一、實驗背景
從基於雲的備份解決方案到高可用性內容傳送網絡(CDN),對象存儲已成爲現代技術領域不可分割的一部分。 而且,由於其佔地面積小,界面簡單,與多個雲存儲服務兼容, Minio對象存儲服務器具有很大的衝擊力。
Minio是一種開源對象存儲服務器,可將非結構化數據(如照片,視頻,虛擬機映像,容器和日誌文件)存儲爲對象。
在分佈式模式下,Minio提供了一個單一的對象存儲服務器,它可以跨多個服務器分佈多個驅動器。
Minio由Go語言編寫,附帶命令行客戶端和瀏覽器界面,並支持高級消息隊列協議(AMQP) , 彈性搜索 , Redis , NATS和Postgres目標的簡單排隊服務。
在本教程中,您將:
在CentOS7服務器上安裝Minio服務器,並將其配置爲systemd服務
使用“加密”設置SSL / TLS證書,以確保服務器和客戶端之間的通信安全
通過HTTPS訪問Minio的瀏覽器界面,以使用和管理服務器
二、實驗環境
操作系統: CentOS7.5 Minmal
minioServer: 192.168.1.103
三、安裝minioSever
1.創建minio安裝相關目錄
# mkdir /usr/local/minio
# mkdir /usr/local/minio/bin
# mkdir /usr/local/minio/etc
# mkdir /home/minio/data
2. 創建minio運行用戶
# groupadd -g 2019 minio
# useradd -r -u 2019 -g 2019 -c "Minio User" -s /sbin/nologin minio
# id minio
# cat /etc/passwd
3.下載minio的二進制文件
# curl -O https://dl.minio.io/server/minio/release/linux-amd64/minio
# chmod 755 minio
# ./minio --help
# cp minio /usr/local/minio/bin
4. 創建minio配文件
# vim /usr/local/minio/etc/minio.conf
##########################################################
MINIO_VOLUMES="/usr/local/minio/data"
MINIO_OPTS="-C /usr/local/minio/etc --address 192.168.1.103:9000"
##########################################################
# vim /etc/systemd/system/minio.service
######################################################################
[Unit]
Description=MinIO
Documentation=https://docs.min.io
Wants=network-online.target
After=network-online.target
AssertFileIsExecutable=/usr/local/minio/bin/minio
[Service]
# User and group
User=minio
Group=minio
EnvironmentFile=/usr/local/minio/etc/minio.conf
ExecStart=/usr/local/minio/bin/minio server $MINIO_OPTS $MINIO_VOLUMES
# Let systemd restart this service always
Restart=always
# Specifies the maximum file descriptor number that can be opened by this process
LimitNOFILE=65536
# Disable timeout logic and wait until process is stopped
TimeoutStopSec=infinity
SendSIGKILL=no
[Install]
WantedBy=multi-user.target
########################################################################
5. 更改文件、目錄屬主屬組
# chown -R minio:minio /usr/local/minio
6.啓動服務
# systemctl daemon-reload
# systemctl enable minio.service
# systemctl start minio.service
# systemctl status minio.service
# ps aux | grep minio
# ss -tan | grep 9000
7.設置防火牆,開發minio訪問端口
# firewall-cmd --zone=public --add-port=9000/tcp --permanent
# firewall-cmd --reload
8.訪問minio
http://192.18.1.103:9000 默認賬戶密碼:minioadmin
獲取AccessKey和SecretKey
# ll /usr/local/minio/
# ll -R /usr/local/minio/
# ll -R /home/minio/data/
# cat /home/minio/data/.minio.sys/config/config.json
# cat /home/minio/data/.minio.sys/config/config.json | head -n 20
"accessKey": "UQLPP1WIH28W806T9AY7"
"secretKey": "MMYyJkwNTDUVqBzn0TGsZkSL7entHsV5zcAOLAkq"
四、 配置minio的SSL/TLS
從上面可以看出,minio啓動後會在 etc目錄下生成證書文件目錄,在data目錄下生成隱藏文件夾,裏面有登錄相關配置
1.生成私鑰和自簽名證書
# yum -y install openssl
# openssl req -x509 -nodes \
-sha512 \
-newkey rsa:2048 \
-days 365 \
-subj "/C=CN/ST=Gunagdong/L=Shenzhen/O=Test/OU=Test/CN=www.example.com" \
-keyout private.key \
-out public.crt
查看證書內容
# cat /usr/local/minio/etc/certs/private.key
# cat /usr/local/minio/etc/certs/public.crt
# openssl x509 -noout -text -in /usr/local/minio/etc/certs/public.crt
2.拷貝證書到minio證書目錄
# mv private.key /usr/local/minio/etc/certs
# mv public.crt /usr/local/minio/etc/certs
# find /usr/local/minio/etc/certs -type d -exec chmod 700 {} \;
# find /usr/local/minio/etc/certs -type f -exec chmod 400 {} \;
# chown -R minio:minio /usr/local/minio
3.重啓minio服務
# systemctl restart minio.service
# systemctl status minio.service
五、測試minio文件存儲
1.創建兩個bucket
2.文件上傳測試
3. 文件分享
4.查看後臺文件目錄狀態
# ll -R /usr/local/minio
六、參考
如何在Ubuntu 16.04上使用Minio設置對象存儲服務器
https://www.howtoing.com/how-to-set-up-an-object-storage-server-using-minio-on-ubuntu-16-04
How to Set Up an Object Storage Server Using Minio on Ubuntu 16.04
https://www.digitalocean.com/community/tutorials/how-to-set-up-an-object-storage-server-using-minio-on-ubuntu-16-04
Using https for minio server
https://stackoverflow.com/questions/50878454/using-https-for-minio-server
How to secure access to MinIO server with TLS
https://www.jianshu.com/p/e01ba7356704
https://docs.min.io/docs/how-to-secure-access-to-minio-server-with-tls
systemd 中文手冊
http://www.jinbuguo.com/systemd/systemd.exec.html
How to non-interactively create selfsigned SSL key and certificate files with openssl?
https://www.jianshu.com/p/6de78dc23b9a