{"id":3047,"date":"2022-06-25T13:10:01","date_gmt":"2022-06-25T17:10:01","guid":{"rendered":"https:\/\/dft.wiki\/?p=3047"},"modified":"2026-06-08T17:28:21","modified_gmt":"2026-06-08T21:28:21","slug":"deploying-an-s3-compatible-block-storage-server-with-minio","status":"publish","type":"post","link":"https:\/\/dft.wiki\/?p=3047","title":{"rendered":"Deploying S3 Compatible Block Storage"},"content":{"rendered":"<p>The original purpose of this post was to showcase and walk through the steps to deploy and operate MinIO, which was the most widely deployed S3-compatible object storage solution prior to its rugpull for profit. This is a long story I will not cover here, but the Community Edition is currently out of support.<\/p>\n<p>Even though it is <span style=\"text-decoration: underline;\">not recommended to use MinIO in production<\/span> or to leave it directly exposed to the internet, I will keep the original instructions at the end of this post and highlight <span style=\"text-decoration: underline;\">the most popular alternatives<\/span>:<\/p>\n<ul>\n<li><strong>RustFS<\/strong> [<a href=\"https:\/\/github.com\/rustfs\/rustfs\">Link<\/a>]<\/li>\n<li><strong>Garage<\/strong> [<a href=\"https:\/\/git.deuxfleurs.fr\/Deuxfleurs\/garage\">Link<\/a>]<\/li>\n<li><strong>SeaweedFS<\/strong> [<a href=\"https:\/\/github.com\/seaweedfs\/seaweedfs\">Link<\/a>]<\/li>\n<\/ul>\n<hr \/>\n<p><strong>RUSTFS<\/strong><\/p>\n<p>I want to start with RustFS because it is the one that impressed me the most with how easy it is to deploy and use [<a href=\"https:\/\/github.com\/rustfs\/rustfs\">Link<\/a>]. The language it is written in should be self-explanatory.<\/p>\n<p>It integrates well with TrueNAS CE for quick deployment.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-5239\" src=\"https:\/\/dft.wiki\/wp-content\/uploads\/sites\/15\/2022\/06\/Screenshot_2026-01-16_10-42-55.png\" alt=\"\" width=\"457\" height=\"171\" srcset=\"https:\/\/dft.wiki\/wp-content\/uploads\/sites\/15\/2022\/06\/Screenshot_2026-01-16_10-42-55.png 457w, https:\/\/dft.wiki\/wp-content\/uploads\/sites\/15\/2022\/06\/Screenshot_2026-01-16_10-42-55-300x112.png 300w\" sizes=\"auto, (max-width: 457px) 100vw, 457px\" \/><\/p>\n<p>For deploying on Linux systems:<\/p>\n<pre>curl -O https:\/\/rustfs.com\/install_rustfs.sh &amp;&amp; sudo bash install_rustfs.sh<\/pre>\n<p>For use with TLS certificates such as Let&#8217;s Encrypt:<\/p>\n<pre>sudo mkdir -p \/opt\/tls\r\necho 'RUSTFS_TLS_PATH=\"\/opt\/tls\"' | sudo tee -a \/etc\/default\/rustfs\r\nsudo sed 's\/9000\/443\/g' \/etc\/default\/rustfs -i<\/pre>\n<p>Place the certificate and key files in that directory with the correct names and RustFS will load them at startup:<\/p>\n<pre>cat \/etc\/letsencrypt\/live\/example.com\/privkey.pem   | sudo tee \/opt\/tls\/rustfs_key.pem\r\ncat \/etc\/letsencrypt\/live\/example.com\/fullchain.pem | sudo tee \/opt\/tls\/rustfs_cert.pem<\/pre>\n<p>Restart the service:<\/p>\n<pre>systemctl restart rustfs<\/pre>\n<p>Alternatively, deploy RustFS as a Docker container:<\/p>\n<pre>docker run -d --name rustfs -e RUSTFS_TLS_PATH=\"\/opt\/tls\/\" -v \/opt\/tls:\/opt\/tls -p 9000:443 -p 9001:9001 -v \/data:\/data rustfs\/rustfs:latest<\/pre>\n<p>In all cases, make sure the Console Dashboard is not directly exposed to the internet without proper security layers, such as a VPN or an IP allowlist.