/minio/minio --config-dir /opt/minio/tenants/tenant_1/config server --address :9001 /opt/minio/tenants/tenant_1/data
cd /opt/minio/tenants/tenant_1/config/certs openssl genrsa -out private.key 2048 openssl req -new -x509 -days 3650 -key private.key -out public.crt -subj "/C=US/ST=state/L=location/O=organization/CN=domain"
chown -R minio /opt/minio/tenants/tenant_1
Start a minio server for tenant_1
apt-get install supervisor
Config /etc/supervisor/conf.d/minio_tenant_1.conf
[program:minio_tenant_1] /opt/minio/minio --config-dir "/opt/minio/tenants/tenant_1/config" server --address :9001 "/opt/minio/tenants/tenant_1/data" directory = /opt/minio/ autorestart = True user = minio
/etc/init.d/supervisor restart
Install Minio server using nginx and letsencrypt cert.
As I see it, this option is good if you only have one tenant because of the following problem.
Letsencrypt certs are kept at /etc/letsencrypt/archive/min.my-domain.com/ and have these permission
-rw-r--r-- 1 root root 1830 Sep 4 20:32 cert1.pem -rw-r--r-- 1 root root 1647 Sep 4 20:32 chain1.pem -rw-r--r-- 1 root root 3477 Sep 4 20:32 fullchain1.pem -rw-r--r-- 1 root root 1708 Sep 4 20:32 privkey1.pem
The system user 'minio' we created earlier does not have permission to read these files, so we need to copy them to /opt/minio/tenant_x/config/certs ..but, when letsencrypt updates the certs (every three months), we will need to copy them again. That's a pain.. so..
Configurar nginx
server { listen 80; server_name min.my-domain.com; return 301 https://$server_name$request_uri; } server { listen 443 ssl; server_name min.my-domain.com; ssl_certificate /etc/letsencrypt/live/min.my-domain.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/min.my-domain.com/privkey.pem; location / { client_max_body_size 1000m; client_body_buffer_size 1000m; proxy_pass http://localhost:9000/; proxy_set_header Host $host; } access_log /var/log/nginx/minio.access.log; error_log /var/log/nginx/minio.error.log notice; }
Find you access keys here
/opt/minio/config/config.json
Create Bucket and prefix (read/write) at https://min.my-domain.com