Ideas
      Back to home
      1. Support
      2. Ideas

      Deploying MinIO Server for S3 connectivity

      MinIO is a software-defined high performance distributed object storage server.

      If your a customer requiring direct on-prem storage does not support S3-compatible interface, Minio is recommended as a service for S3 interface.  MinIO is a software-defined high performance distributed object storage server. You can run MinIO on consumer or enterprise-grade hardware and a variety of operating systems and architectures.

      Considerations Checklist

      Please use the following "Linux" checklist when planning the software configuration for a production, distributed MinIO deployment.

      https://min.io/docs/minio/linux/operations/checklists/software.html

      Prerequisites

      • Set up a data store by mounting storage to a designated path like /mnt/store1. For instance, use a local folder such as /data to store your data. Make sure to grant Read/Write permissions to the mount path and open the firewall to port 9000 for S3 APIs. Additionally, consider opening port 9001 for the Web Console if needed. Don't forget to secure your data with a TLS certificate.

        Install MinIO

        Myota exclusively functions on Linux due to Windows having object names that are incompatible.  While S3 and Minio on Linux allow the use of question marks ('?') in object names, Minio on Windows does not support this feature.

        We recommend Ubuntu as host machine of Minio server


        sudo dpkg -i minio.deb

        • Add minio user and group
        • groupadd -r minio-user

        useradd -M -r -g minio-user minio-user

        • Prepare directory to store Minio data based on your setup (e.g. local storage, NFS mount, etc.)
        • mkdir /data

        chown minio-user:minio-user /data

        • Create minio.service. Open the service file (e.g. Ubuntu, /usr/lib/systemd/system/minio.service). Check User, Group are matched with your minio user (e.g. minio-user) and path at EnvironmentFile (/etc/default/minio)

        vi /usr/lib/systemd/system/minio.service

        [Unit]

        Description=MinIO

        Documentation=https://min.io/docs/minio/linux/index.html

        Wants=network-online.target

        After=network-online.target

        AssertFileIsExecutable=/usr/local/bin/minio

        [Service]

        WorkingDirectory=/usr/local

        User=minio-user

        Group=minio-user

        ProtectProc=invisible

         

        EnvironmentFile=-/etc/default/minio

        ExecStartPre=/bin/bash -c "if [ -z \"${MINIO_VOLUMES}\" ]; then echo \"Variable MINIO_VOLUMES not set in /etc/default/minio\"; exit 1; fi"

        ExecStart=/usr/local/bin/minio server $MINIO_OPTS $MINIO_VOLUMES

         

        # MinIO RELEASE.2023-05-04T21-44-30Z adds support for Type=notify (https://www.freedesktop.org/software/systemd/man/systemd.service.html#Type=)

        # This may improve systemctl setups where other services use `After=minio.server`

        # Uncomment the line to enable the functionality

        # Type=notify

         

        # Let systemd restart this service always

        Restart=always

         

        # Specifies the maximum file descriptor number that can be opened by this process

        LimitNOFILE=65536

         

        # Specifies the maximum number of threads this process can create

        TasksMax=infinity

         

        # Disable timeout logic and wait until process is stopped

        TimeoutStopSec=infinity

        SendSIGKILL=no

         

        [Install]

        WantedBy=multi-user.target

         

        # Built for ${project.name}-${project.version} (${project.name})

        • Update environment file (/etc/default/minio)
          Change MINIO_ROOT_USER, MINIO_ROOT_PASSWORD, and MINIO_VOLUMES
          With default setup, Web Console port is 9001 and API port is 9000. Note that Comment out MINIO_SERVER_URL to receive request from all interfaces.

        vi /etc/default/minio

        # MINIO_ROOT_USER and MINIO_ROOT_PASSWORD sets the root account for the MinIO server.

        # This user has unrestricted permissions to perform S3 and administrative API operations on any resource in the deployment.