<\/p>\n<hr \/>\n<p><strong>GARAGE<\/strong><\/p>\n<ul>\n<li>Garage [<a href=\"https:\/\/git.deuxfleurs.fr\/Deuxfleurs\/garage\">Link<\/a>]<\/li>\n<\/ul>\n<p>(in-progress)<\/p>\n<hr \/>\n<p><strong>SEAWEEDFS<\/strong><\/p>\n<ul>\n<li>SeaweedFS [<a href=\"https:\/\/github.com\/seaweedfs\/seaweedfs\">Link<\/a>]<\/li>\n<\/ul>\n<p>(in-progress)<\/p>\n<hr \/>\n<p><strong>MINIO (unmaintained)<\/strong><\/p>\n<p><strong>MinIO<\/strong> was an open source [<a href=\"https:\/\/github.com\/minio\/minio\">Link<\/a>] high-performance object storage API written in Go, compatible with <strong>Amazon S3<\/strong> cloud storage. It can handle unstructured data (photos, videos, log files, backups, container images, etc.) with objects up to 5 TB in size.<\/p>\n<p>Its enterprise-class features support striping files across multiple disks and reliably recovering data even when multiple drives fail. Based on its parity\/hash logic, it also heals corrupted files on the fly to ensure data integrity.<\/p>\n<p>MinIO also features server-side encryption, continuous site replication, bucket versioning, deletion protection, event notifications, lifecycle management, access rules, clustering, and integration with public cloud services.<\/p>\n<hr \/>\n<p><strong>DEPLOYMENT METHODS<\/strong><\/p>\n<ul>\n<li>From a <strong>binary:<\/strong>\n<ul>\n<li>Download the binary for your CPU architecture and run it directly with no installation required, or install it via your package manager.<\/li>\n<\/ul>\n<\/li>\n<li>From a <strong>container:<\/strong>\n<ul>\n<li>A single command spins up a new instance. Great for evaluation and development.<\/li>\n<\/ul>\n<\/li>\n<li>From <strong>source code:<\/strong>\n<ul>\n<li>Using Go&#8217;s native tooling, you can pull and compile the binary yourself. This is the most secure option.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<hr \/>\n<p><strong>BINARY EXECUTION<\/strong><\/p>\n<ul>\n<li><strong>Linux<\/strong>\n<ul>\n<li>\n<pre>export MINIO_ROOT_USER=<strong>admin<\/strong>\r\nexport MINIO_ROOT_PASSWORD=<strong>strongpassword\r\n<\/strong>wget https:\/\/dl.min.io\/server\/minio\/release\/<strong>linux-amd64<\/strong>\/minio\r\nchmod +x <strong>minio<\/strong>\r\n.\/minio server <strong>\/PATH\/data <\/strong>--console-address \":<strong>9001<\/strong>\"<\/pre>\n<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<ul>\n<li><strong>ARM<\/strong> (Raspberry Pi)\n<ul>\n<li>\n<pre>export MINIO_ROOT_USER=<strong>admin<\/strong>\r\nexport MINIO_ROOT_PASSWORD=<strong>strongpassword<\/strong>\r\nwget https:\/\/dl.min.io\/server\/minio\/release\/<strong>linux-arm64<\/strong>\/minio\r\nchmod +x <strong>minio<\/strong>\r\n.\/minio server <strong>\/PATH\/data <\/strong>--console-address \":<strong>9001<\/strong>\"<\/pre>\n<\/li>\n<\/ul>\n<\/li>\n<li><strong>macOS<\/strong>\n<ul>\n<li>\n<pre>export MINIO_ROOT_USER=<strong>admin<\/strong>\r\nexport MINIO_ROOT_PASSWORD=<strong>strongpassword<\/strong>\r\nwget https:\/\/dl.min.io\/server\/minio\/release\/<strong>darwin-amd64<\/strong>\/minio\r\nchmod +x <strong>minio<\/strong>\r\n.