Vultr DocsLatest Docs

How to Deploy MinIO - An Opensource Object Storage Solution

Let's Encrypt SSL CertificatesMinIOObject Storage
NG
Updated on July 2, 2024
How to Deploy MinIO - An Opensource Object Storage Solution header image

Introduction

MinIO is an open-source high-performance object storage solution that provides an S3-compatible API to manage and share files as objects on a server. MinIO uses a server and console architecture to support multiple access methods using the web-based file management interface, mc utility, and S3-compatible client tools such as S3 Browser, Cyberduck, s3cmd, among others.

This article explains how to deploy MinIO on Ubuntu 22.04 to share and manage files on the server. You will install and configure the MinIO server to use a Single Node Single Drive architecture. Then, configure the application to use Vultr Block Storage to store files on the server.

Prerequisites

Before you begin:

Install MinIO

MinIO is not available in the default APT repositories on Ubuntu 22.04 but can be installed using the official Debian package release file. Follow the steps below to download the latest release file and install MinIO on your server.

  1. Download the latest MinIO Debian package file.

    console 
    $ wget https://dl.min.io/server/minio/release/linux-amd64/archive/minio_20240604192008.0.0_amd64.deb -O minio.deb

    The above command downloads the latest MinIO .deb release file and saves it as minio.deb. Visit the official releases directory to verify the latest version to install on your server.

  2. Install MinIO using the minio.deb file

    console 
    $ sudo dpkg -i minio.deb

  3. View the installed MinIO version on your server.

    console 
    $ minio --version

    Output:

    minio version RELEASE.2024-06-04T19-20-08Z (commit-id=17fe91d6d162b3ad372760726d29f1f348dbdb09)
Runtime: go1.22.3 linux/amd64
License: GNU AGPLv3 - https://www.gnu.org/licenses/agpl-3.0.html
Copyright: 2015-2024 MinIO, Inc.

Configure MinIO

MinIO uses the minio command to run and manage the application server. It supports multiple options you can use to define the listening port, storage volumes, and default administrator user details on your server without saving changes when your session ends. Follow the steps below to configure MinIO with permanent options and enable it to run automatically on your server.

  1. Create a new MinIO configuration file.

    console 
    $ sudo nano /etc/default/minio

  2. Add the following configurations to the file. Replace minio_admin and strong-password with your desired administrator details.

    ini 
    MINIO_VOLUMES="/mnt/blockstorage"
MINIO_OPTS="-C /etc/minio --address :9000 --console-address :9001"
MINIO_ROOT_USER="minio_admin"
MINIO_ROOT_PASSWORD="strong-password"

    Save and close the file.

    The above configuration enables the MinIO server to run on your server using the API port 9000 and the console web interface port 9001. In addition, MinIO reads and stores files to the specified Vultr Block Storage volume path /mnt/blockstorage.

  3. Enable the MinIO system service to automatically start at boot time.

    console 
    $ sudo systemctl enable minio

    Output:

    Created symlink /etc/systemd/system/multi-user.target.wants/minio.service → /usr/lib/systemd/system/minio.service.

    The MinIO system service uses the minio-user and minio-user group to run on your server. Create the new user and assign privileges to specific directories to access using MinIO.

  4. Create a new minio-user user without login privileges on the server.

    console 
    $ sudo useradd -m -s /usr/sbin/nologin minio-user

  5. Grant the minio-user and group ownership privileges to your data storage directory. For example, your Vultr Block Storage volume path /mnt/blockstorage.

    console 
    $ sudo chown minio-user:minio-user /mnt/blockstorage

  6. Start the MinIO system service.

    console 
    $ sudo systemctl start minio.service

  7. View the MinIO service status and verify that it's running on your server.

    console 
    $ sudo systemctl status minio.service

Secure MinIO

MinIO listens for connection requests on the API port 9000 and the web console port 9001 by default. Securely run and expose MinIO by enabling a domain name and enable the application to run on secure ports such as the HTTPS port 443. In addition, generate trusted SSL certificates using Let's Encrypt to enable HTTPS connections and access to the API using S3 client tools. Follow the sections below to generate SSL certificates and configure MinIO to run on your domain.

Generate Let's Encrypt SSL Certificates to use with MinIO

MinIO supports HTTP connections by default when the --certs-dir is not enabled in your configuration options. When enabled, MinIO uses your SSL certificate public.crt file and the private key private.key. Follow the steps below to generate Let's Encrypt certificates to use with MinIO and enable network connections on the server.

  1. Allow the HTTP port 80 through the default firewall to allow Let's Encrypt verifications.

    console 
    $ sudo ufw allow 80/tcp

  2. Install the Certbot Let's Encrypt client application.

    console 
    $ sudo apt install certbot -y

  3. Request a new SSL certificate using your domain. Replace minio.example.com and hello@example.com with your actual details.

    console 
    $ sudo certbot certonly --standalone -d minio.example.com -m hello@example.com --agree-tos

    When successful, your output should be similar to the one below:

    Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/minio.example.com.conf/fullchain.pem
Key is saved at:         /etc/letsencrypt/live/minio.example.com.conf/privkey.pem
This certificate expires on 2024-09-21.
These files will be updated when the certificate renews.
Certbot has set up a scheduled task to automatically renew this certificate in the background.

