Skip to main content

MinIO (Object Storage)- Docker Compose, TLS Encryption for API and Console Connection, MinIO Client

952 words·
MinIO Docker-Compose Object Storage S3
Table of Contents

MinIO is an object storage solution that provides an Amazon Web Services S3-compatible API and supports all core S3 features.

Prerequisites
#

I use two Ubuntu 22.04 servers in this tutorial:

# MinIO Server
192.168.30.90

# MinIO Client
192.168.30.91

MinIO with TLS
#

Folder Structure
#

# Create folder structure
sudo mkdir -p /opt/minio/certs && cd /opt/minio/

# Set permissions
sudo chmod 755 /opt/minio/certs

TLS Certificates for API Connection
#

Note: In this tutorial I use a Let’s Encrypt (Certbot) wildcard certificate

# Copy certificate and key into MinIO directory
sudo cp fullchain.pem /opt/minio/certs/public.crt &&
sudo cp privkey.pem /opt/minio/certs/private.key

# Set permissions
sudo chmod 0400 /opt/minio/certs/public.crt &&
sudo chmod 0400 /opt/minio/certs/private.key

Environment File
#

# Create environment file
sudo vi .env
#.env
MINIO_ROOT_USER=admin
MINIO_ROOT_PASSWORD=myadminpw

Docker Compose File
#

# Create Docker Compose file
sudo vi docker-compose.yml
# docker-compose.yml
version: '3.8'
services:
  minio:
    image: minio/minio
    ports:
      - "9000:9000"
      - "443:9001"
    volumes:
      - ./minio_data:/data
      - ./certs:/root/.minio/certs
    command: server /data --console-address ":9001"
    env_file:
      - .env

Start Container
#

# Create / start Docker stack
sudo docker compose up -d

MinIO Interfaces
#

API
#

# MinIO S3-API
https://minio.jklug.work:9000

Webinterface
#

# MinIO Console: Open in browser
https://minio.jklug.work/login

If no custom user & password are defined with the environment variables the default values are as follows:

# User:
minioadmin

# PW:
minioadmin

Create Bucket
#

  • Create a new bucket

Access Keys
#

  • Create Access Keys
# Access Key
UBJAgkFX5Rn71s01yb3k

# Secret Key
pCTjVwgpxF081ifRqPSy0sEfnN4L45BnhjJVoRD1

Policies
#

  • Add the policy that access the bucket to the Access Keys
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "s3:*"
            ],
            "Resource": [
                "arn:aws:s3:::jkw-bucket", # Define bucket name
                "arn:aws:s3:::jkw-bucket/*" # Define bucket name
            ]
        }
    ]
}

MinIO Client
#

DNS / Hosts Entry
#

# Open hosts file
sudo vi /etc/hosts

# Add entry for MinIO server
192.168.30.90 minio.jklug.work
# Test connection to MinIO server
ping minio.jklug.work

Setup
#

# Download MinIO Client and save as "mc" in "minio-binaries" folder in the home directory of the current user
curl https://dl.min.io/client/mc/release/linux-amd64/mc \
  --create-dirs \
  -o $HOME/minio-binaries/mc

# Make file executable
chmod +x $HOME/minio-binaries/mc

# Add "minio-binaries" folder to system PATH & make the mc command available from anywhere in the terminal
export PATH=$PATH:$HOME/minio-binaries/
# List MinIO Client commands
mc --help

# Quit MinIO help
q

Create Alias for MinIO Server
#

  • Syntax
# Optional: Temporarily turn off the recording of commands in the bash history
bash +o history

# Add connection to MinIO server: Syntax
mc alias set ALIAS HOSTNAME ACCESS_KEY SECRET_KEY

# Turn the recording of commands in the bash history back on
bash -o history
  • Add MinIO server: With TLS
# Add MinIO server: With TLS encryption
mc alias set jkw-minio https://minio.jklug.work:9000 UBJAgkFX5Rn71s01yb3k pCTjVwgpxF081ifRqPSy0sEfnN4L45BnhjJVoRD1