\/minio server <strong>\/PATH\/data <\/strong>--console-address \":<strong>9001<\/strong>\"<\/pre>\n<\/li>\n<\/ul>\n<\/li>\n<li><strong>Windows<\/strong>\n<ul>\n<li>\n<pre><strong>PS&gt;<\/strong> Invoke-WebRequest -Uri \"https:\/\/dl.min.io\/server\/minio\/release\/windows-amd64\/minio.exe\" -OutFile \"C:\\minio.exe\"\r\n<strong>PS&gt;<\/strong> setx MINIO_ROOT_USER <strong>admin<\/strong>\r\n<strong>PS&gt;<\/strong> setx MINIO_ROOT_PASSWORD <strong>strongpassword<\/strong>\r\n<strong>PS&gt;<\/strong> C:\\minio.exe server <strong>D:\\Data<\/strong> --console-address \":<strong>9001<\/strong>\"<\/pre>\n<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<hr \/>\n<p><strong>PACKAGE MANAGER INSTALLATION<\/strong><\/p>\n<ul>\n<li><strong>Linux<\/strong>\n<ul>\n<li>For <strong>Debian-based<\/strong> distributions:\n<ul>\n<li>\n<pre>wget https:\/\/dl.min.io\/server\/minio\/release\/linux-amd64\/minio_<strong>20220620231345.0.0<\/strong>_amd64.deb\r\nsudo dpkg -i minio_<strong>20220620231345.0.0<\/strong>_amd64.deb<\/pre>\n<\/li>\n<\/ul>\n<\/li>\n<li>For <strong>RHEL-based<\/strong> distributions:\n<ul>\n<li>\n<pre>wget https:\/\/dl.min.io\/server\/minio\/release\/linux-amd64\/minio-<strong>20220620231345.0.0<\/strong>.x86_64.rpm\r\nsudo rpm -i minio-<strong>20220620231345.0.0<\/strong>.x86_64.rpm<\/pre>\n<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<li><strong>ARM<\/strong> (Raspberry Pi)\n<ul>\n<li>For <strong>Debian-based<\/strong> distributions:\n<ul>\n<li>\n<pre>wget https:\/\/dl.min.io\/server\/minio\/release\/linux-arm64\/minio_<strong>20220620231345.0.0<\/strong>_arm64.deb\r\nsudo dpkg -i minio_<strong>20220620231345.0.0<\/strong>_amd64.deb<\/pre>\n<\/li>\n<\/ul>\n<\/li>\n<li>For <strong>RHEL-based<\/strong> distributions:\n<ul>\n<li>\n<pre>wget https:\/\/dl.min.io\/server\/minio\/release\/linux-arm64\/minio-<strong>20220620231345.0.0<\/strong>.aarch64.rpm\r\nsudo rpm -i minio-<strong>20220620231345.0.0<\/strong>.x86_64.rpm<\/pre>\n<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<li><strong>macOS<\/strong>\n<ul>\n<li>\n<pre lang=\"sh\">brew install minio\/stable\/minio\r\nminio server start<\/pre>\n<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<hr \/>\n<p><strong>DOCKER DEPLOYMENT<\/strong><\/p>\n<ul>\n<li>Using <strong>Docker:<\/strong>\n<ul>\n<li>\n<pre>sudo docker run -p 9000:9000 -p 9001:9001 -v <strong>\/PATH\/data<\/strong>:\/data quay.io\/minio\/minio server <strong>\/PATH\/data<\/strong> --console-address \":9001\"<\/pre>\n<\/li>\n<\/ul>\n<\/li>\n<li>Using <strong>Podman:<\/strong>\n<ul>\n<li>\n<pre>podman run -p 9000:9000 -p 9001:9001 -v <strong>\/PATH\/data<\/strong>:\/data quay.io\/minio\/minio server <strong>\/PATH\/data<\/strong> --console-address \":9001\"<\/pre>\n<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<hr \/>\n<p><strong>COMPILING FROM SOURCE<\/strong><\/p>\n<ul>\n<li>Using <strong>Go:<\/strong>\n<ul>\n<li>\n<pre>GO111MODULE=on go install