How to Deploy MinIO - An Opensource Object Storage Solution

Updated on 13 May, 2025
Learn how to deploy MinIO on Ubuntu 24.04 for efficient file management using an S3-compatible object storage solution.
How to Deploy MinIO - An Opensource Object Storage Solution header image

MinIO is an open-source, high-performance object storage server that offers S3-compatible API for managing and sharing files as objects. It uses a server and console-based architecture, providing multiple access methods, including a web interface, the mc command-line tool, and other S3-compatible clients such as S3 Browser, Cyberduck, and s3cmd.

This article explains how to deploy MinIO on Ubuntu 24.04 to share and manage files on your server. You will install and configure the MinIO server using a Single Node Single Drive (SNSD) architecture, and configure MinIO to use a Block Storage device for storing objects.

Prerequisites

Before you begin, you need to:

  • Have access to an Ubuntu 24.04 instance as a non-root user with sudo privileges.
  • Create a domain A record pointing to the instance's IP address such as minio.example.com.
  • Have an existing block storage volume provisioned, attached and mounted at /mnt/minio-data.

Install MinIO

MinIO is not available in the default Ubuntu APT repositories. To install MinIO, you need to manually download the official debian package (.deb) from the MinIO website and install it using the dpkg package manager.

  1. Download the latest MinIO Debian package from the release page.

    console
    $ wget https://dl.min.io/server/minio/release/linux-amd64/minio_20250422221226.0.0_amd64.deb -O minio.deb
    

    The above command downloads the MinIO .deb release package and saves it as minio.deb. To check the latest version, visit the official releases page.

  2. Install the downloaded MinIO package using the dpkg command.

    console
    $ sudo dpkg -i minio.deb
    
  3. View the installed MinIO version.

    console
    $ minio --version
    

    Your output should be similar to the one below:

    minio version RELEASE.2025-04-22T22-12-26Z (commit-id=0d7408fc9969caf07de6a8c3a84f9fbb10a6739e)
    Runtime: go1.24.2 linux/amd64
    ...

Configure MinIO

MinIO uses the minio command to run and manage the application server. It supports multiple options to define the listening port, storage volumes, and default administrator user details on your server. These options do not persist after the session ends unless configured as expected. Follow the steps below to configure MinIO with the required options and enable it to start automatically at boot.

  1. Create a new MinIO configuration file to define the required MinIO options.

    console
    $ sudo nano /etc/default/minio
    
  2. Add the following configurations to the file.

    ini
    MINIO_VOLUMES="/mnt/minio-data"
    MINIO_OPTS="-C /etc/minio --address :9000 --console-address :9001"
    MINIO_ROOT_USER="minio_admin"
    MINIO_ROOT_PASSWORD="strong-password"
    

    Replace minio_admin with your administrator username and strong-password with the administrator password (which must be at least 8 characters long).

    Save and close the file.

    This configuration ensures that MinIO runs on the API port 9000 and the console web interface port 9001. It sets the storage path to /mnt/minio-data, where you can mount a block device with a high storage. Storing data on a separate block device is the recommended way to handle large amounts of data, as it ensures greater durability. If you encounter server issues, your data remains safe on a different drive.

  3. Create a new minio-user without login privileges on the server.

    console
    $ sudo useradd -m -s /usr/sbin/nologin minio-user
    

    The MinIO system service runs under the minio-user and minio-user group. You need to create this user and assign the privileges to access the necessary directories for MinIO to function as expected.

  4. Grant the user and group ownership privileges on your data storage directory /mnt/minio-data to the minio-user.

    console
    $ sudo chown minio-user:minio-user /mnt/minio-data
    
  5. Enable the MinIO system service so that it starts automatically when your server boots.

    console
    $ sudo systemctl enable minio
    
  6. Start the MinIO system service.

    console
    $ sudo systemctl start minio.service
    
  7. View the status of the MinIO service and verify that it is in a running state.

    console
    $ sudo systemctl status minio.service
    

    Your output should be similar to the one below:

    ● minio.service - MinIO
         Loaded: loaded (/lib/systemd/system/minio.service; enabled; vendor preset: enabled)
         Active: active (running) since Sun 2025-04-27 08:20:43 UTC; 3s ago
           Docs: https://docs.min.io
       Main PID: 16105 (minio)
          Tasks: 8
            CPU: 637ms
         CGroup: /system.slice/minio.service
                 └─16105 /usr/local/bin/minio server -C /etc/minio --address :9000 --console-address :9001 /mnt/minio-data

Secure MinIO

By default, MinIO listens for API connections on port 9000 and web console access on port 9001. To securely run and expose MinIO, you can set up a domain name and configure it to run on secure ports, such as HTTPS port 443. Using Let's Encrypt, you can generate trusted SSL certificates to enable HTTPS connections and secure access to the API using S3 client tools. Follow the steps below to generate SSL certificates and configure MinIO to run securely on your domain.

