Minio Install And Config

下载：
wget https://dl.min.io/server/minio/release/linux-amd64/minio

service 文件：
/usr/lib/systemd/system/minio.service

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
[Unit]
Description=MinIO
Wants=network-online.target
After=network-online.target
AssertFileIsExecutable=/usr/local/bin/minio

[Service]
WorkingDirectory=/usr/local

User=minio-user
Group=minio-user
ProtectProc=invisible

EnvironmentFile=-/etc/default/minio
ExecStartPre=/bin/bash -c "if [ -z \"${MINIO_VOLUMES}\" ]; then echo \"Variable MINIO_VOLUMES not set in /etc/default/minio\"; exit 1; fi"
ExecStart=/usr/local/bin/minio server $MINIO_OPTS $MINIO_VOLUMES

# MinIO RELEASE.2023-05-04T21-44-30Z adds support for Type=notify (https://www.freedesktop.org/software/systemd/man/systemd.service.html#Type=)
# This may improve systemctl setups where other services use `After=minio.server`
# Uncomment the line to enable the functionality
# Type=notify

# Let systemd restart this service always
Restart=always

# Specifies the maximum file descriptor number that can be opened by this process
LimitNOFILE=65536

# Specifies the maximum number of threads this process can create
TasksMax=infinity

# Disable timeout logic and wait until process is stopped
TimeoutStopSec=infinity
SendSIGKILL=no

[Install]
WantedBy=multi-user.target

默认配置：
vim /etc/default/minio

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
# MINIO_ROOT_USER and MINIO_ROOT_PASSWORD sets the root account for the MinIO server.
# This user has unrestricted permissions to perform S3 and administrative API operations on any resource in the deployment.
# Omit to use the default values 'minioadmin:minioadmin'.
# MinIO recommends setting non-default values as a best practice, regardless of environment

MINIO_ROOT_USER=xxx
MINIO_ROOT_PASSWORD=xxxx

# MINIO_VOLUMES sets the storage volume or path to use for the MinIO server.

MINIO_VOLUMES="/data"

# MINIO_OPTS sets any additional commandline options to pass to the MinIO server.
# For example, `--console-address :9001` sets the MinIO Console listen port
# MINIO_OPTS="--console-address :9001"
MINIO_OPTS="--certs-dir /etc/minio"

# MINIO_SERVER_URL sets the hostname of the local machine for use with the MinIO Server
# MinIO assumes your network control plane can correctly resolve this hostname to the local machine

# Uncomment the following line and replace the value with the correct hostname for the local machine and port for the MinIO server (9000 by default).

# MINIO_SERVER_URL="http://127.0.0.0:9000"


MINIO_ADDRESS=:xxxx
MINIO_COMPRESSION_ENABLE=on
MINIO_COMPRESSION_ALLOW_ENCRYPTION=on

MINIO_BROWSER=off

1
2
3
4
groupadd -r minio-user
useradd -M -r -g minio-user minio-user
mkdir /data
chown minio-user:minio-user /data/

下载 certgen：
wget https://github.com/minio/certgen/releases/latest/download/certgen-linux-amd64

生成自签证书：

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
chmod +x certgen-linux-amd64
mv certgen-linux-amd64 certgen
./certgen -host x.x.x.x

mkdir /etc/minio
cp private.key public.crt /etc/minio/

chown minio-user:minio-user /etc/minio/ -R

chmod 600 /etc/minio/private.key

客户端配置：

1
2
3
mc alias set myminio https://minioserver.example.net ACCESS_KEY SECRET_KEY
#测试
mc admin info myminio

命令：

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
# 创建桶
mc mb host/xxx

# 查看桶
mc ls host/xxx

# 获取桶策略
mc anonymous get host/xxx

# 列出host
mc config host

# 删除host
mc config host remove gcs

# 上传文件
mc cp core host/xxx/

# 删除文件
mc rm host/xxx/file

SSE-C 加密
Generate the Encryption Key： cat /dev/urandom | head -c 32 | base64 -

加密上传
mc cp ~/data/mydata.json host/xxx/mydata.json \ --encrypt-key "host/xxx/=c2VjcmV0ZW5jcnlwdGlvbmtleWNoYW5nZW1lMTIzNAo="

mc encrypt set ENCRYPTION

Contents