How to Set Up a MinIO Object Storage Server on Rocky Linux

Introduction

If you want to host an S3-compatible object storage server, MinIO is the right choice. It is an open-source server software written in the Go language. It ships with clients for multiple platforms and offers a web interface for managing objects and users.

This guide explains how to install and configure MinIO on a Rocky Linux cloud instance.

Prerequisites

• Deploy a Rocky Linux 8 server.
• Attach Block storage to your server and create the /mnt/data mount point.
• Create a non-root user with sudo privileges.
• Update the server.
• Creater a DNS "A" record, such as minio.example.com, that points to your server's IP address. This is used to accessthe web interface.

1. Configure Firewall

The first step is to open the ports 9000 and 9001 required by the MinIO server. You also need to open the HTTP and HTTPS ports required for SSL access.

Use the following command to open the required firewall ports.

$ sudo firewall-cmd --zone=public --add-port=9000/tcp --permanent
$ sudo firewall-cmd --zone=public --add-port=9001/tcp --permanent

Enable HTTP and HTTPS access.

$ sudo firewall-cmd --zone=public --add-service=http --permanent
$ sudo firewall-cmd --zone=public --add-service=https --permanent

Reload the Firewall to apply the changes.

$ sudo firewall-cmd --reload

2. Install MinIO

MinIO is available as a binary file, written in GO language. Download it from the official website.

$ wget https://dl.min.io/server/minio/release/linux-amd64/minio -O /usr/local/bin/minio

Change the file permissions to make it executable.

$ sudo chmod +x /usr/local/bin/minio

Configure SELinux permissions for the file.

$ sudo restorecon -v /usr/local/bin/minio

Verify the installation by printing out the version information.

$ minio --version
minio version RELEASE.2022-04-16T04-26-02Z

3. Configure MinIO

Create a user to run the MinIO server.

$ sudo useradd -r minio-user -s /sbin/nologin

Change the ownership of the MinIO binary.

$ sudo chown minio-user:minio-user /usr/local/bin/minio

Create a directory to store MinIO server configuration files.

$ sudo mkdir /etc/minio

Change the ownership of the configuration directory.

$ sudo chown minio-user:minio-user /etc/minio

Give ownership to the mount directory.

$ sudo chown minio-user:minio-user /mnt/data

Create the default environment file and open it for editing.

$ sudo nano /etc/default/minio/

Paste the following lines in the file.

MINIO_VOLUMES="/mnt/data"
MINIO_OPTS="-C /etc/minio --address :9000 --console-address :9001"
MINIO_ROOT_USER="minio"
MINIO_ROOT_PASSWORD="ChooseAStrongPassword"

Save the file by pressing Ctrl+X, then Y.

4. Set Up MinIO Service

Download the service unit file from MinIO's GitHub repository.

$ wget https://raw.githubusercontent.com/minio/minio-service/master/linux-systemd/minio.service -O /etc/systemd/system/minio.service

Configure SELinux to allow the service to run.

sudo restorecon -v /etc/systemd/system/minio.service

Reload the service daemon.

$ sudo systemctl daemon-reload

Enable the MinIO service.

$ sudo systemctl enable minio

5. Start MinIO Server

Start the MinIO server.

$ sudo systemctl start minio

Check the status of the server.

$ sudo systemctl status minio

Open the URL http://your_server_ip:9001 in the browser to access the MinIO console.

6. Install and Configure Certbot

Certbot tool uses Let's Encrypt API to request SSL Certificates. It requires the EPEL repository for installation.

Install EPEL repository.

$ sudo dnf install epel-release

Install Certbot.

$ sudo dnf install certbot

Request an SSL certificate for MinIO using standalone mode.

$ sudo certbot certonly --standalone --agree-tos --no-eff-email --preferred-challenges http -m name@example.com -d minio.example.com

The certificate is now available from the /etc/letsencrypt/live/minio.example.com directory.

Copy the certificate files to the /etc/minio/certs folder.

$ sudo cp /etc/letsencrypt/live/minio.example.com/privkey.pem /etc/minio/certs/private.key
$ sudo cp /etc/letsencrypt/live/minio.example.com/fullchain.pem /etc/minio/certs/public.crt

Change the ownership of the certificates.

$ sudo chown minio-user:minio-user /etc/minio/certs/private.key
$ sudo chown minio-user:minio-user /etc/minio/certs/public.crt

Open the MinIO default configuration file.

$ sudo nano /etc/default/minio

Add the following line at the bottom of the file.

MINIO_SERVER_URL="https://minio.example.com:9000"

Save the file by pressing Ctrl+X, then Y.

Restart MinIO Server to apply the changes.

$ sudo systemctl restart minio

Create the file /etc/minio/certcopy.sh to copy the certificates after every renewal and open it for editing.

$ sudo nano /etc/minio/certcopy.sh

Paste the following code in it.

#!/bin/sh
cp -f /etc/letsencrypt/live/minio.example.com/privkey.pem /etc/minio/certs/private.key
cp -f /etc/letsencrypt/live/minio.example.com/fullchain.pem /etc/minio/certs/public.crt

Save the file by pressing Ctrl+X, then Y.

Make the file executable.

$ sudo chmod +x /etc/minio/certcopy.sh

Open the file /etc/letsencrypt/renewal/minio.example.com.conf for editing.

$ sudo nano /etc/letsencrypt/renewal/minio.example.com.conf

Add the following line at the bottom.

post_hook = /etc/minio/certcopy.sh

Save the file by pressing Ctrl+X, then Y.

The post_hook option runs the certcopy.sh script after every renewal eliminating the need to copy the certificates manually.

7. Access MinIO

You can access MinIO by opening the URL https://minio.example.com:9001 in your browser.

Enter the root username and password set earlier to log in.

You can start using MinIO to create buckets and store your data. You can use either the official MinIO client or any S3 compatible tool to access and manage the uploaded data.

Conclusion

You have successfully installed and configured the MinIO server on your Rocky Linux 8 server. For more information, you can check out the following resources.

• MinIO Documentation
• MinIO Community
• MinIO GitHub