How to Deploy MinIO - An Opensource Object Storage Solution

Introduction

MinIO is an open-source high-performance object storage solution that provides an S3-compatible API to manage and share files as objects on a server. MinIO uses a server and console architecture to support multiple access methods using the web-based file management interface, mc utility, and S3-compatible client tools such as S3 Browser, Cyberduck, s3cmd, among others.

This article explains how to deploy MinIO on Ubuntu 22.04 to share and manage files on the server. You will install and configure the MinIO server to use a Single Node Single Drive architecture. Then, configure the application to use Vultr Block Storage to store files on the server.

Prerequisites

Before you begin:

• Deploy an Ubuntu 22.04 server instance on Vultr.

• Set up a new domain A record pointing to your server IP address. For example, minio.example.com.

• Create a Vultr Block Storage volume and attach it to your server using the /mnt/blockstorage mount point.

• Access the server using SSH as a non-root user with sudo privileges.

• Update the server.

Install MinIO

MinIO is not available in the default APT repositories on Ubuntu 22.04 but can be installed using the official Debian package release file. Follow the steps below to download the latest release file and install MinIO on your server.

1. Download the latest MinIO Debian package file.

   console Copy

   $ wget https://dl.min.io/server/minio/release/linux-amd64/archive/minio_20240604192008.0.0_amd64.deb -O minio.deb
   

   The above command downloads the latest MinIO .deb release file and saves it as minio.deb. Visit the official releases directory to verify the latest version to install on your server.

2. Install MinIO using the minio.deb file

   console Copy

   $ sudo dpkg -i minio.deb
   

3. View the installed MinIO version on your server.

   console Copy

   $ minio --version
   

   Output:

   minio version RELEASE.2024-06-04T19-20-08Z (commit-id=17fe91d6d162b3ad372760726d29f1f348dbdb09)
   Runtime: go1.22.3 linux/amd64
   License: GNU AGPLv3 - https://www.gnu.org/licenses/agpl-3.0.html
   Copyright: 2015-2024 MinIO, Inc.

Configure MinIO

MinIO uses the minio command to run and manage the application server. It supports multiple options you can use to define the listening port, storage volumes, and default administrator user details on your server without saving changes when your session ends. Follow the steps below to configure MinIO with permanent options and enable it to run automatically on your server.

1. Create a new MinIO configuration file.

   console Copy

   $ sudo nano /etc/default/minio
   

2. Add the following configurations to the file. Replace minio_admin and strong-password with your desired administrator details.

   ini Copy

   MINIO_VOLUMES="/mnt/blockstorage"
   MINIO_OPTS="-C /etc/minio --address :9000 --console-address :9001"
   MINIO_ROOT_USER="minio_admin"
   MINIO_ROOT_PASSWORD="strong-password"
   

   Save and close the file.

   The above configuration enables the MinIO server to run on your server using the API port 9000 and the console web interface port 9001. In addition, MinIO reads and stores files to the specified Vultr Block Storage volume path /mnt/blockstorage.

3. Enable the MinIO system service to automatically start at boot time.

   console Copy

   $ sudo systemctl enable minio
   

   Output:

   Created symlink /etc/systemd/system/multi-user.target.wants/minio.service → /usr/lib/systemd/system/minio.service.

   The MinIO system service uses the minio-user and minio-user group to run on your server. Create the new user and assign privileges to specific directories to access using MinIO.

4. Create a new minio-user user without login privileges on the server.

   console Copy

   $ sudo useradd -m -s /usr/sbin/nologin minio-user
   

5. Grant the minio-user and group ownership privileges to your data storage directory. For example, your Vultr Block Storage volume path /mnt/blockstorage.

   console Copy

   $ sudo chown minio-user:minio-user /mnt/blockstorage
   

6. Start the MinIO system service.

   console Copy

   $ sudo systemctl start minio.service
   

7. View the MinIO service status and verify that it's running on your server.

   console Copy

   $ sudo systemctl status minio.service
   

Secure MinIO

MinIO listens for connection requests on the API port 9000 and the web console port 9001 by default. Securely run and expose MinIO by enabling a domain name and enable the application to run on secure ports such as the HTTPS port 443. In addition, generate trusted SSL certificates using Let's Encrypt to enable HTTPS connections and access to the API using S3 client tools. Follow the sections below to generate SSL certificates and configure MinIO to run on your domain.

Generate Let's Encrypt SSL Certificates to use with MinIO

MinIO supports HTTP connections by default when the --certs-dir is not enabled in your configuration options. When enabled, MinIO uses your SSL certificate public.crt file and the private key private.key. Follow the steps below to generate Let's Encrypt certificates to use with MinIO and enable network connections on the server.

1. Allow the HTTP port 80 through the default firewall to allow Let's Encrypt verifications.

   console Copy

   $ sudo ufw allow 80/tcp
   

2. Install the Certbot Let's Encrypt client application.

   console Copy

   $ sudo apt install certbot -y
   

3. Request a new SSL certificate using your domain. Replace minio.example.com and hello@example.com with your actual details.

   console Copy

   $ sudo certbot certonly --standalone -d minio.example.com -m hello@example.com --agree-tos
   

   When successful, your output should be similar to the one below:

   Successfully received certificate.
   Certificate is saved at: /etc/letsencrypt/live/minio.example.com.conf/fullchain.pem
   Key is saved at:         /etc/letsencrypt/live/minio.example.com.conf/privkey.pem
   This certificate expires on 2024-09-21.
   These files will be updated when the certificate renews.
   Certbot has set up a scheduled task to automatically renew this certificate in the background.

