minio
启动
#!/bin/bash
echo 'Asia/Shanghai' > /etc/timezone
docker kill minio
docker rm minio
docker run -d \
--name minio \
--restart=always \
--network app-tier \
-p 9000:9000 \
-p 9001:9001 \
-v $(pwd)/data/:/data \
-v /etc/timezone:/etc/timezone:ro \
-v /etc/localtime:/etc/localtime:ro \
-e "MINIO_ROOT_USER=xxx" \
-e "MINIO_ROOT_PASSWORD=xxx" \
-e "MINIO_BROWSER_REDIRECT_URL=http://xxxxx.xxxx.com" \
bitnami/minio:2021.10.6 /data --console-address ":9001" --address ":9000"
# 国内镜像registry.cn-hangzhou.aliyuncs.com/buyfakett/minio:2021.10.6nginx配置示例
upstream minio_s3 {
least_conn;
server 192.168.1.1:9000;
}
upstream minio_console {
least_conn;
server 192.168.1.1:9001;
}
server {
listen 80;
server_name test.com;
access_log /data/logs/nginx/json_minioSubnet.log json;
# Allow special characters in headers
ignore_invalid_headers off;
# Allow any size file to be uploaded.
# Set to a value such as 1000m; to restrict file size to a specific value
client_max_body_size 0;
# Disable buffering
proxy_buffering off;
proxy_request_buffering off;
location / {
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_connect_timeout 3600;
# Default is HTTP/1, keepalive is only enabled in HTTP/1.1
proxy_http_version 1.1;
proxy_set_header Connection "";
chunked_transfer_encoding off;
proxy_pass http://minio_s3; # This uses the upstream directive definition to load balance
}
location /minio/ui/ {
rewrite ^/minio/ui/(.*) /$1 break;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-NginX-Proxy true;
# This is necessary to pass the correct IP to be hashed
real_ip_header X-Real-IP;
proxy_connect_timeout 3600;
# To support websockets in MinIO versions released after January 2023
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
# Some environments may encounter CORS errors (Kubernetes + Nginx Ingress)
# Uncomment the following line to set the Origin request to an empty string
# proxy_set_header Origin '';
chunked_transfer_encoding off;
proxy_pass http://minio_console; # This uses the upstream directive definition to load balance
}
}linux挂载
# apt install -y s3fs
# yum install -y epel-release s3fs-fuse
echo "access_key:secret_key" > /data/minio-config/passwd
chmod 600 /data/minio-config/passwd
/usr/bin/s3fs <bucket> /data/minio/test -o passwd_file=/data/minio-config/passwd -o url=https://xxx.top -o use_path_request_style监控
# 下载mc并生成token
wget https://dl.min.io/client/mc/release/linux-amd64/mc -O /usr/local/bin/mc && chmod +x /usr/local/bin/mc
mc alias set <ALIAS> <YOUR-S3-ENDPOINT> <YOUR-ACCESS-KEY> <YOUR-SECRET-KEY> --api s3v4
mc admin prometheus generate <ALIAS>grafana中导入13502
权限管理
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:GetBucketLocation",
"s3:ListBucket",
"s3:ListBucketMultipartUploads"
],
"Resource": "arn:aws:s3:::test"
},
{
"Effect": "Allow",
"Action": [
"s3:PutObject",
"s3:GetObject",
"s3:DeleteObject",
"s3:ListMultipartUploadParts",
"s3:AbortMultipartUpload"
],
"Resource": "arn:aws:s3:::test/*"
}
]
}命令行
下载
wget https://dl.minio.org.cn/client/mc/release/linux-amd64/mc -O /usr/local/bin/mc && chmod +x /usr/local/bin/mc常用命令
cp
mc cp --recursive /data/test/ <alias>/<bucket>/test/