# 手动部署
minio相关信息
请参考以下官方说明获取关于 minio 的相关信息。
官方地址:https://min.io
官方文档:https://docs.min.io
中文文档:http://docs.minio.org.cn/docs
GitHub地址:https://github.com/minio/minio
# 二进制离线单机部署
# https://dl.min.io/server/minio/release
# https://dl.min.io/client/mc/release
# https://dl.min.io
# 准备用于对象存储的数据目录
mkdir -p /data/minio
# 创建所需目录
mkdir -p /apps/minio/{bin,sbin,etc,logs,certs}
# 下载 server
wget --no-check-certificate https://dl.min.io/server/minio/release/linux-amd64/minio -O /apps/minio/sbin/minio
# 下载 client
wget --no-check-certificate https://dl.min.io/client/mc/release/linux-amd64/mc -O /apps/minio/bin/mc
# 离线时从上传文件的临时目录拷贝到安装目录
cp minio /apps/minio/sbin/minio
cp mc /apps/minio/bin/mc
chmod 755 /apps/minio/sbin/minio
chmod 755 /apps/minio/bin/mc
# 写入环境变量
echo 'export PATH=/apps/minio/bin:/apps/minio/sbin:$PATH' >> /etc/profile
source /etc/profile
# 检查版本或帮助
minio -v
minio -h
# 启动服务 控制台打印日志
./minio server \
--address ":9000" \
--console-address ":9001" \
--data-dir "/data/minio" \
--config-dir "/apps/minio/etc" \
--log-dir "/apps/minio/logs"
# 启动服务 打印日志到文件
nohup ./minio server --console-address ":9001" /data/minio > /apps/minio/logs/minio.log 2>&1 &--address:指定MinIO服务器的监听地址和端口,默认为":9000",即监听本地9000端口。
--config-dir:指定MinIO配置文件的目录路径,默认为"~/.minio"。
--data-dir:指定MinIO服务器存储数据的目录路径,默认为"/data"。
--console-address:指定MinIO管理控制台的监听地址和端口,默认为":9001"。
--log-dir:指定MinIO日志文件的目录路径,默认为"~/.minio/logs"。
--quiet:启用安静模式,不显示详细的日志信息。
--access-key:设置访问密钥,用于身份验证。
--secret-key:设置密钥,用于身份验证。
cat > /apps/minio/etc/minio.conf << 'EOF'
MINIO_ROOT_USER="admin"
MINIO_ROOT_PASSWORD="i4Seeyon"
# MINIO_PROMETHEUS_AUTH_TYPE="public"
# MINIO_PROMETHEUS_URL="http://192.168.100.50:9090"
# MINIO_PROMETHEUS_JOB_ID="minio-job"
MINIO_CONSOLE_WEB_SOCKET_ENABLED=true
MINIO_CONSOLE_WEB_SOCKET_PORT=9001
MINIO_VOLUMES="/data/minio"
MINIO_OPTS="--certs-dir /apps/minio/certs --config-dir /apps/minio/etc"
EOF
# 如果需要启用SSL加密 则添加以下参数 注意按需修改
# MINIO_SSL_CERT_FILE="/apps/minio/certs/upx.plus.cer"
# MINIO_SSL_KEY_FILE="/apps/minio/certs/upx.plus.key"
# MINIO_SSL_ENABLE=true
# 服务控制文件
cat > /etc/systemd/system/minio.service << 'EOF'
[Unit]
Description=minio service
Documentation=https://docs.minio.io
[Service]
EnvironmentFile=-/apps/minio/etc/minio.conf
ExecStart=/apps/minio/sbin/minio server --address :9000 --console-address :9001 $MINIO_OPTS
Restart=on-failure
RestartSec=15
[Install]
