How to Deploy MinIO - An Opensource Object Storage Solution

MinIO is an open-source, high-performance object storage server that offers S3-compatible API for managing and sharing files as objects. It uses a server and console-based architecture, providing multiple access methods, including a web interface, the mc command-line tool, and other S3-compatible clients such as S3 Browser, Cyberduck, and s3cmd.

This article explains how to deploy MinIO on Ubuntu 24.04 to share and manage files on your server. You will install and configure the MinIO server using a Single Node Single Drive (SNSD) architecture, and configure MinIO to use a Block Storage device for storing objects.

Prerequisites

Before you begin, you need to:

• Have access to an Ubuntu 24.04 instance as a non-root user with sudo privileges.
• Create a domain A record pointing to the instance's IP address such as minio.example.com.
• Have an existing block storage volume provisioned, attached and mounted at /mnt/minio-data.

Install MinIO

MinIO is not available in the default Ubuntu APT repositories. To install MinIO, you need to manually download the official debian package (.deb) from the MinIO website and install it using the dpkg package manager.

1. Download the latest MinIO Debian package from the release page.

   console Copy

   $ wget https://dl.min.io/server/minio/release/linux-amd64/minio_20250422221226.0.0_amd64.deb -O minio.deb
   

   The above command downloads the MinIO .deb release package and saves it as minio.deb. To check the latest version, visit the official releases page.

2. Install the downloaded MinIO package using the dpkg command.

   console Copy

   $ sudo dpkg -i minio.deb
   

3. View the installed MinIO version.

   console Copy

   $ minio --version
   

   Your output should be similar to the one below:

   minio version RELEASE.2025-04-22T22-12-26Z (commit-id=0d7408fc9969caf07de6a8c3a84f9fbb10a6739e)
   Runtime: go1.24.2 linux/amd64
   ...

Configure MinIO

MinIO uses the minio command to run and manage the application server. It supports multiple options to define the listening port, storage volumes, and default administrator user details on your server. These options do not persist after the session ends unless configured as expected. Follow the steps below to configure MinIO with the required options and enable it to start automatically at boot.

1. Create a new MinIO configuration file to define the required MinIO options.

   console Copy

   $ sudo nano /etc/default/minio
   

2. Add the following configurations to the file.

   ini Copy

   MINIO_VOLUMES="/mnt/minio-data"
   MINIO_OPTS="-C /etc/minio --address :9000 --console-address :9001"
   MINIO_ROOT_USER="minio_admin"
   MINIO_ROOT_PASSWORD="strong-password"
   

   Replace minio_admin with your administrator username and strong-password with the administrator password (which must be at least 8 characters long).

   Save and close the file.

   This configuration ensures that MinIO runs on the API port 9000 and the console web interface port 9001. It sets the storage path to /mnt/minio-data, where you can mount a block device with a high storage. Storing data on a separate block device is the recommended way to handle large amounts of data, as it ensures greater durability. If you encounter server issues, your data remains safe on a different drive.

3. Create a new minio-user without login privileges on the server.

   console Copy

   $ sudo useradd -m -s /usr/sbin/nologin minio-user
   

   The MinIO system service runs under the minio-user and minio-user group. You need to create this user and assign the privileges to access the necessary directories for MinIO to function as expected.

4. Grant the user and group ownership privileges on your data storage directory /mnt/minio-data to the minio-user.

   console Copy

   $ sudo chown minio-user:minio-user /mnt/minio-data
   

5. Enable the MinIO system service so that it starts automatically when your server boots.

   console Copy

   $ sudo systemctl enable minio
   

6. Start the MinIO system service.

   console Copy

   $ sudo systemctl start minio.service
   

7. View the status of the MinIO service and verify that it is in a running state.

   console Copy

   $ sudo systemctl status minio.service
   

   Your output should be similar to the one below:

   ● minio.service - MinIO
        Loaded: loaded (/lib/systemd/system/minio.service; enabled; vendor preset: enabled)
        Active: active (running) since Sun 2025-04-27 08:20:43 UTC; 3s ago
          Docs: https://docs.min.io
      Main PID: 16105 (minio)
         Tasks: 8
           CPU: 637ms
        CGroup: /system.slice/minio.service
                └─16105 /usr/local/bin/minio server -C /etc/minio --address :9000 --console-address :9001 /mnt/minio-data

Secure MinIO

By default, MinIO listens for API connections on port 9000 and web console access on port 9001. To securely run and expose MinIO, you can set up a domain name and configure it to run on secure ports, such as HTTPS port 443. Using Let's Encrypt, you can generate trusted SSL certificates to enable HTTPS connections and secure access to the API using S3 client tools. Follow the steps below to generate SSL certificates and configure MinIO to run securely on your domain.

