Published on January 22, 2024

MinIO Server Installation And Configuration

Iommi Mandela

@enum314

MinIO Server Installation And Configuration

Introduction

This guide will show you how to install and configure MinIO Server on Ubuntu 22.04.

What is MinIO Server?

MinIO is a high performance distributed object storage server, designed for large-scale private cloud infrastructure. MinIO is designed in a cloud-native manner to scale sustainably in multi-tenant environments. MinIO is a self-hosted alternative to Amazon S3.

Prerequisites

A server running Ubuntu 22.04.
A non-root user with sudo privileges.
Nginx installed on your server. Learn how.
Two domain names pointed to your server IP. Learn how.
- In this guide, we will use cdn.example.com and minio.example.com.

Installation

Before starting, you will need to update your system packages to the latest version. You can update them using the following command:

sudo apt update

Once all the packages are updated, you can proceed to install the required dependencies with the following command:

sudo apt install wget

Step 1 - Install MinIO Server

You can install MinIO Server using the following command:

wget https://dl.min.io/server/minio/release/linux-amd64/archive/minio_20240116160738.0.0_amd64.deb -O minio.deb
sudo dpkg -i minio.deb

Step 2 - Systemd Service File

Next, you will need to create a systemd service file for MinIO Server. You can create it with the following command:

The minio.deb package installs the following systemd service file:

/usr/lib/systemd/system/minio.service

Note: The systemd checks the /etc/systemd/... path before checking the /usr/lib/systemd/... path it finds.

To avoid conflicting or unexpected configuration options,check that the file only exists at the /usr/lib/systemd/system/minio.service path.

/usr/lib/systemd/system/minio.service

[Unit]
Description=MinIO
Documentation=https://min.io/docs/minio/linux/index.html
Wants=network-online.target
After=network-online.target
AssertFileIsExecutable=/usr/local/bin/minio
 
[Service]
WorkingDirectory=/usr/local
 
User=minio-user
Group=minio-user
ProtectProc=invisible
 
EnvironmentFile=-/etc/default/minio
ExecStartPre=/bin/bash -c "if [ -z \"${MINIO_VOLUMES}\" ]; then echo \"Variable MINIO_VOLUMES not set in /etc/default/minio\"; exit 1; fi"
ExecStart=/usr/local/bin/minio server $MINIO_OPTS $MINIO_VOLUMES
 
# MinIO RELEASE.2023-05-04T21-44-30Z adds support for Type=notify (https://www.freedesktop.org/software/systemd/man/systemd.service.html#Type=)
# This may improve systemctl setups where other services use `After=minio.server`
# Uncomment the line to enable the functionality
# Type=notify
 
# Let systemd restart this service always
Restart=always
 
# Specifies the maximum file descriptor number that can be opened by this process
LimitNOFILE=65536
 
# Specifies the maximum number of threads this process can create
TasksMax=infinity
 
# Disable timeout logic and wait until process is stopped
TimeoutStopSec=infinity
SendSIGKILL=no
 
[Install]
WantedBy=multi-user.target
 
# Built for ${project.name}-${project.version} (${project.name})

The minio.service file runs as the minio-user User and Group by default. You can create the user and group using the groupadd and useradd commands. The following example creates the user, group, and sets permissions to access the folder paths intended for use by MinIO. These commands typically require root (sudo) permissions.

groupadd -r minio-user
useradd -M -r -g minio-user minio-user
chown minio-user:minio-user /mnt/minio

The specified drive paths are provided as an example. Change them to match the path to those drives intended for use by MinIO.

Alternatively, change the User and Group values to another user and group on the system host with the necessary access and permissions.