github.com\/minio\/minio@latest<\/pre>\n<\/li>\n<\/ul>\n<\/li>\n<li><strong>Manually:<\/strong>\n<ul>\n<li>\n<pre>git clone https:\/\/github.com\/minio\/minio.git\r\ncd minio\/\r\nmake\r\nmake install<\/pre>\n<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<hr \/>\n<p><strong>FIREWALL SETTINGS<\/strong><\/p>\n<ul>\n<li><strong>UFW<\/strong>\n<ul>\n<li>\n<pre>sudo ufw allow 9000:9001\/tcp<\/pre>\n<\/li>\n<\/ul>\n<\/li>\n<li><strong>firewall-cmd<\/strong>\n<ul>\n<li>\n<pre>sudo firewall-cmd --zone=public --add-port=9000-9001\/tcp --permanent\r\nsudo firewall-cmd --reload<\/pre>\n<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<hr \/>\n<p><strong>BONUS<\/strong><\/p>\n<ul>\n<li>Securing\n<ul>\n<li>\n<pre>sudo useradd -r <strong>minioUser<\/strong> -s \/sbin\/nologin\r\nsudo mkdir -p <strong>\/PATH\/data<\/strong>\r\nsudo chown <strong>minioUser:<\/strong><strong>minioUser<\/strong> \/PATH\/data\r\nsudo chmod <strong>770<\/strong> \/PATH\/data<\/pre>\n<\/li>\n<\/ul>\n<\/li>\n<li>Configuration File\n<ul>\n<li>\n<pre>sudo nano \/etc\/default\/minio<\/pre>\n<\/li>\n<li>\n<pre>MINIO_ROOT_USER=<strong>admin<\/strong>\r\nMINIO_ROOT_PASSWORD=<strong>strongpassword <\/strong>\r\nMINIO_VOLUMES=<strong>\"\/PATH\/data\"<\/strong>\r\nMINIO_OPTS=\"--certs-dir \/home\/<strong>minioUser<\/strong>\/.minio\/certs --console-address :<strong>9001<\/strong>\"<\/pre>\n<\/li>\n<li>\n<pre>sudo chown <strong>minioUser:minioUser<\/strong> \/etc\/default\/minio\r\nsudo chmod <strong>770<\/strong> \/etc\/default\/minio<\/pre>\n<\/li>\n<\/ul>\n<\/li>\n<li>Running as a Service\n<ul>\n<li>\n<pre>sudo nano \/etc\/systemd\/system\/<strong>minio<\/strong>.service<\/pre>\n<\/li>\n<li>\n<pre>[Unit]\r\nDescription=MinIO\r\nWants=network-online.target\r\nAfter=network-online.target\r\n\r\n[Service]\r\nWorkingDirectory=\/usr\/local\/\r\nUser=<strong>minioUser<\/strong>\r\nGroup=<strong>minioUser<\/strong>\r\nProtectProc=invisible\r\n\r\nEnvironmentFile=\/etc\/default\/minio\r\nExecStart=<strong>\/usr\/local\/bin\/minio<\/strong> server $MINIO_OPTS $MINIO_VOLUMES\r\nRestart=always\r\nLimitNOFILE=1048576\r\nTasksMax=infinity\r\nTimeoutStopSec=infinity\r\nSendSIGKILL=no\r\n\r\n[Install]\r\nWantedBy=multi-user.target<\/pre>\n<\/li>\n<li>\n<pre>sudo systemctl daemon-reload\r\nsudo systemctl enable <strong>minio<\/strong>\r\nsudo systemctl start <strong>minio<\/strong>\r\nsudo systemctl status <strong>minio<\/strong><\/pre>\n<\/li>\n<\/ul>\n<\/li>\n<li>MinIO Client\n<ul>\n<li>Download\n<ul>\n<li>\n<pre>wget https:\/\/dl.min.io\/client\/mc\/release\/linux-<strong>amd64<\/strong>\/mc\r\nchmod +x mc\r\n.\/mc --help\r\nsudo mv mc \/usr\/local\/bin\r\nmc --help<\/pre>\n<\/li>\n<\/ul>\n<\/li>\n<li>Configuration\n<ul>\n<li>\n<pre>.\/mc alias set <strong>&lt;ALIAS&gt;<\/strong> http:\/\/&lt;YOUR-S3-ENDPOINT&gt;:9000 <strong>&lt;YOUR-ACCESS-KEY&gt; &lt;YOUR-SECRET-KEY&gt;\r\n<\/strong>.\/mc ls <strong>&lt;ALIAS&gt;<\/strong>\r\n<\/pre>\n<\/li>\n<\/ul>\n<\/li>\n<li>Basic commands (<strong>&lt;ALIAS&gt; = s3<\/strong>)\n<ul>\n<li>mc <strong>ls<\/strong> <strong>s3<\/strong>\n<ul>\n<li>List buckets.