Generate Let's Encrypt SSL Certificates to use with MinIO

MinIO supports HTTP connections by default when the --certs-dir option is not passed. When configured, MinIO uses your SSL certificate public.crt file and the private key private.key for secure communication. Follow the steps below to generate Let's Encrypt certificates and enable secure connections for MinIO.

  1. Allow the HTTP port 80 through the default firewall to allow Let's Encrypt domain validation.

    console
    $ sudo ufw allow 80/tcp
    
  2. Install the Certbot Let's Encrypt client.

    console
    $ sudo apt install certbot -y
    
  3. Request a new SSL certificate for your domain.

    console
    $ sudo certbot certonly --standalone -d minio.example.com -m hello@example.com --agree-tos
    

    Replace minio.example.com and hello@example.com with your actual domain and email address. When successful, you will receive a message stating "Successfully received certificate."

  4. Test that Certbot will auto-renew your SSL certificate when it expires.

    console
    $ sudo certbot renew --dry-run
    

    This command performs a dummy SSL certificate renewal to simulate the process without making any actual changes.

  5. Create a new directory to store the SSL certificate files for MinIO to use, such as /opt/minio-certs.

    console
    $ sudo mkdir -p /opt/minio-certs
    
  6. Copy your SSL certificate and private key to the /opt/minio-certs directory.

    console
    # Copy the SSL certificate as public.crt
    $ sudo cp /etc/letsencrypt/live/minio.example.com/fullchain.pem /opt/minio-certs/public.crt
    
    # Copy the private key as private.key
    $ sudo cp /etc/letsencrypt/live/minio.example.com/privkey.pem /opt/minio-certs/private.key
    
  7. Grant the minio-user full privileges to the /opt/minio-certs directory.

    console
    $ sudo chown -R minio-user:minio-user /opt/minio-certs/
    
  8. Check the path of MinIO binary.

    console
    $ which minio
    

    Your output should be similar to the one below:

    /usr/local/bin/minio
  9. To enable SSL and bind MinIO to the HTTPS port 443, which is a privileged port under 1024, you must grant additional permissions.

    console
    $ sudo setcap cap_net_bind_service=+ep /usr/local/bin/minio
    

    This allows MinIO to bind to port 443 for secure HTTPS connections.

  10. Open your MinIO configuration file to apply the SSL certificate settings.

    console
    $ sudo nano /etc/default/minio
    
  11. Replace the MinIO console address port :9001 with the HTTPS port 443.

    ini
    MINIO_OPTS="-C /etc/minio --address :9000 --console-address :443"
    
  12. Add the --certs-dir /opt/minio-certs option to your MINIO_OPTS directive.

    ini
    MINIO_OPTS="-C /etc/minio --address :9000 --console-address :443 --certs-dir /opt/minio-certs"
    
  13. Add a new MINIO_DOMAIN with your domain URL at the end of your configuration file.

    ini
    MINIO_DOMAIN="minio.example.com"
    

    Save and close the file.

    Your modified MinIO configuration should look like the one below:

    ini
    MINIO_VOLUMES="/mnt/minio-data"
    MINIO_OPTS="-C /etc/minio --address :9000 --console-address :443  --certs-dir /opt/minio-certs"
    MINIO_ROOT_USER="minio_admin"
    MINIO_ROOT_PASSWORD="strong-password"
    MINIO_DOMAIN="minio.example.com"
    
  14. Restart MinIO service to apply your configuration changes.

    console
    $ sudo systemctl restart minio
    
  15. Check the status of MinIO service.

    console
    $ sudo systemctl status minio
    
    ● minio.service - MinIO
         Loaded: loaded (/lib/systemd/system/minio.service; enabled; vendor preset: enabled)
         Active: active (running) since Sun 2025-04-27 08:18:01 UTC; 1min 4s ago
           Docs: https://docs.min.io
       Main PID: 19913 (minio)
          Tasks: 10
            CPU: 780ms
         CGroup: /system.slice/minio.service
                 └─19913 /usr/local/bin/minio server -C /etc/minio --address :9000 --console-address :443 --certs-dir /opt/minio-certs /mnt/minio-data
  16. Allow connections to the HTTPS port 443 through the firewall.

    console
    $ sudo ufw allow 443/tcp
    
  17. Allow S3 connections to the MinIO API port 9000.

    console
    $ sudo ufw allow 9000/tcp
    
  18. Reload the firewall to apply the changes.

    console
    $ sudo ufw reload
    
  19. View the firewall status.

    console
    $ sudo ufw status
    

    Make sure the status is active and all required rules (such as ports 80, 443, and 9000) are listed and applied.

