Why
Because we want to use our own object storage system, on-premisses.
What do I need to install?
You need a Linux Server with Docker, and Docker-compose installed.
What's my setup?
- ProxMox
- External Nginx
- Reverse Proxy Configuration
- LetsEncrypt Certificate
- CloudFlare
Where I can find out more about the project?
Project
Docker installation
Single Node Multi Drive Arch
Hardware Requirements
Virtual Machine
vpcu: 8
memory: 8 gb ram
network: 1 gbit
disk: 350 gb
Disk layout
root (30g)
/var/lib/docker (30g)
/opt/minio (300g)
Network requirements
These are all the necessary ports to open
22 TCP (ssh)
80 (minio api)
8080 (minio console)
Any other port should be closed.
DNS requirements
We'll use 2 DNS Records
minio-admin.domain.tld (console)
minio.domain.tld (api)
How to install it?
updating your node
apt-get update
apt-get upgrade -y
installing utilities
apt install screen htop net-tools ccze git
Docker
Docker Install
curl https://get.docker.com|bash
Docker Configuration
Let's create the configuration file.
vim /etc/docker/daemon.json
Content
{
"default-address-pools": [
{
"base": "10.20.30.0/24",
"size": 24
},
{
"base": "10.20.31.0/24",
"size": 24
}
]
}
Here we're defining uncommon networks to avoid conflicts with your provider or organization networks. You need to restart docker after it.
systemclt restart docker
systemclt enable docker
Docker-compose
Docker-compose install
Download
curl -s https://api.github.com/repos/docker/compose/releases/latest | grep browser_download_url | grep docker-compose-linux-x86_64 | cut -d '"' -f 4 | wget -qi -
Adjusting permissions
chmod +x docker-compose-linux-x86_64
Moving the binary to the usr/local directory
mv docker-compose-linux-x86_64 /usr/local/bin/docker-compose
Minio
Creating directories
mkdir -p /opt/minio/{docker,storage}
Creating docker-compose config
vim /opt/minio/docker/docker-compose.yaml
Content
version: '3.7'
# Settings and configurations that are common for all containers
x-minio-common: &minio-common
image: quay.io/minio/minio:RELEASE.2023-08-04T17-40-21Z
command: server --console-address ":9001" http://minio{1...4}/data{1...2}
expose:
- "9000"
- "9001"
environment:
MINIO_ROOT_USER: minio
MINIO_ROOT_PASSWORD: your_password_here
MINIO_SERVER_URL: https://minio.domain.ltd
MINIO_DOMAIN: minio.domain.ltd
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost:9000/minio/health/live"]
interval: 30s
timeout: 20s
retries: 3
# starts 4 docker containers running minio server instances.
# using nginx reverse proxy, load balancing, you can access
# it through port 9000.
services:
minio1:
<<: *minio-common
hostname: minio1
restart: always
volumes:
- /MinIO/storage/data1-1:/data1
- /MinIO/storage/data1-2:/data2
minio2:
<<: *minio-common
hostname: minio2
restart: always
volumes:
- /MinIO/storage/data2-1:/data1
- /MinIO/storage/data2-2:/data2
minio3:
<<: *minio-common
hostname: minio3
restart: always
volumes:
- /MinIO/storage/data3-1:/data1
- /MinIO/storage/data3-2:/data2
minio4:
<<: *minio-common
hostname: minio4
restart: always
volumes:
- /MinIO/storage/data4-1:/data1
- /MinIO/storage/data4-2:/data2
nginx:
image: nginx:1.19.2-alpine
hostname: nginx
restart: always
volumes:
- /MinIO/docker/nginx.conf:/etc/nginx/nginx.conf
ports:
- "80:80"
- "8080:8080"
depends_on:
- minio1
- minio2
- minio3
- minio4
## By default this config uses default local driver,
## For custom volumes replace with volume driver configuration.
volumes:
data1-1:
data1-2:
data2-1:
data2-2:
data3-1:
data3-2:
data4-1:
data4-2:
Creating nginx config
vim /opt/minio/docker/nginx.conf
Content
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 4096;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
sendfile on;
keepalive_timeout 65;
upstream minio {
server minio1:9000;
server minio2:9000;
server minio3:9000;
server minio4:9000;
}
upstream console {
ip_hash;
server minio1:9001;
server minio2:9001;
server minio3:9001;
server minio4:9001;
}
server {
listen 80;
ignore_invalid_headers off;
client_max_body_size 0;
proxy_buffering off;
proxy_request_buffering off;
location / {
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_connect_timeout 300;
proxy_http_version 1.1;
proxy_set_header Connection "";
chunked_transfer_encoding off;
proxy_pass http://minio;
}
}
server {
listen 8080;
ignore_invalid_headers off;
client_max_body_size 0;
proxy_buffering off;
proxy_request_buffering off;
location / {
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-NginX-Proxy true;
real_ip_header X-Real-IP;
proxy_connect_timeout 300;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
chunked_transfer_encoding off;
proxy_pass http://console;
}
}
}
starting containers
cd /opt/minio/docker
docker-compose up -d
checking services
docker-compose ps
Expected output
NAME IMAGE COMMAND SERVICE CREATED STATUS PORTS
docker-minio1-1 quay.io/minio/minio:RELEASE.2023-08-04T17-40-21Z "/usr/bin/docker-ent…" minio1 11 minutes ago Up 9 minutes (healthy) 9000-9001/tcp
docker-minio2-1 quay.io/minio/minio:RELEASE.2023-08-04T17-40-21Z "/usr/bin/docker-ent…" minio2 11 minutes ago Up 9 minutes (healthy) 9000-9001/tcp
docker-minio3-1 quay.io/minio/minio:RELEASE.2023-08-04T17-40-21Z "/usr/bin/docker-ent…" minio3 11 minutes ago Up 9 minutes (healthy) 9000-9001/tcp
docker-minio4-1 quay.io/minio/minio:RELEASE.2023-08-04T17-40-21Z "/usr/bin/docker-ent…" minio4 11 minutes ago Up 9 minutes (healthy) 9000-9001/tcp
docker-nginx-1 nginx:1.19.2-alpine "/docker-entrypoint.…" nginx 11 minutes ago Up 9 minutes 0.0.0.0:80->80/tcp, :::80->80/tcp, 0.0.0.0:8080->8080/tcp, :::8080->8080/tcp
Check it the ports 9001 and 9001
netstat -ntpl|grep docker
Expected Ouput
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 2116141/docker-prox
tcp 0 0 0.0.0.0:8080 0.0.0.0:* LISTEN 2116110/docker-prox
tcp6 0 0 :::80 :::* LISTEN 2116149/docker-prox
tcp6 0 0 :::8080 :::* LISTEN 2116123/docker-prox
You can now validate the console
curl http://localhost:80
Expected Output
<!doctype html><html lang="en"><head><meta charset="utf-8"/><base href="/"/><meta content="width=device-width,initial-scale=1" name="viewport"/><meta content="#081C42" media="(prefers-color-scheme: light)" name="theme-color"/><meta content="#081C42" media="(prefers-color-scheme: dark)" name="theme-color"/><meta content="MinIO Console" name="description"/><meta name="minio-license" content="agpl" /><link href="./styles/root-styles.css" rel="stylesheet"/><link href="./apple-icon-180x180.png" rel="apple-touch-icon" sizes="180x180"/><link href="./favicon-32x32.png" rel="icon" sizes="32x32" type="image/png"/><link href="./favicon-96x96.png" rel="icon" sizes="96x96" type="image/png"/><link href="./favicon-16x16.png" rel="icon" sizes="16x16" type="image/png"/><link href="./manifest.json" rel="manifest"/><link color="#3a4e54" href="./safari-pinned-tab.svg" rel="mask-icon"/><title>MinIO Console</title><script defer="defer" src="./static/js/main.92fa0385.js"></script><link href="./static/css/main.02c1b6fd.css" rel="stylesheet"></head><body><noscript>You need to enable JavaScript to run this app.</noscript><div id="root"><div id="preload"><img src="./images/background.svg"/> <img src="./images/background-wave-orig2.svg"/></div><div id="loader-block"><img src="./Loader.svg"/></div></div></body></html>
You can now validate if the API is running
curl http://localhost:80
Expected output
<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied.</Message><Resource>/</Resource><RequestId>177E5BC14618C529</RequestId><HostId>e0c385c033c4356721cc9121d3109c9b9bfdefb22fd2747078acd22328799e36</HostId></Error>root@bolha.io:/MinIO/docker#
Validate if the API is Healthly
curl -si http:///localhost/minio/health/live
Expected output
HTTP/1.1 200 OK
Server: nginx/1.19.2
Date: Thu, 24 Aug 2023 15:38:38 GMT
Content-Length: 0
Connection: keep-alive
Accept-Ranges: bytes
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin
X-Amz-Id-2: 46efbbb7efbd81c7d995bde03cc6fabf60c12f80d4e074c1c972dbc4d583c3d4
X-Amz-Request-Id: 177E5BDDF79EDEF8
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Reverse Proxy
You can now configure your reverse proxy
minio-admin.domain.tld => the ip-of-the-vm port 8080.
minio.domain.tlds => ip-of-the-vm port 80.
We'll not cover the reverse proxy config yet, maybe in the future.
Accessing Minio
After the configuration you can visite the admin console
https://minio-admin.domain.tld
Viewing logs
You can follow the containers logs during the minio usage.
cd /opt/minio/docker
docker-compose logs -f --tail=10
Cheers
[s]