<\/li>\n<\/ul>\n<\/li>\n<li>mc mb s3\/new-bucket\n<ul>\n<li>Create a new bucket.<\/li>\n<\/ul>\n<\/li>\n<li>mc rm s3\/new-bucket\n<ul>\n<li>Delete a bucket.<\/li>\n<\/ul>\n<\/li>\n<li>mc <strong>ls<\/strong> s3\/<strong>bucket<\/strong>\n<ul>\n<li>List the contents of a bucket.<\/li>\n<\/ul>\n<\/li>\n<li>mc <strong>cp<\/strong> <strong>localFile<\/strong> s3\/bucket\/remoteFile\n<ul>\n<li>Copy a file from local to remote.<\/li>\n<\/ul>\n<\/li>\n<li>mc <strong>cp<\/strong> s3\/bucket\/remoteFile <strong>localFile<\/strong>\n<ul>\n<li>Copy a file from remote to local.<\/li>\n<\/ul>\n<\/li>\n<li>mc <strong>cp<\/strong> s3\/backup\/fileName s3\/backup\/<strong>copiedFile<\/strong>\n<ul>\n<li>Copy a file within the same bucket (also works between buckets).<\/li>\n<\/ul>\n<\/li>\n<li>mc <strong>mv<\/strong> s3\/backup\/fileName s3\/backup\/<strong>renamedFile<\/strong>\n<ul>\n<li>Rename or move a file within the same bucket (also works between buckets).<\/li>\n<\/ul>\n<\/li>\n<li>mc rm s3\/backup\/<strong>fileToRemove<\/strong>\n<ul>\n<li>Delete a file (object).<\/li>\n<\/ul>\n<\/li>\n<li>mc <strong>find<\/strong> s3 &#8211;name &#8220;<strong>*.zip<\/strong>&#8221;\n<ul>\n<li>Search all buckets for files by name (also supports regex, max depth, age, and more).<\/li>\n<\/ul>\n<\/li>\n<li>mc <strong>find<\/strong> s3\/bucket &#8211;name &#8220;*.zip&#8221; <strong>&#8211;exec<\/strong> &#8220;mc cp {} .&#8221;\n<ul>\n<li>Run an external command for each matching object, such as copying it to the current directory.<\/li>\n<\/ul>\n<\/li>\n<li>mc <strong>mirror<\/strong> backup\/ s3\/backup\n<ul>\n<li>Recursively sync a local directory to a remote location (also works between remote locations).<\/li>\n<\/ul>\n<\/li>\n<li>mc <strong>update<\/strong>\n<ul>\n<li>Update the client to the latest version.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<li>Additional commands\n<ul>\n<li><strong>cat<\/strong><\/li>\n<li><strong>head<\/strong><\/li>\n<li><strong>pipe<\/strong><\/li>\n<li><strong>sql<\/strong><\/li>\n<li><strong>stat<\/strong><\/li>\n<li><strong>tree<\/strong><\/li>\n<li><strong>du<\/strong><\/li>\n<li><strong>retention<\/strong><\/li>\n<li><strong>legalhold<\/strong><\/li>\n<li><strong>share<\/strong><\/li>\n<li><strong>version<\/strong><\/li>\n<li><strong>ilm<\/strong><\/li>\n<li><strong>encrypt<\/strong><\/li>\n<li><strong>event<\/strong><\/li>\n<li><strong>watch<\/strong><\/li>\n<li><strong>undo<\/strong><\/li>\n<li><strong>anonymous<\/strong><\/li>\n<li><strong>tag<\/strong><\/li>\n<li><strong>diff<\/strong><\/li>\n<li><strong>replicate<\/strong><\/li>\n<\/ul>\n<\/li>\n<li>Administrative commands\n<ul>\n<li>mc admin <strong>config get<\/strong> s3 site\n<ul>\n<li>Get configuration information.<\/li>\n<\/ul>\n<\/li>\n<li>mc admin <strong>config set<\/strong> s3 site name=mys3\n<ul>\n<li>Set configuration information.<\/li>\n<\/ul>\n<\/li>\n<li>mc admin <strong>service restart<\/strong> s3\n<ul>\n<li>Restart the service.