Generate Let's Encrypt SSL Certificates to use with MinIO

MinIO supports HTTP connections by default when the --certs-dir option is not passed. When configured, MinIO uses your SSL certificate public.crt file and the private key private.key for secure communication. Follow the steps below to generate Let's Encrypt certificates and enable secure connections for MinIO.

1. Allow the HTTP port 80 through the default firewall to allow Let's Encrypt domain validation.

   console Copy

   $ sudo ufw allow 80/tcp
   

2. Install the Certbot Let's Encrypt client.

   console Copy

   $ sudo apt install certbot -y
   

3. Request a new SSL certificate for your domain.

   console Copy

   $ sudo certbot certonly --standalone -d minio.example.com -m hello@example.com --agree-tos
   

   Replace minio.example.com and hello@example.com with your actual domain and email address. When successful, you will receive a message stating "Successfully received certificate."

4. Test that Certbot will auto-renew your SSL certificate when it expires.

   console Copy

   $ sudo certbot renew --dry-run
   

   This command performs a dummy SSL certificate renewal to simulate the process without making any actual changes.

5. Create a new directory to store the SSL certificate files for MinIO to use, such as /opt/minio-certs.

   console Copy

   $ sudo mkdir -p /opt/minio-certs
   

6. Copy your SSL certificate and private key to the /opt/minio-certs directory.

   console Copy

   # Copy the SSL certificate as public.crt
   $ sudo cp /etc/letsencrypt/live/minio.example.com/fullchain.pem /opt/minio-certs/public.crt
   
   # Copy the private key as private.key
   $ sudo cp /etc/letsencrypt/live/minio.example.com/privkey.pem /opt/minio-certs/private.key
   

7. Grant the minio-user full privileges to the /opt/minio-certs directory.

   console Copy

   $ sudo chown -R minio-user:minio-user /opt/minio-certs/
   

8. Check the path of MinIO binary.

   console Copy

   $ which minio
   

   Your output should be similar to the one below:

   /usr/local/bin/minio

9. To enable SSL and bind MinIO to the HTTPS port 443, which is a privileged port under 1024, you must grant additional permissions.

   console Copy

   $ sudo setcap cap_net_bind_service=+ep /usr/local/bin/minio
   

   This allows MinIO to bind to port 443 for secure HTTPS connections.

10. Open your MinIO configuration file to apply the SSL certificate settings.

    console Copy

    $ sudo nano /etc/default/minio
    

11. Replace the MinIO console address port :9001 with the HTTPS port 443.

    ini Copy

    MINIO_OPTS="-C /etc/minio --address :9000 --console-address :443"
    

12. Add the --certs-dir /opt/minio-certs option to your MINIO_OPTS directive.

    ini Copy

    MINIO_OPTS="-C /etc/minio --address :9000 --console-address :443 --certs-dir /opt/minio-certs"
    

13. Add a new MINIO_DOMAIN with your domain URL at the end of your configuration file.

    ini Copy

    MINIO_DOMAIN="minio.example.com"
    

    Save and close the file.

    Your modified MinIO configuration should look like the one below:

    ini Copy

    MINIO_VOLUMES="/mnt/minio-data"
    MINIO_OPTS="-C /etc/minio --address :9000 --console-address :443  --certs-dir /opt/minio-certs"
    MINIO_ROOT_USER="minio_admin"
    MINIO_ROOT_PASSWORD="strong-password"
    MINIO_DOMAIN="minio.example.com"
    

14. Restart MinIO service to apply your configuration changes.

    console Copy

    $ sudo systemctl restart minio
    

15. Check the status of MinIO service.

    console Copy

    $ sudo systemctl status minio
    

    ● minio.service - MinIO
         Loaded: loaded (/lib/systemd/system/minio.service; enabled; vendor preset: enabled)
         Active: active (running) since Sun 2025-04-27 08:18:01 UTC; 1min 4s ago
           Docs: https://docs.min.io
       Main PID: 19913 (minio)
          Tasks: 10
            CPU: 780ms
         CGroup: /system.slice/minio.service
                 └─19913 /usr/local/bin/minio server -C /etc/minio --address :9000 --console-address :443 --certs-dir /opt/minio-certs /mnt/minio-data

16. Allow connections to the HTTPS port 443 through the firewall.

    console Copy

    $ sudo ufw allow 443/tcp
    

17. Allow S3 connections to the MinIO API port 9000.

    console Copy

    $ sudo ufw allow 9000/tcp
    

18. Reload the firewall to apply the changes.

    console Copy

    $ sudo ufw reload
    

19. View the firewall status.

    console Copy

    $ sudo ufw status
    

    Make sure the status is active and all required rules (such as ports 80, 443, and 9000) are listed and applied.