Step 3 - Environment Variables

Next, you will need to create an environment file for MinIO Server. You can create it with the following command:

sudo nano /etc/default/minio

/etc/default/minio

# /etc/default/minio
 
# MINIO_ROOT_USER and MINIO_ROOT_PASSWORD sets the root account for the MinIO server.
# This user has unrestricted permissions to perform S3 and administrative API operations on any resource in the deployment.
# Omit to use the default values 'minioadmin:minioadmin'.
# MinIO recommends setting non-default values as a best practice, regardless of environment
 
MINIO_ROOT_USER=myminioadmin
MINIO_ROOT_PASSWORD=minio-secret-key-change-me
 
# MINIO_VOLUMES sets the storage volume or path to use for the MinIO server.
 
MINIO_VOLUMES="/mnt/minio"
 
# MINIO_SERVER_URL sets the hostname of the local machine for use with the MinIO Server
# MinIO assumes your network control plane can correctly resolve this hostname to the local machine
 
# Uncomment the following line and replace the value with the correct hostname for the local machine and port for the MinIO server (9000 by default).
 
MINIO_SERVER_URL="https://cdn.example.com"
MINIO_BROWSER_REDIRECT_URL="https://minio.example.com"
 
# MINIO_OPTS sets additional command line arguments for the MinIO server.
MINIO_OPTS="--console-address :9001"

Step 4 - SSL/TLS Certificate

Before continuing, you will need to create an SSL/TLS certificate for your phpMyAdmin domain.

See the following blogs to create an SSL/TLS certificate for your domain using Certbot:

Once you have created an SSL/TLS certificate for your domain, you can proceed to the next step.

Step 5 - Configure Nginx for MinIO Server

Next, you will need to create an Nginx config file for MinIO Server for both cdn.example.com and minio.example.com domains.

You can create it with the following command:

sudo nano /etc/nginx/sites-enabled/cdn.example.com.conf

/etc/nginx/sites-enabled/cdn.example.com.conf

server {
    listen 80;
    listen [::]:80;
 
    server_name cdn.example.com;
 
    # Redirect all HTTP traffic to HTTPS
    return 301 https://$server_name$request_uri;
}
 
server {
  listen 443 ssl http2;
  listen [::]:443 ssl http2;
 
  server_name cdn.example.com;
 
  # SSL
  ssl_certificate /etc/letsencrypt/live/cdn.example.com/fullchain.pem;
  ssl_certificate_key /etc/letsencrypt/live/cdn.example.com/privkey.pem;
 
  # Security
  add_header X-Frame-Options "SAMEORIGIN";
  add_header X-XSS-Protection "1; mode=block" always;
  add_header X-Content-Type-Options "nosniff" always;
  add_header Referrer-Policy "no-referrer-when-downgrade" always;
  add_header Permissions-Policy "interest-cohort=()" always;
  add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
 
  # . files
  location ~ /\.(?!well-known) {
    deny all;
  }
 
  # Logging
  access_log /var/log/nginx/cdn.example.com-access.log combined buffer=512k flush=1m;
  error_log /var/log/nginx/cdn.example.com-error.log warn;
 
  # Reverse Proxy
  location / {
    proxy_pass http://127.0.0.1:9000;
 
    proxy_http_version 1.1;
    proxy_cache_bypass $http_upgrade;
 
    # Proxy SSL
    proxy_ssl_server_name on;
 
    # Proxy headers
    proxy_set_header Host $host;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection $connection_upgrade;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header Forwarded $proxy_add_forwarded;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header X-Forwarded-Host $host;
    proxy_set_header X-Forwarded-Port $server_port;
 
    # Proxy timeouts
    proxy_connect_timeout 60s;
    proxy_send_timeout 60s;
    proxy_read_timeout 60s;
  }
 
  # robots.txt
  location = /robots.txt {
    log_not_found off;
  }
 
  # gzip
  gzip on;
  gzip_vary on;
  gzip_proxied any;
  gzip_comp_level 6;
  gzip_types text/plain text/css text/xml application/json application/javascript application/rss+xml application/atom+xml image/svg+xml;
}