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<li>Upgrading\n<ul>\n<li>\n<pre>mc <strong>admin update<\/strong> s3<\/pre>\n<\/li>\n<\/ul>\n<\/li>\n<li>Backups\n<ul>\n<li>\n<pre>tar zcf - \/<strong>PATH<\/strong> | mc pipe -q &lt;ALIAS&gt;\/&lt;BUCKET&gt;\/<strong>fileName<\/strong>.tar.gz\r\nmysqldump --no-tablespaces --lock-tables=false <strong>dbName<\/strong> | gzip -c | mc pipe -q &lt;ALIAS&gt;\/&lt;BUCKET&gt;\/<strong>fileName<\/strong>.tar.gz<\/pre>\n<\/li>\n<\/ul>\n<\/li>\n<li>Versioning and Lifecycle\n<ul>\n<li>\n<pre>mc mb --with-lock &lt;ALIAS&gt;\/&lt;BUCKET&gt;\r\nmc version enable &lt;ALIAS&gt;\/&lt;BUCKET&gt;\r\nmc ilm rule add --noncurrent-expire-days 30 &lt;ALIAS&gt;\/&lt;BUCKET&gt;\r\nmc ilm rule add --expire-days 90 --noncurrent-expire-days 30 &lt;ALIAS&gt;\/&lt;BUCKET&gt;\r\nmc ls --versions &lt;ALIAS&gt;\/&lt;BUCKET&gt;<\/pre>\n<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<li>Encrypting\n<ul>\n<li>I recommend placing a web server such as Apache, NGINX, or Varnish between the client and the MinIO server to simplify certificate management, virtual hosting, load balancing, and caching.<\/li>\n<li>That said, MinIO has built-in support for encrypted communication using either a self-signed certificate or a public certificate from Let&#8217;s Encrypt via Certbot:\n<ul>\n<li>\n<pre>sudo apt install snapd\r\nsudo snap install core \r\nsudo snap refresh core\r\nsudo snap install --classic certbot\r\nsudo ln -s \/snap\/bin\/certbot \/usr\/bin\/certbot\r\nsudo certbot certonly --standalone --agree-tos --no-eff-email --staple-ocsp --preferred-challenges http -m user@domain.com -d minio.domain.com\r\nsudo cp \/etc\/letsencrypt\/live\/minio.domain.com\/privkey.pem <strong>\/home\/minioUser\/.minio<\/strong>\/certs\/private.key\r\nsudo cp \/etc\/letsencrypt\/live\/minio.domain.com\/fullchain.pem <strong>\/home\/minioUser\/.minio<\/strong>\/certs\/public.crt\r\nsudo ufw allow 80\r\nsudo ufw allow 443<\/pre>\n<\/li>\n<li>\n<pre>sudo nano \/etc\/default\/minio<\/pre>\n<\/li>\n<li>\n<pre>MINIO_SERVER_URL=\"<strong>https<\/strong>:\/\/minio.domain.com:9000\"<\/pre>\n<\/li>\n<li>\n<pre>sudo systemctl <strong>restart<\/strong> minio<\/pre>\n<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<li>Optional environment variables\n<ul>\n<li>\n<pre>export MINIO_DOMAIN=<strong>domain.com<\/strong>\r\nexport MINIO_SITE_NAME=<strong>mysite\r\n<\/strong>export MINIO_SITE_REGION=<strong>global\r\n<\/strong>export MINIO_SITE_COMMENT=<strong>\"My Block Storage\"\r\n<\/strong>export MINIO_API_REQUESTS_MAX=<strong>1600<\/strong>\r\nexport MINIO_API_REQUESTS_DEADLINE=<strong>1m<\/strong>\r\nexport MINIO_API_CORS_ALLOW_ORIGIN=<strong>\"https:\/\/domain-a.com,https:\/\/domain-b.com\"<\/strong>\r\nexport MINIO_API_REMOTE_TRANSPORT_DEADLINE=<strong>2h\r\n<\/strong>export MINIO_BROWSER=<strong>off\r\n<\/strong><\/pre>\n<\/li>\n<\/ul>\n<\/li>\n<li>Multiple resources\n<ul>\n<li>Maps resources based on the host address:\n<ul>\n<li>\n<pre>minio server https:\/\/minio-<strong>{1...4}<\/strong>.example.net\/mnt\/disk-<strong>{1...4}<\/strong> --console-address \":9001\"<\/pre>\n<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<li>Directory Tree\n<ul>\n<li>Certificates are stored by default in the home directory of the user running the