Difference between revisions of "Minio"

From Free Knowledge Free Technology Wiki
Jump to: navigation, search
(Start minio at boot with supervisor)
m (Start a minio server for tenant_1)
 
(8 intermediate revisions by the same user not shown)
Line 26: Line 26:
 
==Install Minio for one client and include self signed certs==
 
==Install Minio for one client and include self signed certs==
  
We don't want to share the same keys between different tenants(clients). We don't want one tenant to have access to another tenant's data. So we run a different minio server for each tenant.
+
We don't want to share the same keys between different tenants(clients). We don't want one tenant to have access to another tenant's data. So, we run a different minio server for each tenant.
  
     /opt/minio/minio --config-dir /opt/minio/config/tenant_1 server --address :9001 /data/tenant_1
+
     /opt/minio/minio --config-dir /opt/minio/tenants/tenant_1/config server --address :9001 /opt/minio/tenants/tenant_1/data
  
     cd /opt/minio/config/tenant_1/certs
+
     cd /opt/minio/tenants/tenant_1/config/certs
 
     openssl genrsa -out private.key 2048
 
     openssl genrsa -out private.key 2048
 
     openssl req -new -x509 -days 3650 -key private.key -out public.crt -subj "/C=US/ST=state/L=location/O=organization/CN=domain"
 
     openssl req -new -x509 -days 3650 -key private.key -out public.crt -subj "/C=US/ST=state/L=location/O=organization/CN=domain"
 +
 +
    chown -R minio /opt/minio/tenants/tenant_1
  
 
===Start a minio server for tenant_1===
 
===Start a minio server for tenant_1===
Line 40: Line 42:
 
Config /etc/supervisor/conf.d/minio_tenant_1.conf
 
Config /etc/supervisor/conf.d/minio_tenant_1.conf
 
     [program:minio_tenant_1]
 
     [program:minio_tenant_1]
     /opt/minio/minio --config-dir /opt/minio/config/tenant_1 server --address :9001 /data/tenant_1
+
     command = /opt/minio/minio --config-dir "/opt/minio/tenants/tenant_1/config" server --address :9001 "/opt/minio/tenants/tenant_1/data"
 
     directory = /opt/minio/
 
     directory = /opt/minio/
 
     autorestart = True
 
     autorestart = True
Line 48: Line 50:
  
 
==Install Minio server using nginx and letsencrypt cert.==
 
==Install Minio server using nginx and letsencrypt cert.==
As I see it, this option is good if you aony have one tenant because of the following problem.
+
As I see it, this option is good if you only have one tenant because of the following problem.
  
 
Letsencrypt certs are kept at /etc/letsencrypt/archive/min.my-domain.com/ and have these permission
 
Letsencrypt certs are kept at /etc/letsencrypt/archive/min.my-domain.com/ and have these permission
Line 57: Line 59:
 
     -rw-r--r-- 1 root root 1708 Sep  4 20:32 privkey1.pem
 
     -rw-r--r-- 1 root root 1708 Sep  4 20:32 privkey1.pem
  
The system user minio we created earlier does not have permission to read these files, so we need to copy them to /opt/minio/config/tentant_x/certs ..but, when letsencrypt update the certs (every three months), we will need to copy them again. That's a pain.. anyway..
+
The system user 'minio' we created earlier does not have permission to read these files, so we need to copy them to /opt/minio/tenant_x/config/certs ..but, when letsencrypt updates the certs (every three months), we will need to copy them again, and that's a pain.
  
 
===Configurar nginx===
 
===Configurar nginx===

Latest revision as of 08:38, 4 October 2017

Install Minio server

Create minio user

   adduser --disabled-login --shell /usr/sbin/nologin --home /opt/minio minio

Install minio

   cd /opt/minio
   wget https://dl.minio.io/server/minio/release/linux-amd64/minio
   chmod +x minio
   mkdir /opt/minio/config
   mkdir /opt/minio/data
   chown -R minio /opt/minio

Start minio at boot with supervisor

   apt-get install supervisor

Config /etc/supervisor/conf.d/minio.conf

   [program:minio]
   command = /opt/minio/minio server -C "/opt/minio/config/" "/opt/minio/data/"
   directory = /opt/minio/
   autorestart = True
   user = minio
   /etc/init.d/supervisor restart

Install Minio for one client and include self signed certs

We don't want to share the same keys between different tenants(clients). We don't want one tenant to have access to another tenant's data. So, we run a different minio server for each tenant.

   /opt/minio/minio --config-dir /opt/minio/tenants/tenant_1/config server --address :9001 /opt/minio/tenants/tenant_1/data
   cd /opt/minio/tenants/tenant_1/config/certs
   openssl genrsa -out private.key 2048
   openssl req -new -x509 -days 3650 -key private.key -out public.crt -subj "/C=US/ST=state/L=location/O=organization/CN=domain"
   chown -R minio /opt/minio/tenants/tenant_1

Start a minio server for tenant_1

   apt-get install supervisor

Config /etc/supervisor/conf.d/minio_tenant_1.conf

   [program:minio_tenant_1]
   command = /opt/minio/minio --config-dir "/opt/minio/tenants/tenant_1/config" server --address :9001 "/opt/minio/tenants/tenant_1/data"
   directory = /opt/minio/
   autorestart = True
   user = minio
   /etc/init.d/supervisor restart

Install Minio server using nginx and letsencrypt cert.

As I see it, this option is good if you only have one tenant because of the following problem.

Letsencrypt certs are kept at /etc/letsencrypt/archive/min.my-domain.com/ and have these permission

   -rw-r--r-- 1 root root 1830 Sep  4 20:32 cert1.pem
   -rw-r--r-- 1 root root 1647 Sep  4 20:32 chain1.pem
   -rw-r--r-- 1 root root 3477 Sep  4 20:32 fullchain1.pem
   -rw-r--r-- 1 root root 1708 Sep  4 20:32 privkey1.pem

The system user 'minio' we created earlier does not have permission to read these files, so we need to copy them to /opt/minio/tenant_x/config/certs ..but, when letsencrypt updates the certs (every three months), we will need to copy them again, and that's a pain.

Configurar nginx

   server {
        listen             80;
        server_name        min.my-domain.com;
        return             301 https://$server_name$request_uri;
   }
   server {
       listen              443 ssl;
       server_name         min.my-domain.com;
   
           ssl_certificate      /etc/letsencrypt/live/min.my-domain.com/fullchain.pem;
           ssl_certificate_key  /etc/letsencrypt/live/min.my-domain.com/privkey.pem;
   
           location / {
               client_max_body_size        1000m;
               client_body_buffer_size     1000m;
               proxy_pass             http://localhost:9000/;
               proxy_set_header       Host $host;
           }
           access_log /var/log/nginx/minio.access.log;
           error_log /var/log/nginx/minio.error.log notice;
   }

Find you access keys here

   /opt/minio/config/config.json

Create Bucket and prefix (read/write) at https://min.my-domain.com