Access MinIO

  1. Open your web browser and navigate to your MinIO domain using the following URL.

    https://minio.example.com

    Verify that the MinIO web interface displays in your web browser. Then, log in to the MinIO console using the administrator credentials defined in the /etc/default/minio configuration file.

    • USERNAME: minio_admin
    • PASSWORD: strong-password

    Access the MinIO Web Console Interface

  2. After you have logged in, click Buckets from the main navigation menu to begin setting up a new object storage bucket.

    MinIO Buckets

  3. Click Create a Bucket to proceed with creating a new bucket. Enter your desired bucket name in the Bucket Name field. For example, vultr-test.

    Bucket Name Convention Rules:

    • Length: Bucket names must be between 3 (minimum) and 63 (maximum) characters long.
    • Allowed Characters: Bucket names can only consist of lowercase letters, numbers, dots (.), and hyphens (-).
    • No Adjacent Periods: Bucket names must not contain two adjacent periods (..), or a period next to a hyphen (-. or .-).
    • No IP Address Formatting: Bucket names must not be formatted as an IP address (for example, 192.168.5.4).
    • No xn-- Prefix: Bucket names must not start with the prefix xn--.
    • No -s3alias Suffix: Bucket names must not end with the suffix -s3alias, as this is reserved for access point alias names.
    • Uniqueness: Bucket names must be unique within a partition.

    Create a new MinIO bucket

  4. Enable additional bucket features.

    • Versioning: Keeps multiple versions of the same object under the same key.
    • Object Locking: Prevents objects from being deleted, necessary for retention and legal hold (can only be enabled during bucket creation).
    • Quota: Limits the amount of data in the bucket.
    • Retention: Prevents deletion of objects for a defined period. Versioning must be enabled to set retention policies.

    After configuring your options, click Create Bucket to create the MinIO Object Storage bucket.

  5. After the bucket is created, confirm it appears in your Buckets list. Click the bucket name to view and configure its properties.

    Access Bucket Properties

  6. To upload files to the bucket, navigate to Object Browser in the main navigation menu.

  7. Select the newly created bucket to open the object browser. Then, click Upload and choose Upload File from the options to upload new files from your device.

    Upload new Files to a MinIO bucket

  8. Verify that your upload is complete and the new file is available in your bucket. To share the file, click it and select Share to generate an encrypted URL of downloading the file.

  9. Set the desired expiration for the link and click the copy icon to share the link for downloading the file.

    Share Object Storage Files on MinIO

Access MinIO using an S3 Browser

S3 client applications offer a secure method to upload and manage object storage files. The MinIO API runs on port 9000 and accepts S3 connections on your server to create and manage files. Follow the steps below to use an S3 client application such as S3 Browser to establish a connection and upload files on your server.

  1. Navigate to Access Keys in the MinIO console interface to create new authentication keys.

  2. Click Create access key to generate new access and secret keys.

    Access Keys Dashboard

  3. Set your desired expiry date and name. Then, click Create to apply the new keys on your server.

    Create Access Keys

  4. Copy the generated keys or click Download for Import to save the keys to a file on your device.

    View Generated Keys

  5. Download and install an S3 Browser application on your device.

  6. Open the S3 Browser application on your device and click Add new account within the Accounts menu.

  7. In the Add New Account window, enter the following details:

    • Display Name: Define a name for your MinIO account.
    • Account Type: Select S3 Compatible Storage.
    • API Endpoint: Enter your MinIO API URL (for example, minio.example.com:9000).
    • Access Key ID: Paste the Access Key ID you generated earlier.
    • Secret Access Key: Paste the Secret Access Key you generated earlier.
    • Use Secure Transfer: Check this option to enable encryption during data transfers.

    Your configuration should look like below:

    Add new S3 Storage in S3 Browser

  8. Click Save Changes to save the new S3 storage account and establish a connection with your MinIO server.

  9. Verify that your MinIO buckets display in the S3 Browser application. Then, click any bucket to view the available objects.

    View MinIO Bucket Objects

Access MinIO using an S3CMD

S3cmd is a command-line tool used for managing data in an S3-compatible storage service like MinIO. It allows you to perform various tasks such as listing, creating, and removing buckets, also uploading and downloading objects. Follow the steps below to use s3cmd to interact with your MinIO server.