binary:\n<ul>\n<li>\/home\/minioUser\/<strong>.minio<\/strong>\/\n<ul>\n<li>\n<pre>\u2514\u2500\u2500 certs\r\n    \u2514\u2500\u2500 CAs\r\n<\/pre>\n<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<li>All instance configuration is stored in a hidden directory inside the data volume:\n<ul>\n<li>\/PATH\/data\/<strong>.minio.sys<\/strong>\/\n<ul>\n<li>\n<pre>\u251c\u2500\u2500 buckets\r\n\u251c\u2500\u2500 config\r\n\u2502   \u251c\u2500\u2500 config.json\r\n\u2502   \u2502   \u2514\u2500\u2500 xl.meta\r\n\u2502   \u2514\u2500\u2500 iam\r\n\u2502       \u251c\u2500\u2500 format.json\r\n\u2502       \u2502   \u2514\u2500\u2500 xl.meta\r\n\u2502       \u251c\u2500\u2500 policydb\r\n\u2502       \u2502   \u2514\u2500\u2500 users\r\n\u2502       \u2502       \u2514\u2500\u2500 username.json\r\n\u2502       \u2502           \u2514\u2500\u2500 xl.meta\r\n\u2502       \u251c\u2500\u2500 sts\r\n\u2502       \u2502   \u251c\u2500\u2500 2G67ZRC44SCKLVLLZVGT\r\n\u2502       \u2502   \u2502   \u2514\u2500\u2500 identity.json\r\n\u2502       \u2502   \u2502       \u2514\u2500\u2500 xl.meta\r\n\u2502       \u2502   \u251c\u2500\u2500 3KEUK011NRQIOOS0AK0R\r\n\u2502       \u2502   \u2502   \u2514\u2500\u2500 identity.json\r\n\u2502       \u2502   \u2502       \u2514\u2500\u2500 xl.meta\r\n\u2502       \u2502   \u2514\u2500\u2500 AAQ83Z1Z279SWO7VMH5T\r\n\u2502       \u2502       \u2514\u2500\u2500 identity.json\r\n\u2502       \u2502           \u2514\u2500\u2500 xl.meta\r\n\u2502       \u2514\u2500\u2500 users\r\n\u2502           \u2514\u2500\u2500 username\r\n\u2502               \u2514\u2500\u2500 identity.json\r\n\u2502                   \u2514\u2500\u2500 xl.meta\r\n\u251c\u2500\u2500 format.json\r\n\u251c\u2500\u2500 ilm\r\n\u2502   \u2514\u2500\u2500 deletion-journal.bin\r\n\u251c\u2500\u2500 multipart\r\n\u251c\u2500\u2500 tmp\r\n\u2514\u2500\u2500 tmp-old<\/pre>\n<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p>MinIO CE underwent a major overhaul that removed several administrative features from its Console. Here are some workarounds you may need.<\/p>\n<p>Deploying from source:<\/p>\n<pre>sudo snap install go --classic\r\ngo install -v github.com\/minio\/minio@latest\r\nsudo mkdir \/data\r\nsudo chown minio:minio \/data\r\nsudo chown -R minio:minio \/data\r\nsudo nano \/etc\/systemd\/system\/minio.service<\/pre>\n<p>To run it as a service:<\/p>\n<pre>[Unit]\r\nDescription=MinIO\r\nWants=network-online.target\r\nAfter=network-online.target\r\n\r\n[Service]\r\nUser=minio\r\nGroup=minio\r\nProtectProc=invisible\r\n\r\nEnvironment=\"MINIO_ROOT_USER=admin_user\"\r\nEnvironment=\"MINIO_ROOT_PASSWORD=strong_password\"\r\nEnvironment=\"MINIO_BROWSER_REDIRECT_URL=https:\/\/minio-console.simnet.cloud\"\r\nExecStart=\/home\/minio\/go\/bin\/minio server \/data --console-address :9001\r\nRestart=always\r\nLimitNOFILE=1048576\r\nTasksMax=infinity\r\nTimeoutStopSec=infinity\r\nSendSIGKILL=no\r\n\r\n[Install]\r\nWantedBy=multi-user.target<\/pre>\n<p>Load and start the service:<\/p>\n<pre>sudo systemctl daemon-reload\r\nsudo systemctl enable --now minio\r\njournalctl -u minio -f<\/pre>\n<ul>\n<li>If using NGINX as a reverse proxy:\n<ul>\n<li>Remove or increase the upload size limit.