# Shell output
mc: Configuration written to `/home/ubuntu/.mc/config.json`. Please update your access credentials.
mc: Successfully created `/home/ubuntu/.mc/share`.
mc: Initialized share uploads `/home/ubuntu/.mc/share/uploads.json` file.
mc: Initialized share downloads `/home/ubuntu/.mc/share/downloads.json` file.
Added `jkw-minio` successfully.
# Test the connection to the MinIO server
mc ls jkw-minio

# Shell output:
[2024-01-06 15:02:35 UTC]     0B jkw-bucket/

Copy & download files
#

# Copy file into bucket
mc cp file1.txt jkw-minio/jkw-bucket

# Copy / download file from bucket
mc cp jkw-minio/jkw-bucketmy/file1.txt .

Check the Bucket
#

You should be absile to see the files in the bucket from the webinterface:


MinIO without TLS
#

For non production systems.

Folder Structure
#

# Create folder structure
sudo mkdir -p /opt/minio && cd /opt/minio/

Environment File
#

# Create environment file
sudo vi .env
#.env
MINIO_ROOT_USER=admin
MINIO_ROOT_PASSWORD=myadminpw

Docker Compose File
#

# Create Docker Compose file
sudo vi docker-compose.yml
# docker-compose.yml
version: '3.8'
services:
  minio:
    image: minio/minio
    ports:
      - "9000:9000"
      - "9001:9001"
    volumes:
      - ./minio_data:/data
    command: server /data --console-address ":9001"
    env_file:
      - .env

Start Container
#

# Create / start Docker stack
sudo docker compose up -d

MinIO Interfaces
#

API
#

# MinIO S3-API
192.168.30.90:9000

Webinterface
#

# MinIO Console: Open in browser
192.168.30.90:9001

If no custom user & password are defined with the environment variables the default values are as follows:

# User:
minioadmin

# PW:
minioadmin

Create Bucket
#

  • Create a new bucket

Access Keys
#

  • Create Access Keys
# Access Key
UBJAgkFX5Rn71s01yb3k

# Secret Key
pCTjVwgpxF081ifRqPSy0sEfnN4L45BnhjJVoRD1

Policies
#

  • Add the policy that access the bucket to the Access Keys
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "s3:*"
            ],
            "Resource": [
                "arn:aws:s3:::jkw-bucket", # Define bucket name
                "arn:aws:s3:::jkw-bucket/*" # Define bucket name
            ]
        }
    ]
}

MinIO Client
#

Setup
#

# Download MinIO Client and save as "mc" in "minio-binaries" folder in the home directory of the current user
curl https://dl.min.io/client/mc/release/linux-amd64/mc \
  --create-dirs \
  -o $HOME/minio-binaries/mc

# Make file executable
chmod +x $HOME/minio-binaries/mc

# Add "minio-binaries" folder to system PATH & make the mc command available from anywhere in the terminal
export PATH=$PATH:$HOME/minio-binaries/
# List MinIO Client commands
mc --help

# Quit MinIO help
q

Create Alias for MinIO Server
#

  • Syntax
# Optional: Temporarily turn off the recording of commands in the bash history
bash +o history

# Add connection to MinIO server: Syntax
mc alias set ALIAS HOSTNAME ACCESS_KEY SECRET_KEY

# Turn the recording of commands in the bash history back on
bash -o history
  • Add MinIO server: Without TLS
# Add MinIO server: Without TLS encryption
mc alias set jkw-minio http://192.168.30.90:9000 UBJAgkFX5Rn71s01yb3k pCTjVwgpxF081ifRqPSy0sEfnN4L45BnhjJVoRD1

# Test the connection to the MinIO server
mc ls jkw-minio

# Shell output:
[2024-01-06 11:33:34 UTC]     0B jkw-bucket/

Copy & download files
#

# Copy file into bucket
mc cp file1.txt jkw-minio/jkw-bucket

# Copy / download file from bucket
mc cp jkw-minio/jkw-bucketmy/file1.txt .

Check the Bucket
#

You should be absile to see the files in the bucket from the webinterface:


Links #

# MinIO Official Download Page
https://min.io/download#/docker

# MinIO Client
https://min.io/docs/minio/linux/reference/minio-mc.html

# MinIO TLS Configuration
https://min.io/docs/minio/linux/operations/network-encryption.html?ref=docs-redirect#generate-private-key-with-rsa