Access MinIO

1. Open your web browser and navigate to your MinIO domain using the following URL.

   https://minio.example.com

   Verify that the MinIO web interface displays in your web browser. Then, log in to the MinIO console using the administrator credentials defined in the /etc/default/minio configuration file.

   • USERNAME: minio_admin
   • PASSWORD: strong-password

   

2. After you have logged in, click Buckets from the main navigation menu to begin setting up a new object storage bucket.

   

3. Click Create a Bucket to proceed with creating a new bucket. Enter your desired bucket name in the Bucket Name field. For example, vultr-test.

   Bucket Name Convention Rules:

   • Length: Bucket names must be between 3 (minimum) and 63 (maximum) characters long.
   • Allowed Characters: Bucket names can only consist of lowercase letters, numbers, dots (.), and hyphens (-).
   • No Adjacent Periods: Bucket names must not contain two adjacent periods (..), or a period next to a hyphen (-. or .-).
   • No IP Address Formatting: Bucket names must not be formatted as an IP address (for example, 192.168.5.4).
   • No xn-- Prefix: Bucket names must not start with the prefix xn--.
   • No -s3alias Suffix: Bucket names must not end with the suffix -s3alias, as this is reserved for access point alias names.
   • Uniqueness: Bucket names must be unique within a partition.

   

4. Enable additional bucket features.

   • Versioning: Keeps multiple versions of the same object under the same key.
   • Object Locking: Prevents objects from being deleted, necessary for retention and legal hold (can only be enabled during bucket creation).
   • Quota: Limits the amount of data in the bucket.
   • Retention: Prevents deletion of objects for a defined period. Versioning must be enabled to set retention policies.

   After configuring your options, click Create Bucket to create the MinIO Object Storage bucket.

5. After the bucket is created, confirm it appears in your Buckets list. Click the bucket name to view and configure its properties.

   

6. To upload files to the bucket, navigate to Object Browser in the main navigation menu.

7. Select the newly created bucket to open the object browser. Then, click Upload and choose Upload File from the options to upload new files from your device.

   

8. Verify that your upload is complete and the new file is available in your bucket. To share the file, click it and select Share to generate an encrypted URL of downloading the file.

9. Set the desired expiration for the link and click the copy icon to share the link for downloading the file.

   

Access MinIO using an S3 Browser

S3 client applications offer a secure method to upload and manage object storage files. The MinIO API runs on port 9000 and accepts S3 connections on your server to create and manage files. Follow the steps below to use an S3 client application such as S3 Browser to establish a connection and upload files on your server.

1. Navigate to Access Keys in the MinIO console interface to create new authentication keys.

2. Click Create access key to generate new access and secret keys.

   

3. Set your desired expiry date and name. Then, click Create to apply the new keys on your server.

   

4. Copy the generated keys or click Download for Import to save the keys to a file on your device.

   

5. Download and install an S3 Browser application on your device.

6. Open the S3 Browser application on your device and click Add new account within the Accounts menu.

7. In the Add New Account window, enter the following details:

   • Display Name: Define a name for your MinIO account.
   • Account Type: Select S3 Compatible Storage.
   • API Endpoint: Enter your MinIO API URL (for example, minio.example.com:9000).
   • Access Key ID: Paste the Access Key ID you generated earlier.
   • Secret Access Key: Paste the Secret Access Key you generated earlier.
   • Use Secure Transfer: Check this option to enable encryption during data transfers.

   Your configuration should look like below:

   

8. Click Save Changes to save the new S3 storage account and establish a connection with your MinIO server.

9. Verify that your MinIO buckets display in the S3 Browser application. Then, click any bucket to view the available objects.

   

Access MinIO using an S3CMD

S3cmd is a command-line tool used for managing data in an S3-compatible storage service like MinIO. It allows you to perform various tasks such as listing, creating, and removing buckets, also uploading and downloading objects. Follow the steps below to use s3cmd to interact with your MinIO server.

