buyfakett's Note
Series

minio(私有化oss)

buyfakett

minio

官方文档open in new window

开源地址open in new window

启动

#!/bin/bash
echo 'Asia/Shanghai' > /etc/timezone

docker kill minio
docker rm minio
docker run -d \
--name minio \
--restart=always \
--network app-tier \
-p 9000:9000 \
-p 9001:9001 \
-v $(pwd)/data/:/data \
-v /etc/timezone:/etc/timezone:ro \
-v /etc/localtime:/etc/localtime:ro \
-e "MINIO_ROOT_USER=xxx" \
-e "MINIO_ROOT_PASSWORD=xxx" \
-e "MINIO_BROWSER_REDIRECT_URL=http://xxxxx.xxxx.com" \
bitnami/minio:2021.10.6 /data --console-address ":9001" --address ":9000"

# 国内镜像registry.cn-hangzhou.aliyuncs.com/buyfakett/minio:2021.10.6

#!/bin/bash

echo 'Asia/Shanghai' > /etc/timezone

docker kill minio
docker rm minio
docker run -d \
   --network=host \
   --name minio \
   --restart=always \
   -v /etc/timezone:/etc/timezone:ro \
   -v /etc/localtime:/etc/localtime:ro \
   -v $(pwd)/data:/data \
   -e "MINIO_ROOT_USER=root" \
   -e "MINIO_ROOT_PASSWORD=serializable" \
   -e "MINIO_BROWSER_REDIRECT_URL=http://s3.xxxwahotdog.top" \
   minio/minio server /data --console-address ":9001" --address ":9000"

# 国内镜像国内镜像registry.cn-hangzhou.aliyuncs.com/buyfakett/minio

#!/bin/bash

echo 'Asia/Shanghai' > /etc/timezone

ADMIN_USERNAME="root"
ADMIN_PASSWORD="password"
MINIO_BUCKET="test-bucket"
MINIO_URL="10.32.8.170"

docker kill minio
docker rm minio
docker run -d \
   --network=host \
   --name minio \
   --restart=always \
   -v /etc/timezone:/etc/timezone:ro \
   -v /etc/localtime:/etc/localtime:ro \
   -v $(pwd)/data:/data \
   -e "MINIO_ROOT_USER=${ADMIN_USERNAME}" \
   -e "MINIO_ROOT_PASSWORD=${ADMIN_PASSWORD}" \
   -e "MINIO_BROWSER_REDIRECT_URL=http://${MINIO_URL}/minio/ui/" \
   minio/minio server /data --console-address ":9001" --address ":9000"

echo "等待 MinIO 启动..."
sleep 5

# 使用 mc 工具初始化 bucket
docker run --rm --network host \
  -e MC_HOST_local="http://${ADMIN_USERNAME}:${ADMIN_PASSWORD}@${MINIO_URL}" \
  minio/mc mb --ignore-existing local/${MINIO_BUCKET}
nginx配置示例
upstream minio_s3 {
    least_conn;
    server 192.168.1.1:9000;
}

upstream minio_console {
    least_conn;
    server 192.168.1.1:9001;
}

server {
    listen       80;
    server_name  test.com;
    access_log /data/logs/nginx/json_minioSubnet.log json;

    # Allow special characters in headers
    ignore_invalid_headers off;
    # Allow any size file to be uploaded.
    # Set to a value such as 1000m; to restrict file size to a specific value
    client_max_body_size 0;
    # Disable buffering
    proxy_buffering off;
    proxy_request_buffering off;

    location / {
        proxy_set_header Host $http_host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;

        proxy_connect_timeout 3600;
        # Default is HTTP/1, keepalive is only enabled in HTTP/1.1
        proxy_http_version 1.1;
        proxy_set_header Connection "";
        chunked_transfer_encoding off;

        proxy_pass http://minio_s3; # This uses the upstream directive definition to load balance
    }

    location /minio/ui/ {
        rewrite ^/minio/ui/(.*) /$1 break;
        proxy_set_header Host $http_host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-NginX-Proxy true;

        # This is necessary to pass the correct IP to be hashed
        real_ip_header X-Real-IP;

        proxy_connect_timeout 3600;

        # To support websockets in MinIO versions released after January 2023
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        # Some environments may encounter CORS errors (Kubernetes + Nginx Ingress)
        # Uncomment the following line to set the Origin request to an empty string
        # proxy_set_header Origin '';

        chunked_transfer_encoding off;

        proxy_pass http://minio_console; # This uses the upstream directive definition to load balance
    }
}

linux挂载

# apt install -y s3fs
# yum install -y epel-release s3fs-fuse

echo "access_key:secret_key" > /data/minio-config/passwd
chmod 600 /data/minio-config/passwd
/usr/bin/s3fs <bucket> /data/minio/test -o passwd_file=/data/minio-config/passwd -o url=https://xxx.top -o use_path_request_style

监控

# 下载mc并生成token
wget https://dl.min.io/client/mc/release/linux-amd64/mc -O /usr/local/bin/mc && chmod +x /usr/local/bin/mc
mc alias set <ALIAS> <YOUR-S3-ENDPOINT> <YOUR-ACCESS-KEY> <YOUR-SECRET-KEY> --api s3v4
mc admin prometheus generate <ALIAS>

grafana中导入13502

权限管理

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "s3:GetBucketLocation",
        "s3:ListBucket",
        "s3:ListBucketMultipartUploads"
      ],
      "Resource": "arn:aws:s3:::test"
    },
    {
      "Effect": "Allow",
      "Action": [
        "s3:PutObject",
        "s3:GetObject",
        "s3:DeleteObject",
        "s3:ListMultipartUploadParts",
        "s3:AbortMultipartUpload"
      ],
      "Resource": "arn:aws:s3:::test/*"
    }
  ]
}

命令行

下载

wget https://dl.minio.org.cn/client/mc/release/linux-amd64/mc -O /usr/local/bin/mc && chmod +x /usr/local/bin/mc

常用命令

cp

mc cp --recursive /data/test/ <alias>/<bucket>/test/
Edit this page
Last Updated 4/16/2025, 3:25:42 AM
ON THIS PAGE