一、实验背景
从基于云的备份解决方案到高可用性内容传送网络(CDN),对象存储已成为现代技术领域不可分割的一部分。 而且,由于其占地面积小,界面简单,与多个云存储服务兼容, Minio对象存储服务器具有很大的冲击力。
Minio是一种开源对象存储服务器,
Minio 是一个基于Apache License v2.0开源协议的对象存储服务,可将非结构化数据(如照片,视频,虚拟机映像,容器和日志文件)存储为对象。它兼容亚马逊S3云存储服务接口,非常适合于存储大容量非结构化的数据,而一个对象文件可以是任意大小,从几KB到最大5T不等。
Minio是一个非常轻量的服务,可以很简单的和其他应用的结合,类似 NodeJS, Redis 或者 MySQL。
在分布式模式下,Minio提供了一个单一的对象存储服务器,它可以跨多个服务器分布多个驱动器。
Minio由Go语言编写,附带命令行客户端和浏览器界面,并支持高级消息队列协议(AMQP) , 弹性搜索 , Redis , NATS和Postgres目标的简单排队服务。
在本教程中,我们将学习:
1.在CentOS7服务器上安装Minio服务器,并将其配置为systemd服务
2.使用“加密”设置SSL / TLS证书,以确保服务器和客户端之间的通信安全
3.通过HTTPS访问Minio的浏览器界面,以使用和管理服务器
二、实验环境
操作系统: CentOS7.5 Minmal
minioServer: 192.168.1.103
三、安装minioSever
1.创建minio安装相关目录,做数据盘挂载
# mkdir /usr/local/minio
# mkfs.xfs -f /dev/sdb
# mount /dev/sdb /usr/local/minio
# blkid /dev/sdb
# echo "$(blkid /dev/sdb | awk '{print $2}') /usr/local/minio xfs defaults 0 0" >> /etc/fstab
# cat /etc/fstab
# mount -a
# lsblk
# mkdir /usr/local/minio/bin
# mkdir /usr/local/minio/etc
# mkdir /usr/local/minio/data
2. 创建minio运行用户
# groupadd -g 2019 minio
# useradd -r -M -u 2019 -g 2019 -c "Minio User" -s /sbin/nologin minio
# id minio
# cat /etc/passwd
3.下载minio的二进制文件
# curl -O https://dl.minio.io/server/minio/release/linux-amd64/minio
# chmod 750 minio
# ./minio --help
# ./minio version
# cp minio /usr/local/minio/bin
4. 创建minio配文件
# vim /usr/local/minio/etc/minio.conf
##########################################################
MINIO_VOLUMES="/usr/local/minio/data"
MINIO_OPTS="-C /usr/local/minio/etc --address 192.168.1.103:9000"
##########################################################
# vim /etc/systemd/system/minio.service
####################################################################
[Unit]
Description=MinIO
Documentation=https://docs.min.io
Wants=network-online.target
After=network-online.target
AssertFileIsExecutable=/usr/local/minio/bin/minio
[Service]
# User and group
User=minio
Group=minio
EnvironmentFile=/usr/local/minio/etc/minio.conf
ExecStart=/usr/local/minio/bin/minio server $MINIO_OPTS $MINIO_VOLUMES
# Let systemd restart this service always
Restart=always
# Specifies the maximum file descriptor number that can be opened by this process
LimitNOFILE=65536
# Disable timeout logic and wait until process is stopped
TimeoutStopSec=infinity
SendSIGKILL=no
[Install]
WantedBy=multi-user.target
####################################################################
5. 更改文件、目录属主属组
# chown -R minio:minio /usr/local/minio
6.启动服务
# systemctl daemon-reload
# systemctl enable minio.service
# systemctl start minio.service
# systemctl status minio.service
# ps aux | grep minio
# ss -tan | grep 9000
7.设置防火墙,开放minio访问端口
# firewall-cmd --zone=public --add-port=9000/tcp --permanent
# firewall-cmd --reload
8.访问minio
http://192.18.1.103:9000
获取AccessKey和SecretKey