        # Omit to use the default values 'minioadmin:minioadmin'.

        # MinIO recommends setting non-default values as a best practice, regardless of environment

         

        MINIO_ROOT_USER=your_admin_user

        MINIO_ROOT_PASSWORD=your_admin_password

         

        # MINIO_VOLUMES sets the storage volume or path to use for the MinIO server.

         

        MINIO_VOLUMES="/data"

         

        # MINIO_OPTS sets any additional commandline options to pass to the MinIO server.

        # For example, `--console-address :9001` sets the MinIO Console listen port

        MINIO_OPTS="--console-address :9001"

         

        # MINIO_SERVER_URL sets the hostname of the local machine for use with the MinIO Server

        # MinIO assumes your network control plane can correctly resolve this hostname to the local machine

         

        # Uncomment the following line and replace the value with the correct hostname for the local machine and port for the MinIO server (9000 by default).

         

        # MINIO_SERVER_URL="https://YOUR_DOMAIN:9000"

        • Start Minio service

        systemctl start minio.service

         

        • Check Minio service status

        systemctl status minio.service

        • minio.service - MinIO

             Loaded: loaded (/lib/systemd/system/minio.service; disabled; vendor preset: enabled)

             Active: active (running) since Mon 2024-02-26 19:43:58 UTC; 2 days ago

               Docs: https://docs.min.io

           Process: 890 ExecStartPre=/bin/bash -c if [ -z "${MINIO_VOLUMES}" ]; then echo "Variable MINIO_VOLUMES not set in /etc/default/minio"; exit 1; fi (code=exi>

           Main PID: 891 (minio)

             Tasks: 10

               CPU: 2min 7.399s

             CGroup: /system.slice/minio.service

                     └─891 /usr/local/bin/minio server --console-address :9001 /data

        Feb 26 19:43:58 localhost minio[891]: Copyright: 2015-2024 MinIO, Inc.

        Feb 26 19:43:58 localhost minio[891]: License: GNU AGPLv3 <https://www.gnu.org/licenses/agpl-3.0.html>

        Feb 26 19:43:58 localhost minio[891]: Version: RELEASE.2024-02-17T01-15-57Z (go1.21.7 linux/amd64)

        Feb 26 19:43:58 localhost minio[891]: Status:         1 Online, 0 Offline.

        Feb 26 19:43:58 localhost minio[891]: S3-API: http://192.168.136.67:9000 http://139.144.215.26:9000 http://127.0.0.1:9000

        Feb 26 19:43:58 localhost minio[891]: Console: http://192.168.136.67:9001 http://139.144.215.26:9001 http://127.0.0.1:9001

        Feb 26 19:43:58 localhost minio[891]: Documentation: https://min.io/docs/minio/linux/index.html

        Feb 26 19:43:58 localhost minio[891]: Warning: The standard parity is set to 0. This can lead to data loss.

        Feb 26 19:43:58 localhost minio[891]: You are running an older version of MinIO released 1 week before the latest release

        Feb 26 19:43:58 localhost minio[891]: Update: Run `mc admin update ALIAS`

        Here in the status, look at addresses at S3-API and Console. It should have IP addresses of all network interfaces. In this example, there are private IP address, public IP address, and localhost.
        Note that protocol is ‘http’ or ‘https’.

        • Visit Minio Web console at port 9001 and test S3 APIs at port 9000.

        TLS configuration

        There are two options to setup TSL.

