Difference between revisions of "Minio"

From Free Knowledge Free Technology Wiki
Jump to: navigation, search
(Install Minio with self signed certs)
m (Start a minio server for tenant_1)
 
(13 intermediate revisions by the same user not shown)
Line 16: Line 16:
  
 
Config /etc/supervisor/conf.d/minio.conf
 
Config /etc/supervisor/conf.d/minio.conf
 +
    [program:minio]
 
     command = /opt/minio/minio server -C "/opt/minio/config/" "/opt/minio/data/"
 
     command = /opt/minio/minio server -C "/opt/minio/config/" "/opt/minio/data/"
 
     directory = /opt/minio/
 
     directory = /opt/minio/
Line 25: Line 26:
 
==Install Minio for one client and include self signed certs==
 
==Install Minio for one client and include self signed certs==
  
We don't want to share the same keys between different tenants(clients). We don't want one tenant to have access to another tenant's data. So we run a different minio server for each tenant.
+
We don't want to share the same keys between different tenants(clients). We don't want one tenant to have access to another tenant's data. So, we run a different minio server for each tenant.
  
 +
    /opt/minio/minio --config-dir /opt/minio/tenants/tenant_1/config server --address :9001 /opt/minio/tenants/tenant_1/data
  
     /opt/minio/minio --config-dir /opt/minio/config/tenant_1 server --address :9001 /data/tenant_1
+
     cd /opt/minio/tenants/tenant_1/config/certs
 
+
    cd /opt/minio/config/tenant_1/certs
+
 
     openssl genrsa -out private.key 2048
 
     openssl genrsa -out private.key 2048
 
     openssl req -new -x509 -days 3650 -key private.key -out public.crt -subj "/C=US/ST=state/L=location/O=organization/CN=domain"
 
     openssl req -new -x509 -days 3650 -key private.key -out public.crt -subj "/C=US/ST=state/L=location/O=organization/CN=domain"
 +
 +
    chown -R minio /opt/minio/tenants/tenant_1
 +
 +
===Start a minio server for tenant_1===
 +
 +
    apt-get install supervisor
 +
 +
Config /etc/supervisor/conf.d/minio_tenant_1.conf
 +
    [program:minio_tenant_1]
 +
    command = /opt/minio/minio --config-dir "/opt/minio/tenants/tenant_1/config" server --address :9001 "/opt/minio/tenants/tenant_1/data"
 +
    directory = /opt/minio/
 +
    autorestart = True
 +
    user = minio
 +
 +
    /etc/init.d/supervisor restart
  
 
==Install Minio server using nginx and letsencrypt cert.==
 
==Install Minio server using nginx and letsencrypt cert.==
Configurar nginx
+
As I see it, this option is good if you only have one tenant because of the following problem.
 +
 
 +
Letsencrypt certs are kept at /etc/letsencrypt/archive/min.my-domain.com/ and have these permission
 +
 
 +
    -rw-r--r-- 1 root root 1830 Sep  4 20:32 cert1.pem
 +
    -rw-r--r-- 1 root root 1647 Sep  4 20:32 chain1.pem
 +
    -rw-r--r-- 1 root root 3477 Sep  4 20:32 fullchain1.pem
 +
    -rw-r--r-- 1 root root 1708 Sep  4 20:32 privkey1.pem
 +
 
 +
The system user 'minio' we created earlier does not have permission to read these files, so we need to copy them to /opt/minio/tenant_x/config/certs ..but, when letsencrypt updates the certs (every three months), we will need to copy them again, and that's a pain.
 +
 
 +
===Configurar nginx===
  
 
     server {
 
     server {

Latest revision as of 08:38, 4 October 2017

Install Minio server

Create minio user

   adduser --disabled-login --shell /usr/sbin/nologin --home /opt/minio minio

Install minio

   cd /opt/minio
   wget https://dl.minio.io/server/minio/release/linux-amd64/minio
   chmod +x minio
   mkdir /opt/minio/config
   mkdir /opt/minio/data
   chown -R minio /opt/minio

Start minio at boot with supervisor

   apt-get install supervisor

Config /etc/supervisor/conf.d/minio.conf

   [program:minio]
   command = /opt/minio/minio server -C "/opt/minio/config/" "/opt/minio/data/"
   directory = /opt/minio/
   autorestart = True
   user = minio
   /etc/init.d/supervisor restart

Install Minio for one client and include self signed certs

We don't want to share the same keys between different tenants(clients). We don't want one tenant to have access to another tenant's data. So, we run a different minio server for each tenant.

   /opt/minio/minio --config-dir /opt/minio/tenants/tenant_1/config server --address :9001 /opt/minio/tenants/tenant_1/data
   cd /opt/minio/tenants/tenant_1/config/certs
   openssl genrsa -out private.key 2048
   openssl req -new -x509 -days 3650 -key private.key -out public.crt -subj "/C=US/ST=state/L=location/O=organization/CN=domain"
   chown -R minio /opt/minio/tenants/tenant_1

Start a minio server for tenant_1

   apt-get install supervisor

Config /etc/supervisor/conf.d/minio_tenant_1.conf

   [program:minio_tenant_1]
   command = /opt/minio/minio --config-dir "/opt/minio/tenants/tenant_1/config" server --address :9001 "/opt/minio/tenants/tenant_1/data"
   directory = /opt/minio/
   autorestart = True
   user = minio
   /etc/init.d/supervisor restart

Install Minio server using nginx and letsencrypt cert.

As I see it, this option is good if you only have one tenant because of the following problem.

Letsencrypt certs are kept at /etc/letsencrypt/archive/min.my-domain.com/ and have these permission

   -rw-r--r-- 1 root root 1830 Sep  4 20:32 cert1.pem
   -rw-r--r-- 1 root root 1647 Sep  4 20:32 chain1.pem
   -rw-r--r-- 1 root root 3477 Sep  4 20:32 fullchain1.pem
   -rw-r--r-- 1 root root 1708 Sep  4 20:32 privkey1.pem

The system user 'minio' we created earlier does not have permission to read these files, so we need to copy them to /opt/minio/tenant_x/config/certs ..but, when letsencrypt updates the certs (every three months), we will need to copy them again, and that's a pain.

Configurar nginx

   server {
        listen             80;
        server_name        min.my-domain.com;
        return             301 https://$server_name$request_uri;
   }
   server {
       listen              443 ssl;
       server_name         min.my-domain.com;
   
           ssl_certificate      /etc/letsencrypt/live/min.my-domain.com/fullchain.pem;
           ssl_certificate_key  /etc/letsencrypt/live/min.my-domain.com/privkey.pem;
   
           location / {
               client_max_body_size        1000m;
               client_body_buffer_size     1000m;
               proxy_pass             http://localhost:9000/;
               proxy_set_header       Host $host;
           }
           access_log /var/log/nginx/minio.access.log;
           error_log /var/log/nginx/minio.error.log notice;
   }

Find you access keys here

   /opt/minio/config/config.json

Create Bucket and prefix (read/write) at https://min.my-domain.com