  1. Install s3cmd CLI utility on your system.

    • Ubuntu/Debian:

      1. Update the APT server package index.

        console
        $ sudo apt update
        
      2. Install the s3cmd CLI package.

        console
        $ sudo apt install -y s3cmd
        
    • RHEL/RockyLinux:

      1. Update the DNF server package index.

        console
        $ sudo dnf makecache
        
      2. Install the s3cmd CLI package.

        console
        $ sudo dnf install -y s3cmd
        
    • macOS (using Homebrew):

      1. Update the BREW server package index.

        console
        % brew update
        
      2. Install the s3cmd CLI package.

        console
        % brew install s3cmd
        
  2. After installing s3cmd, you need to configure the AccessKeys to connect to your MinIO server.

    console
    $ s3cmd --configure
    
  3. Follow the prompts to enter the following details.

    • Access Key: Enter the access key generated in the MinIO console.
    • Secret Key: Enter the secret key generated in the MinIO console.
    • Default Region: Press Enter to accept the default.
    • S3 Endpoint: Enter your MinIO API URL (for example, minio.example.com:9000).
    • DNS-style bucket+hostname:port: Enter minio.example.com:9000.
    • Encryption password: Optionally, enter a password to encrypt the saved configuration.
    • Use HTTPS protocol: Answer Yes to secure the connection.
    • HTTP Proxy server name: Leave this blank if you don’t use a proxy.
  4. After you’ve entered all the details, the settings will appear as follows for verification.

    New settings:
      Access Key: Your Access Key
      Secret Key: Your Secret Access Key
      Default Region: US
      S3 Endpoint: minio.example.com:9000
      DNS-style bucket+hostname:port template for accessing a bucket: minio.example.com:9000
      Encryption password: 
      Path to GPG program: /usr/bin/gpg
      Use HTTPS protocol: True
      HTTP Proxy server name: 
      HTTP Proxy server port: 0
    Test access with supplied credentials? [Y/n] 

    Press Y to test the connection and ensure everything is set up as expected.

  5. To list all the available buckets on your MinIO server.

    console
    $ s3cmd ls
    

    This command will display a list of all buckets currently available on your MinIO server.

    Your output should be similar to the one below:

    2025-04-27 05:06  s3://vultr-test
  6. To create a new bucket, use the following command.

    console
    $ s3cmd mb s3://my-new-bucket
    

    Replace my-new-bucket with your desired bucket name.

  7. View the list of available buckets again and verify that the new bucket exists.

    console
    $ s3cmd ls
    

    Your output should be similar to the one below:

    2025-04-27 09:52  s3://my-new-bucket
    2025-04-27 05:06  s3://vultr-test
  8. To upload a file to your bucket, use the following command.

    console
    $ s3cmd put myfile.txt s3://my-new-bucket/
    

    Your output should be similar to the one below:

    upload: 'myfile.txt' -> 's3://my-new-bucket/myfile.txt'  [1 of 1]
     2611218 of 2611218   100% in    0s    11.14 MB/s  done
  9. To view the list of objects present in a MinIO bucket, use the following command.

    console
    $ s3cmd ls s3://my-new-bucket
    

    Your output should be similar to the one below:

    2025-04-27 10:03      2611218  s3://my-new-bucket/myfile.txt
  10. Remove the already present test file in the directory.

    console
    $ rm myfile.txt
    
  11. To download a file from your MinIO bucket.

    console
    $ s3cmd get s3://my-new-bucket/myfile.txt
    

    Your output should be similar to the one below:

    download: 's3://my-new-bucket/myfile.txt' -> './myfile.txt'  [1 of 1]
     2611218 of 2611218   100% in    0s   107.92 MB/s  done
  12. To delete a file (object) from your bucket, use the following command.

    console
    $ s3cmd del s3://my-new-bucket/myfile.txt
    

    Your output should be similar to the one below:

    delete: 's3://my-new-bucket/myfile.txt'
  13. To delete a bucket from your MinIO server, use the following command.

    console
    $ s3cmd rb s3://my-new-bucket
    

    Your output should be similar to the one below:

    Bucket 's3://my-new-bucket/' removed
  14. View the list of available buckets again and verify that the bucket is deleted.

    console
    $ s3cmd ls
    

    Your output should be similar to the one below:

    2025-04-27 05:06  s3://vultr-test

Conclusion

You have deployed MinIO on your Ubuntu 24.04 server using a Single Node Single Drive (SNSD) architecture backed by a mounted block storage device. With MinIO configured as a system service and secured using Let's Encrypt SSL certificates, your object storage server is now ready for production use. You can manage and share files through the secure web interface, command-line tools like s3cmd, and desktop applications such as S3 Browser. For further configuration options and additional details, please visit the official MinIO documentation.

Comments

No comments yet.