        Option 1: Setup certificate directly at Minio server

        • Put your certificate and private key like this structure.
        • /home/minio-user/.minio/
        • └── certs
        • ├── YOUR_DOMAIN
        • │   ├── private.key
        • │   └── public.crt
        • ├── private.key

           └── public.crt

         

        • Change MINIO_SERVER_URL in environment file (e.g. /etc/default/minio) and uncomment the line.
        • # MINIO_ROOT_USER and MINIO_ROOT_PASSWORD sets the root account for the MinIO server.
        • # This user has unrestricted permissions to perform S3 and administrative API operations on any resource in the deployment.
        • # Omit to use the default values 'minioadmin:minioadmin'.
        • # MinIO recommends setting non-default values as a best practice, regardless of environment
        • MINIO_ROOT_USER=your_admin_user
        • MINIO_ROOT_PASSWORD=your_admin_password
        • # MINIO_VOLUMES sets the storage volume or path to use for the MinIO server.
        • MINIO_VOLUMES="/data"
        • # MINIO_OPTS sets any additional commandline options to pass to the MinIO server.
        • # For example, `--console-address :9001` sets the MinIO Console listen port
        • MINIO_OPTS="--console-address :9001"
        • # MINIO_SERVER_URL sets the hostname of the local machine for use with the MinIO Server
        • # MinIO assumes your network control plane can correctly resolve this hostname to the local machine
        • # Uncomment the following line and replace the value with the correct hostname for the local machine and port for the MinIO server (9000 by default).

        MINIO_SERVER_URL="https://YOUR_DOMAIN:9000"

         

        • Restart Minio service

        systemctl restart minio.service

        • minio.service - MinIO

             Loaded: loaded (/lib/systemd/system/minio.service; disabled; vendor preset: enabled)

             Active: active (running) since Mon 2024-02-26 19:43:58 UTC; 2 days ago

               Docs: https://docs.min.io

           Process: 890 ExecStartPre=/bin/bash -c if [ -z "${MINIO_VOLUMES}" ]; then echo "Variable MINIO_VOLUMES not set in /etc/default/minio"; exit 1; fi (code=exi>

           Main PID: 891 (minio)

             Tasks: 10

               CPU: 2min 7.399s

             CGroup: /system.slice/minio.service

                     └─891 /usr/local/bin/minio server --console-address :9001 /data

         

        Feb 26 19:43:58 localhost minio[891]: Copyright: 2015-2024 MinIO, Inc.

        Feb 26 19:43:58 localhost minio[891]: License: GNU AGPLv3 <https://www.gnu.org/licenses/agpl-3.0.html>

        Feb 26 19:43:58 localhost minio[891]: Version: RELEASE.2024-02-17T01-15-57Z (go1.21.7 linux/amd64)

        Feb 26 19:43:58 localhost minio[891]: Status:         1 Online, 0 Offline.

        Feb 26 19:43:58 localhost minio[891]: S3-API: https://192.168.136.67:9000 https://139.144.215.26:9000 https://127.0.0.1:9000

        Feb 26 19:43:58 localhost minio[891]: Console: https://192.168.136.67:9001 https://139.144.215.26:9001 https://127.0.0.1:9001

        Feb 26 19:43:58 localhost minio[891]: Documentation: https://min.io/docs/minio/linux/index.html

        Feb 26 19:43:58 localhost minio[891]: Warning: The standard parity is set to 0. This can lead to data loss.

        Feb 26 19:43:58 localhost minio[891]: You are running an older version of MinIO released 1 week before the latest release

        Feb 26 19:43:58 localhost minio[891]: Update: Run `mc admin update ALIAS`

        • Now, S3-API (or Console) will show you “https” and your domain name is specified.
        • Update DNS record with Minio server IP address


        Option 2: Setup certificate at Load Balancer or Proxy

        • Keep /home/minio-user/.minio/certs folder empty. (maybe CAs folder is created automatically. You can leave CAs folder)
        • /home/minio-user/.minio/

        └── certs

        • Comment out MINIO_SERVER_URL in environment file. It makes Minio server receives requests from all interfaces.
        • Setup Proxy or Load Balancer.
          • Add Minio server(s)
          • Add certificate and key at Proxy or Load Balancer
        • Update DNS record with Proxy or Load Balancer IP address

        Resources

        Install and Deploy MinIO - https://min.io/docs/minio/linux/operations/install-deploy-manage/deploy-minio-single-node-single-drive.html