From Free Knowledge Free Technology Wiki
Revision as of 23:04, 19 September 2017 by Chris (Talk | contribs)

Jump to: navigation, search

Install Minio server

Create minio user

   adduser --disabled-login --shell /usr/sbin/nologin --home /opt/minio minio

Install minio

   cd /opt/minio
   chmod +x minio
   mkdir /opt/minio/config
   mkdir /opt/minio/data
   chown -R minio /opt/minio

Start minio at boot with supervisor

   apt-get install supervisor

Config /etc/supervisor/conf.d/minio.conf

   command = /opt/minio/minio server -C "/opt/minio/config/" "/opt/minio/data/"
   directory = /opt/minio/
   autorestart = True
   user = minio
   /etc/init.d/supervisor restart

Install Minio for one client and include self signed certs

We don't want to share the same keys between different tenants(clients). We don't want one tenant to have access to another tenant's data. So we run a different minio server for each tenant.

   /opt/minio/minio --config-dir /opt/minio/config/tenant_1 server --address :9001 /data/tenant_1
   cd /opt/minio/config/tenant_1/certs
   openssl genrsa -out private.key 2048
   openssl req -new -x509 -days 3650 -key private.key -out public.crt -subj "/C=US/ST=state/L=location/O=organization/CN=domain"

Start a minio server for tenant_1

   apt-get install supervisor

Config /etc/supervisor/conf.d/minio_tenant_1.conf

   /opt/minio/minio --config-dir /opt/minio/config/tenant_1 server --address :9001 /data/tenant_1
   directory = /opt/minio/
   autorestart = True
   user = minio
   /etc/init.d/supervisor restart

Install Minio server using nginx and letsencrypt cert.

As I see it, this option is good if you aony have one tenant because of the following problem.

Letsencrypt certs are kept at /etc/letsencrypt/archive/ and have these permission

   -rw-r--r-- 1 root root 1830 Sep  4 20:32 cert1.pem
   -rw-r--r-- 1 root root 1647 Sep  4 20:32 chain1.pem
   -rw-r--r-- 1 root root 3477 Sep  4 20:32 fullchain1.pem
   -rw-r--r-- 1 root root 1708 Sep  4 20:32 privkey1.pem

The system user minio we created earlier does not have permission to read these files, so we need to copy them to /opt/minio/config/tentant_x/certs ..but, when letsencrypt update the certs (every three months), we will need to copy them again. That's a pain.. anyway..

Configurar nginx

   server {
        listen             80;
        return             301 https://$server_name$request_uri;
   server {
       listen              443 ssl;
           ssl_certificate      /etc/letsencrypt/live/;
           ssl_certificate_key  /etc/letsencrypt/live/;
           location / {
               client_max_body_size        1000m;
               client_body_buffer_size     1000m;
               proxy_pass             http://localhost:9000/;
               proxy_set_header       Host $host;
           access_log /var/log/nginx/minio.access.log;
           error_log /var/log/nginx/minio.error.log notice;

Find you access keys here


Create Bucket and prefix (read/write) at