4. Test that Certbot auto-renews your SSL certificate upon expiry.

   console Copy

   $ sudo certbot renew --dry-run
   

5. Create a new directory in a system-wide location such as /opt to store the SSL certificate files for use with MinIO. For example, minio-certs

   console Copy

   $ sudo mkdir -p /opt/minio-certs
   

6. Copy your SSL certificate as public.crt to the /opt/minio-certs directory.

   console Copy

   $ sudo cp /etc/letsencrypt/live/minio.example.com/fullchain.pem /opt/minio-certs/public.crt
   

7. Copy your certificate's private key as private.key.

   console Copy

   $ sudo cp /etc/letsencrypt/live/minio.example.com/privkey.pem /opt/minio-certs/private.key
   

8. Grant the minio-user full privileges to the directory.

   console Copy

   $ sudo chown -R minio-user:minio-user /opt/minio-certs/
   

9. Open your MinIO configuration file to apply the new SSL options.

   console Copy

   $ sudo nano /etc/default/minio
   

10. Replace the MinIO console address port :9001 with the HTTPS port 443.

    ini Copy

    MINIO_OPTS="-C /etc/minio --address :9000 --console-address :443"
    

    • Add the --certs-dir /opt/minio-certs option to your MINIO_OPTS directive.
    ini Copy

    MINIO_OPTS="-C /etc/minio --address :9000 --console-address :443 --certs-dir /opt/minio-certs"
    

    • Add a new MINIO_DOMAIN with your domain URL at the end of your configuration file.
    ini Copy

    MINIO_DOMAIN="https://minio.example.com"
    

    Save and close the file.

    Your modified MinIO configuration should look like the one below.

    ini Copy

    MINIO_VOLUMES="/mnt/blockstorage"
    MINIO_OPTS="-C /etc/minio --address :9000 --console-address :443  --certs-dir /opt/minio-certs"
    MINIO_ROOT_USER="minio_admin"
    MINIO_ROOT_PASSWORD="strong-password"
    MINIO_DOMAIN="minio.example.com"
    

11. Restart MinIO to apply your configuration changes.

    console Copy

    $ sudo systemctl restart minio
    

12. Allow connections to the HTTPS port 443 through the default firewall.

    console Copy

    $ sudo ufw allow 443/tcp
    

13. Allow S3 connections to the MinIO API port 9000.

    console Copy

    $ sudo ufw allow 9000/tcp
    

14. Reload the Firewall to apply changes.

    console Copy

    $ sudo ufw reload
    

Access MinIO

1. Access your MinIO domain using a web browser such as Chrome.

   https://minio.example.com

   Verify that the MinIO interface displays in your web browser. Then, Log in to the MinIO console using the following administrator user details you enabled in the /etc/default/minio configuration file.

   USERNAME: minio_admin PASSWORD: strong-password

   

2. Click Buckets on the main navigation menu to set up a new storage bucket on your server.

3. Click Create a Bucket to set up the new bucket information.

4. Enter your desired bucket name in the Bucket Name field. For example, vultr_test.

   

5. Enable extra bucket features and click Create Bucket to apply it on your server.

6. Verify that the new bucket is available. Then, click the bucket name to access the properties configuration.

   

7. Navigate to Object Browser on the main navigation menu to upload files on your server.

8. Click your new bucket to open the object browser. Then, click Upload and select Upload File from the list of options to upload new files from your device.

   

9. Verify that your upload is complete and the new file is available in your object browser. Then, click your desired file and select Share to generate a new shareable encrypted URL.

10. Set the link duration and click the copy symbol to share your generated link to download the file.

    

Access MinIO using an S3 Client

S3 client applications offer a secure way to upload and manage object storage files. The MinIO API runs on port 9000 and accepts S3 connections on your server to create and manage files. Follow the steps below to use an S3 client application such as S3 Browser to establish a connection and upload files on your server.

1. Navigate to Access Keys within your MinIO console interface to set up new authentication keys.

2. Click Create access key to generate a new access and secret key with random values.

   

3. Set your desired expiry date and name. Then, click Create to apply the new keys on your server.

4. Copy the generated keys or click Download for Import to save the keys to a file on your device.

   

5. Download and install an S3 client application on your device. For example, S3 Browser.

6. Open the S3 Browser application on your device and click Add new account within the Accounts menu.

7. Select S3 Compatible Storage or Amazon S3 as the account type. Then, enter your MinIO API URL in the REST ENDPOINT field.

   https://minio.example.com:9000

   

8. Click Connect to save the new S3 storage account and connect to your MinIO server.

9. Verify that your MinIO buckets display in the S3 client application. Then, click any bucket to view the available objects.

   

Conclusion

You have deployed MinIO on your Ubuntu 24.04 server and configured the application to manage files using the main console web interface. MinIO is compatible with most applications and uses the S3 API to integrate with other services on your server. For more configuration options, please visit the official MinIO documentation.