# ll /usr/local/minio/
# ll -R /usr/local/minio/
# ll -R /usr/local/minio/data/
# cat /usr/local/minio/data/.minio.sys/config/config.json
# cat /usr/local/minio/data/.minio.sys/config/config.json | head -n 20
"accessKey": "UQLPP1WIH28W806T9AY7"
"secretKey": "MMYyJkwNTDUVqBzn0TGsZkSL7entHsV5zcAOLAkq"
四、 配置minio的SSL/TLS
从上面可以看出,minio启动后会在 etc目录下生成证书文件目录,在data目录下生成隐藏文件夹,里面有登录相关配置
1.生成私钥和自签名证书
# yum -y install openssl
# openssl req -x509 -nodes \
-sha512 \
-newkey rsa:2048 \
-days 365 \
-subj "/C=CN/ST=Gunagdong/L=Shenzhen/O=Test/OU=Test/CN=www.example.com" \
-keyout private.key \
-out public.crt
查看证书内容
# cat /usr/local/minio/etc/certs/private.key
# cat /usr/local/minio/etc/certs/public.crt
# openssl x509 -noout -text -in /usr/local/minio/etc/certs/public.crt
2.拷贝证书到minio证书目录
# mv private.key /usr/local/minio/etc/certs
# mv public.crt /usr/local/minio/etc/certs
# find /usr/local/minio/etc/certs -type d -exec chmod 700 {} \;
# find /usr/local/minio/etc/certs -type f -exec chmod 400 {} \;
# chown -R minio:minio /usr/local/minio
3.重启minio服务
# systemctl restart minio.service
# systemctl status minio.service
访问 https://192.168.1.103:9000
五、测试minio文件存储
1.创建两个bucket
2.文件上传测试
3. 文件分享
4.查看后台文件目录状态
# ll -R /usr/local/minio
关于minio自定义登录用户名密码
# /usr/local/minio/bin/minio server --help
# /usr/local/minio/bin/minio --help
编辑配置文件,定义环境变量
MINIO_ACCESS_KEY:用户名,最少三个字符
MINIO_SECRET_KEY:密钥,最少八个字符
# vim /usr/local/minio/etc/minio.conf
#######################################################
MINIO_VOLUMES="/usr/local/minio/data"
MINIO_OPTS="-C /usr/local/minio/etc --address 192.168.1.103:9000"
MINIO_ACCESS_KEY="admin"
MINIO_SECRET_KEY="Admin@123"
########################################################
# systemctl daemon-reload
# systemctl restart minio.service
# systemctl status minio.service
浏览器访问:https://192.168.1.103:9000
六、minio的卸载
# systemctl stop minio.service
# rm -rf /usr/local/minio
# rm -rf /etc/systemd/system/minio.service
# systemctl daemon-reload
# firewall-cmd --zone=public --remove-port=9000/tcp--permanent
# firewall-cmd --reload
七、参考
如何在Ubuntu 16.04上使用Minio设置对象存储服务器
https://www.howtoing.com/how-to-set-up-an-object-storage-server-using-minio-on-ubuntu-16-04
How to Set Up an Object Storage Server Using Minio on Ubuntu 16.04
https://www.digitalocean.com/community/tutorials/how-to-set-up-an-object-storage-server-using-minio-on-ubuntu-16-04
存储非结构化数据之利器minio
https://blog.51cto.com/jiayimeng/2378552
Using https for minio server
https://stackoverflow.com/questions/50878454/using-https-for-minio-server
How to secure access to MinIO server with TLS
https://www.jianshu.com/p/e01ba7356704
https://docs.min.io/docs/how-to-secure-access-to-minio-server-with-tls
systemd 中文手册
http://www.jinbuguo.com/systemd/systemd.exec.html
How to non-interactively create selfsigned SSL key and certificate files with openssl?
https://www.jianshu.com/p/6de78dc23b9a
Minio Server config.json (v18) 指南
https://blog.csdn.net/dingjs520/article/details/79111029