If you are looking for a brief introduction of Object Storage and Why would need it, check out this article.
And for those of you already familiar with the What and Why of Object Storage, in this article we shall cover up the How.
Since you’ve read the title you might be wondering what does Minio means, well…
“Minio is an open source object storage server with Amazon S3 compatible API.
Build cloud-native applications portable across all major public and private clouds.”
According to its official website and if you want more information, I suggest reading their official features page.
Minio comes with command line client and is written in Go. It is able to support simple queuing services.
Let us get started with Installing and Configuring our Minio Server.
Update the package database, like right now, Do it….do it….
- sudo apt-get update
Now step, getting the Minio server’s binary file, download it:
- curl -O https://dl.minio.io/server/minio/release/linux-amd64/minio
After the download, let us make that file executable, file name: minio
- sudo chmod +x minio
Now, move the file into the /usr/local/bin directory where Minio’s systemd startup script expects to find it:
- sudo mv minio /usr/local/bin
The next step is a logical one, because security should always be the main concern, we’ll not run the Minio server as root. We will need to create a user account becuase of systemd script wich will look for a user account and group called minio-user, let’s go.
- sudo useradd -r minio-user -s /sbin/nologin
Change ownership of the binary to minio-user:
- sudo chown minio-user:minio-user /usr/local/bin/minioC
Setting up a working directory for Minio to work in.
- sudo mkdir /usr/local/share/minio
Give ownership of that directory to minio-user:
- sudo chown minio-user:minio-user /usr/local/share/minio
The /etc directory is the most common location for server configuration files, so we’ll create a place for Minio there.
- sudo mkdir /etc/minio
Give ownership of that directory to minio-user, too:
- sudo chown minio-user:minio-user /etc/minio
Use nano or your favorite text editor to create the environment file needed to modify the default configuration:
- sudo nano /etc/default/minio
And, add the following variables:
MINIO_VOLUMES="/usr/local/share/minio/"
MINIO_OPTS="-C /etc/minio --address your-server-ip:9000"
- MINIO_VOLUMES: Points to the storage directory that you created earlier.
- MINIO_OPTS: For server behavior. We need to tell Minio the configuration directory it should use and the IP address and port to bind with.
Finally, save and close the environment file when you’re finished making changes.
Minio is now installed, so, next, we’ll configure the server to run as a system service.
Step 2 — Installing the Minio Systemd Startup Script
Minio server is managed as a systemd service, we’ll have to configure it that way.
First, download the Minio service descriptor file using the following command:
- curl -O https://raw.githubusercontent.com/minio/minio-service/master/linux-systemd/minio.service
After the download has finished, a file named minio.service should be in your working directory.
To audit the contents of minio.service before applying it, open it in a text editor to view its contents:
- nano minio.service
Once you’re comfortable with the script’s contents, close your text editor.
Systemd requires that unit files be stored in the systemd configuration directory, so move minio.servicethere:
- sudo mv minio.service /etc/systemd/system
Then, run the following command to reload all systemd units:
- sudo systemctl daemon-reload
Finally, enable Minio to start on boot:
- sudo systemctl enable minio
Now that the systemd script is installed and configured, let’s start the server.
Step 3 — Starting The Minio Server
In this step, you’ll start the server and modify the firewall to allow access through the browser interface.
First, start the Minio server:
- sudo systemctl start minio
You can verify Minio’s status, the IP address it’s bound to, its memory usage, and more with the command:
- sudo systemctl status minio
You should get output like the following:
minio.service - Minio
Loaded: loaded (/etc/systemd/system/minio.service; enabled; vendor preset: enabled)
Active: active (running) since Fri 2017-04-07 00:26:10 UTC; 11min ago
Docs: https://docs.minio.io
Process: 25069 ExecStartPre=/bin/bash -c [ -n "${MINIO_VOLUMES}" ] || echo "Variable MINIO_VOLUMES not set in /etc/default/minio" (code=exit
Main PID: 25073 (minio)
Tasks: 6
Memory: 20.7M
CPU: 544ms
CGroup: /system.slice/minio.service
└─25073 /usr/local/bin/minio server -C /etc/minio --address :9000 /usr/local/share/minio/
Apr 07 00:26:11 ashtonandgray minio[25073]: Browser Access:
Apr 07 00:26:11 ashtonandgray minio[25073]: http://174.138.67.91:9000
Next, you need to enable access through the firewall to the Minio server on the configured port. In this tutorial, that’s port 9000.
So, first add the rule:
- sudo ufw allow 9000
Then, restart the firewall:
- sudo systemctl restart ufw
Minio is now ready to accept traffic.
Step 4 — Securing Access to Minio Server With a Let’s Encrypt SSL/TLS Certificate
In this step, we’ll use the console-based certificate generation client, Concert, to create an SSL/TLS certificate using the open source Let’s Encrypt certificate authority. While there are other ways to generate Let’s Encrypt certificates, Concert is both written by Minio’s developers and part of the official installation instructions.
First, download Concert with the command:
- go get -u github.com/minio/concert
Once complete, a file named concert should be in the bin directory of your GOPATH.
Next, we’ll generate the certificate.
Note: To generate the certificate, concert requires that traffic through port 443 be allowed through the firewall.
Run the following command using the --dirs flag to tell Concert the output directory, email address, and domain name you’d like to use:
- sudo GOPATH/bin/concert gen –dir minio-certs sammy@example.com example.com
The output will look like:
2017/04/09 01:21:08 Generated certificates for example.com under minio-certs will expire in 89 days.
And, Concert will have generated a private.key and a public.crt file, which you can verify by running ls on the directory you specified.
Next, we’ll copy these two files into the certs directory under Minio’s server configuration folder, which is /etc/minio for this tutorial.
- sudo cp minio-certs/private.key /etc/minio/certs/
- sudo cp minio-certs/public.crt /etc/minio/certs/
Now, change the ownership of the files to minio-user:
- sudo chown minio-user:minio-user /etc/minio/certs/private.key
- sudo chown minio-user:minio-user /etc/minio/certs/public.crt
Restart the Minio server, so that it becomes aware of the certificate and starts using HTTPS:
- sudo systemctl restart minio
Since the Let’s Encrypt certificate generated is valid for just 90 days and repeatedly renewing it manually would be inefficient, start Concert in server mode to set up a system to auto-renew the certificate:
- sudo concert server –dir minio-certs sammy@example.com example.com
With that, Minio’s connection is now secure, and the SSL/TLS certificate will automatically renew for you. In the next step, you’ll connect to Minio through the browser to use and administrate the server.
Step 5 — Securely Connecting to Minio’s Web Interface Using HTTPS
In this step, you’ll securely connect to the Minio web interface via HTTPS, and then you’ll create buckets and upload objects into them.
Access the web interface by pointing your browser to https://example.com:9000.
Next, you’ll need to find your login credentials. Minio wrote its configuration file to the /etc/miniodirectory when you started the server in Step 3. That configuration file, config.json, contains the accessKey and secretKey values you’ll need to access the server now. Be sure to copy and keep both keys in an easy-to-reach and secure place for the future.
{
"version": "19",
"credential": {
"accessKey": "8ngv6i97QZV959Y87Y007FP",
"secretKey": "C6hK8ytyBe3Q952bght65434JiZN08itG49jG5RX"
},
"region": "us-east-1",
...
}
Now, log into the main interface by entering your credentials and clicking the round button with the arrow directly below the input fields.
From there, click the light-red + button on the bottom right of the main interface to bring up two additional yellow buttons.
0 Comments