  4. Test that Certbot auto-renews your SSL certificate upon expiry.

    console 
    $ sudo certbot renew --dry-run

  5. Create a new directory in a system-wide location such as /opt to store the SSL certificate files for use with MinIO. For example, minio-certs

    console 
    $ sudo mkdir -p /opt/minio-certs

  6. Copy your SSL certificate as public.crt to the /opt/minio-certs directory.

    console 
    $ sudo cp /etc/letsencrypt/live/minio.example.com/fullchain.pem /opt/minio-certs/public.crt

  7. Copy your certificate's private key as private.key.

    console 
    $ sudo cp /etc/letsencrypt/live/minio.example.com/privkey.pem /opt/minio-certs/private.key

  8. Grant the minio-user full privileges to the directory.

    console 
    $ sudo chown -R minio-user:minio-user /opt/minio-certs/

  9. Open your MinIO configuration file to apply the new SSL options.

    console 
    $ sudo nano /etc/default/minio

  10. Replace the MinIO console address port :9001 with the HTTPS port 443.

    ini 
    MINIO_OPTS="-C /etc/minio --address :9000 --console-address :443"
    • Add the --certs-dir /opt/minio-certs option to your MINIO_OPTS directive.
    ini 
    MINIO_OPTS="-C /etc/minio --address :9000 --console-address :443 --certs-dir /opt/minio-certs"
    • Add a new MINIO_DOMAIN with your domain URL at the end of your configuration file.
    ini 
    MINIO_DOMAIN="https://minio.example.com"

    Save and close the file.

    Your modified MinIO configuration should look like the one below.

    ini 
    MINIO_VOLUMES="/mnt/blockstorage"
MINIO_OPTS="-C /etc/minio --address :9000 --console-address :443  --certs-dir /opt/minio-certs"
MINIO_ROOT_USER="minio_admin"
MINIO_ROOT_PASSWORD="strong-password"
MINIO_DOMAIN="minio.example.com"

  11. Restart MinIO to apply your configuration changes.

    console 
    $ sudo systemctl restart minio

  12. Allow connections to the HTTPS port 443 through the default firewall.

    console 
    $ sudo ufw allow 443/tcp

  13. Allow S3 connections to the MinIO API port 9000.

    console 
    $ sudo ufw allow 9000/tcp

  14. Reload the Firewall to apply changes.

    console 
    $ sudo ufw reload

Access MinIO

  1. Access your MinIO domain using a web browser such as Chrome.

    https://minio.example.com

    Verify that the MinIO interface displays in your web browser. Then, Log in to the MinIO console using the following administrator user details you enabled in the /etc/default/minio configuration file.

    USERNAME: minio_admin PASSWORD: strong-password

    Access the MinIO Web Console Interface

  2. Click Buckets on the main navigation menu to set up a new storage bucket on your server.

  3. Click Create a Bucket to set up the new bucket information.

  4. Enter your desired bucket name in the Bucket Name field. For example, vultr_test.

    Create a new MinIO bucket

  5. Enable extra bucket features and click Create Bucket to apply it on your server.

  6. Verify that the new bucket is available. Then, click the bucket name to access the properties configuration.

    Access Bucket Properties

  7. Navigate to Object Browser on the main navigation menu to upload files on your server.

  8. Click your new bucket to open the object browser. Then, click Upload and select Upload File from the list of options to upload new files from your device.

    Upload new Files to a MinIO bucket

  9. Verify that your upload is complete and the new file is available in your object browser. Then, click your desired file and select Share to generate a new shareable encrypted URL.

  10. Set the link duration and click the copy symbol to share your generated link to download the file.

    Share Object Storage Files on MinIO

Access MinIO using an S3 Client

S3 client applications offer a secure way to upload and manage object storage files. The MinIO API runs on port 9000 and accepts S3 connections on your server to create and manage files. Follow the steps below to use an S3 client application such as S3 Browser to establish a connection and upload files on your server.

  1. Navigate to Access Keys within your MinIO console interface to set up new authentication keys.

  2. Click Create access key to generate a new access and secret key with random values.

    Create Access Keys

  3. Set your desired expiry date and name. Then, click Create to apply the new keys on your server.

  4. Copy the generated keys or click Download for Import to save the keys to a file on your device.

    View Generated Keys

  5. Download and install an S3 client application on your device. For example, S3 Browser.

  6. Open the S3 Browser application on your device and click Add new account within the Accounts menu.

  7. Select S3 Compatible Storage or Amazon S3 as the account type. Then, enter your MinIO API URL in the REST ENDPOINT field.

    https://minio.example.com:9000

    Add new S3 Storage in S3 Browser

  8. Click Connect to save the new S3 storage account and connect to your MinIO server.

  9. Verify that your MinIO buckets display in the S3 client application. Then, click any bucket to view the available objects.

    View MinIO Bucket Objects

Conclusion

You have deployed MinIO on your Ubuntu 24.04 server and configured the application to manage files using the main console web interface. MinIO is compatible with most applications and uses the S3 API to integrate with other services on your server. For more configuration options, please visit the official MinIO documentation.