1. Install s3cmd CLI utility on your system.

   • Ubuntu/Debian:

     1. Update the APT server package index.

        console Copy

        $ sudo apt update
        

     2. Install the s3cmd CLI package.

        console Copy

        $ sudo apt install -y s3cmd
        

   • RHEL/RockyLinux:

     1. Update the DNF server package index.

        console Copy

        $ sudo dnf makecache
        

     2. Install the s3cmd CLI package.

        console Copy

        $ sudo dnf install -y s3cmd
        

   • macOS (using Homebrew):

     1. Update the BREW server package index.

        console Copy

        % brew update
        

     2. Install the s3cmd CLI package.

        console Copy

        % brew install s3cmd
        

2. After installing s3cmd, you need to configure the AccessKeys to connect to your MinIO server.

   console Copy

   $ s3cmd --configure
   

3. Follow the prompts to enter the following details.

   • Access Key: Enter the access key generated in the MinIO console.
   • Secret Key: Enter the secret key generated in the MinIO console.
   • Default Region: Press Enter to accept the default.
   • S3 Endpoint: Enter your MinIO API URL (for example, minio.example.com:9000).
   • DNS-style bucket+hostname:port: Enter minio.example.com:9000.
   • Encryption password: Optionally, enter a password to encrypt the saved configuration.
   • Use HTTPS protocol: Answer Yes to secure the connection.
   • HTTP Proxy server name: Leave this blank if you don’t use a proxy.

4. After you’ve entered all the details, the settings will appear as follows for verification.

   New settings:
     Access Key: Your Access Key
     Secret Key: Your Secret Access Key
     Default Region: US
     S3 Endpoint: minio.example.com:9000
     DNS-style bucket+hostname:port template for accessing a bucket: minio.example.com:9000
     Encryption password: 
     Path to GPG program: /usr/bin/gpg
     Use HTTPS protocol: True
     HTTP Proxy server name: 
     HTTP Proxy server port: 0
   Test access with supplied credentials? [Y/n] 

   Press Y to test the connection and ensure everything is set up as expected.

5. To list all the available buckets on your MinIO server.

   console Copy

   $ s3cmd ls
   

   This command will display a list of all buckets currently available on your MinIO server.

   Your output should be similar to the one below:

   2025-04-27 05:06  s3://vultr-test

6. To create a new bucket, use the following command.

   console Copy

   $ s3cmd mb s3://my-new-bucket
   

   Replace my-new-bucket with your desired bucket name.

7. View the list of available buckets again and verify that the new bucket exists.

   console Copy

   $ s3cmd ls
   

   Your output should be similar to the one below:

   2025-04-27 09:52  s3://my-new-bucket
   2025-04-27 05:06  s3://vultr-test

8. To upload a file to your bucket, use the following command.

   console Copy

   $ s3cmd put myfile.txt s3://my-new-bucket/
   

   Your output should be similar to the one below:

   upload: 'myfile.txt' -> 's3://my-new-bucket/myfile.txt'  [1 of 1]
    2611218 of 2611218   100% in    0s    11.14 MB/s  done

9. To view the list of objects present in a MinIO bucket, use the following command.

   console Copy

   $ s3cmd ls s3://my-new-bucket
   

   Your output should be similar to the one below:

   2025-04-27 10:03      2611218  s3://my-new-bucket/myfile.txt

10. Remove the already present test file in the directory.

    console Copy

    $ rm myfile.txt
    

11. To download a file from your MinIO bucket.

    console Copy

    $ s3cmd get s3://my-new-bucket/myfile.txt
    

    Your output should be similar to the one below:

    download: 's3://my-new-bucket/myfile.txt' -> './myfile.txt'  [1 of 1]
     2611218 of 2611218   100% in    0s   107.92 MB/s  done

12. To delete a file (object) from your bucket, use the following command.

    console Copy

    $ s3cmd del s3://my-new-bucket/myfile.txt
    

    Your output should be similar to the one below:

    delete: 's3://my-new-bucket/myfile.txt'

13. To delete a bucket from your MinIO server, use the following command.

    console Copy

    $ s3cmd rb s3://my-new-bucket
    

    Your output should be similar to the one below:

    Bucket 's3://my-new-bucket/' removed

14. View the list of available buckets again and verify that the bucket is deleted.

    console Copy

    $ s3cmd ls
    

    Your output should be similar to the one below:

    2025-04-27 05:06  s3://vultr-test

Conclusion

You have deployed MinIO on your Ubuntu 24.04 server using a Single Node Single Drive (SNSD) architecture backed by a mounted block storage device. With MinIO configured as a system service and secured using Let's Encrypt SSL certificates, your object storage server is now ready for production use. You can manage and share files through the secure web interface, command-line tools like s3cmd, and desktop applications such as S3 Browser. For further configuration options and additional details, please visit the official MinIO documentation.