Then create another Nginx config file for minio.example.com domain:

sudo nano /etc/nginx/sites-enabled/minio.example.com.conf

/etc/nginx/sites-enabled/minio.example.com.conf

server {
    listen 80;
    listen [::]:80;
 
    server_name minio.example.com;
 
    # Redirect all HTTP traffic to HTTPS
    return 301 https://$server_name$request_uri;
}
 
server {
  listen 443 ssl http2;
  listen [::]:443 ssl http2;
 
  server_name minio.example.com;
 
  # SSL
  ssl_certificate /etc/letsencrypt/live/minio.example.com/fullchain.pem;
  ssl_certificate_key /etc/letsencrypt/live/minio.example.com/privkey.pem;
 
  # Security
  add_header X-Frame-Options "SAMEORIGIN";
  add_header X-XSS-Protection "1; mode=block" always;
  add_header X-Content-Type-Options "nosniff" always;
  add_header Referrer-Policy "no-referrer-when-downgrade" always;
  add_header Permissions-Policy "interest-cohort=()" always;
  add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
 
  # . files
  location ~ /\.(?!well-known) {
    deny all;
  }
 
  # Logging
  access_log /var/log/nginx/minio.example.com-access.log combined buffer=512k flush=1m;
  error_log /var/log/nginx/minio.example.com-error.log warn;
 
  # Reverse Proxy
  location / {
    proxy_pass http://127.0.0.1:9001;
 
    proxy_http_version 1.1;
    proxy_cache_bypass $http_upgrade;
 
    # Proxy SSL
    proxy_ssl_server_name on;
 
    # Proxy headers
    proxy_set_header Host $host;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection $connection_upgrade;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header Forwarded $proxy_add_forwarded;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header X-Forwarded-Host $host;
    proxy_set_header X-Forwarded-Port $server_port;
 
    # Proxy timeouts
    proxy_connect_timeout 60s;
    proxy_send_timeout 60s;
    proxy_read_timeout 60s;
  }
 
  # robots.txt
  location = /robots.txt {
    log_not_found off;
  }
 
  # gzip
  gzip on;
  gzip_vary on;
  gzip_proxied any;
  gzip_comp_level 6;
  gzip_types text/plain text/css text/xml application/json application/javascript application/rss+xml application/atom+xml image/svg+xml;
}

Once you are finished, save and close the file. Then, verify the Nginx for any configuration errors with the following command:

sudo nginx -t

You should get the following output:

Output

nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

Finally, restart the Nginx service to apply the changes:

sudo systemctl restart nginx
# OR
sudo nginx -s reload

Step 6 - Start MinIO Server

Before starting MinIO Server, you will need to create a data directory for MinIO Server:

sudo mkdir -p /mnt/minio

Next, you will need to start MinIO Server with the following command:

sudo systemctl start minio

You can also enable MinIO Server to start at system reboot with the following command:

sudo systemctl enable minio

You can now check the status of MinIO Server with the following command:

sudo systemctl status minio

You should get the following output:

Output

● minio.service - MinIO
     Loaded: loaded (/usr/lib/systemd/system/minio.service; enabled; vendor preset: enabled)
     Active: active (running) since Sat 2021-10-23 09:50:00 UTC; 1min 2s ago
   Main PID: 1234 (minio)
      Tasks: 9 (limit: 4915)
     Memory: 9.1M
        CPU: 1.027s
     CGroup: /system.slice/minio.service
             └─1234 /usr/local/bin/minio server --console-address :9001 /mnt/minio
 
Oct 23 09:50:00 ubuntu systemd[1]: Started MinIO.

Step 7 - Access MinIO Server

MinIO Server is now installed and listening on port 9000 and 9001. You can access it using the following URL:

https://cdn.example.com - MinIO Server
https://minio.example.com - MinIO Console

Conclusion

Congratulations! you have successfully installed and configured MinIO Server on Ubuntu 22.04. You can now easily store and manage your data using MinIO Server.

Resources

See all posts