<\/li>\n<li>The new file browser in the UI requires <strong>WebSocket<\/strong>.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<pre><strong>client_max_body_size 0;<\/strong>\r\nlocation \/ {\r\n  proxy_pass http:\/\/127.0.0.1:9001;\r\n  proxy_set_header Host $host;\r\n  proxy_set_header X-Real-IP $remote_addr;\r\n  proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;\r\n  proxy_set_header X-Forwarded-Proto $scheme;\r\n  proxy_connect_timeout 300;\r\n  proxy_send_timeout 300;\r\n  proxy_read_timeout 300;\r\n  chunked_transfer_encoding on;\r\n<strong>  # WebSocket<\/strong>\r\n<strong>  proxy_http_version 1.1;<\/strong>\r\n<strong>  proxy_set_header Upgrade $http_upgrade;<\/strong>\r\n<strong>  proxy_set_header Connection \"upgrade\";<\/strong>\r\n}<\/pre>\n<ul>\n<li>Create a bucket with versioning and locking via the CLI:<\/li>\n<\/ul>\n<pre>mc mb --with-lock minio\/acs\r\nmc retention set --default GOVERNANCE \"30d\" minio\/acs<\/pre>\n<hr \/>\n<p><strong>READ MORE<\/strong><\/p>\n<p>Configure a <strong>Reverse Proxy with HTTP<\/strong> for MinIO [<a href=\"https:\/\/dft.wiki\/?p=2178\">Link<\/a>].<\/p>\n<p>Configure a <strong>Reverse Proxy with Cache<\/strong> for MinIO [<a href=\"https:\/\/dft.wiki\/?p=2961\">Link<\/a>].<\/p>\n<p>Check out the backup tools <strong>Duplicati<\/strong> (open source) [<a href=\"https:\/\/github.com\/duplicati\/duplicati\">Link<\/a>], <strong>Duplicity<\/strong> [<a href=\"https:\/\/gitlab.com\/duplicity\/duplicity\">Link<\/a>], and <strong>Duplicacy<\/strong> [<a href=\"https:\/\/github.com\/gilbertchen\/duplicacy\/\">Link<\/a>], all of which are <span style=\"text-decoration: underline;\">S3 compatible<\/span>, among many other features.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>The original purpose of this post was to showcase and walk through the steps to [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4,7],"tags":[],"class_list":["post-3047","post","type-post","status-publish","format-standard","hentry","category-linux","category-web"],"_links":{"self":[{"href":"https:\/\/dft.wiki\/index.php?rest_route=\/wp\/v2\/posts\/3047","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/dft.wiki\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/dft.wiki\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/dft.wiki\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/dft.wiki\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=3047"}],"version-history":[{"count":18,"href":"https:\/\/dft.wiki\/index.php?rest_route=\/wp\/v2\/posts\/3047\/revisions"}],"predecessor-version":[{"id":5668,"href":"https:\/\/dft.wiki\/index.php?rest_route=\/wp\/v2\/posts\/3047\/revisions\/5668"}],"wp:attachment":[{"href":"https:\/\/dft.wiki\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=3047"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/dft.wiki\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=3047"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/dft.wiki\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=3047"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}