WantedBy=multi-user.target
EOF
# 服务管理
systemctl daemon-reload
systemctl status minio
systemctl enable minio
systemctl restart minio
systemctl stop minio
# 二进制离线集群部署
# 注意事项
分布式Minio里的节点时间差不能超过15分钟。MinIO 强烈建议使用带有 XFS 格式磁盘的直连 JBOD 阵列,以获得最佳性能。
# 硬件准备
# 内核优化
cat > /etc/sysctl.d/minio.conf <<EOF
# maximum number of open files/file descriptors
fs.file-max = 4194303
# use as little swap space as possible
vm.swappiness = 1
# prioritize application RAM against disk/swap cache
vm.vfs_cache_pressure = 50
# minimum free memory
vm.min_free_kbytes = 1000000
# follow mellanox best practices https://community.mellanox.com/s/article/linux-sysctl-tuning
# the following changes are recommended for improving IPv4 traffic performance by Mellanox
# disable the TCP timestamps option for better CPU utilization
net.ipv4.tcp_timestamps = 0
# enable the TCP selective acks option for better throughput
net.ipv4.tcp_sack = 1
# increase the maximum length of processor input queues
net.core.netdev_max_backlog = 250000
# increase the TCP maximum and default buffer sizes using setsockopt()
net.core.rmem_max = 4194304
net.core.wmem_max = 4194304
net.core.rmem_default = 4194304
net.core.wmem_default = 4194304
net.core.optmem_max = 4194304
# increase memory thresholds to prevent packet dropping:
net.ipv4.tcp_rmem = 4096 87380 4194304
net.ipv4.tcp_wmem = 4096 65536 4194304
# enable low latency mode for TCP:
net.ipv4.tcp_low_latency = 1
# the following variable is used to tell the kernel how much of the socket buffer
# space should be used for TCP window size, and how much to save for an application
# buffer. A value of 1 means the socket buffer will be divided evenly between.
# TCP windows size and application.
net.ipv4.tcp_adv_win_scale = 1
# maximum number of incoming connections
net.core.somaxconn = 65535
# maximum number of packets queued
net.core.netdev_max_backlog = 10000
# queue length of completely established sockets waiting for accept
net.ipv4.tcp_max_syn_backlog = 4096
# time to wait (seconds) for FIN packet
net.ipv4.tcp_fin_timeout = 15
# disable icmp send redirects
net.ipv4.conf.all.send_redirects = 0
# disable icmp accept redirect
net.ipv4.conf.all.accept_redirects = 0
# drop packets with LSR or SSR
net.ipv4.conf.all.accept_source_route = 0
# MTU discovery, only enable when ICMP blackhole detected
net.ipv4.tcp_mtu_probing = 1
EOF
sysctl -p /etc/sysctl.d/minio.conf
# `Transparent Hugepage Support`*: This is a Linux kernel feature intended to improve
# performance by making more efficient use of processor’s memory-mapping hardware.
# But this may cause https://blogs.oracle.com/linux/performance-issues-with-transparent-huge-pages-thp
# for non-optimized applications. As most Linux distributions set it to `enabled=always` by default,
# we recommend changing this to `enabled=madvise`. This will allow applications optimized
# for transparent hugepages to obtain the performance benefits, while preventing the
# associated problems otherwise. Also, set `transparent_hugepage=madvise` on your kernel
# command line (e.g. in /etc/default/grub) to persistently set this value.
# echo "Enabling THP madvise"
echo madvise | tee /sys/kernel/mm/transparent_hugepage/enabled
# 挂载磁盘
# 创建用于对象存储的数据目录
mkdir -p /data/minio/disk{1,2,3,4}
# 使用整个磁盘 无需对磁盘进行分区 可以直接格式化磁盘
mkfs.xfs /dev/sdb
mkfs.xfs /dev/sdc
mkfs.xfs /dev/sdd
mkfs.xfs /dev/sde
# 加上 -f 参数可以强行格式化
# mkfs.xfs -f /dev/sdb
# mkfs.xfs -f /dev/sdc
# mkfs.xfs -f /dev/sdd
# mkfs.xfs -f /dev/sde
# 获取uuid
blkid -s UUID /dev/sdb
blkid -s UUID /dev/sdc
blkid -s UUID /dev/sdd
blkid -s UUID /dev/sde
# 根据查询到的 UUID 挂载磁盘并加入开机自动挂载
vim /etc/fstab
# minio-1
UUID="82f87d9f-f855-479a-8061-4103d478e6a5" /data/minio/disk1 xfs defaults 0 0
UUID="2df313ce-c55d-448e-91d0-763d210fd941" /data/minio/disk2 xfs defaults 0 0
UUID="9244b52c-33f4-4af1-92dc-662f1cc8f5b4" /data/minio/disk3 xfs defaults 0 0
UUID="0a2a08d4-c149-4eb3-aed0-1a55607dc969" /data/minio/disk4 xfs defaults 0 0
# minio-2
UUID="5d479b0e-5006-41ed-b0bc-672848a33989" /data/minio/disk1 xfs defaults 0 0
UUID="1a00fe8d-7430-4d72-8927-73660b74eeee" /data/minio/disk2 xfs defaults 0 0
UUID="efce89e3-ba24-431b-8110-218d24289e6c" /data/minio/disk3 xfs defaults 0 0
UUID="a1e600d7-ea50-44b9-a142-938bf78f93bc" /data/minio/disk4 xfs defaults 0 0
# minio-3
UUID="f9e379a6-df05-4bbf-b8d0-34e6d91056e6" /data/minio/disk1 xfs defaults 0 0
UUID="1c959d6b-d8a6-4435-8d9e-b4d5454b02ed" /data/minio/disk2 xfs defaults 0 0
UUID="a2ecff10-7f94-4419-8f09-6d7df13a0cfc" /data/minio/disk3 xfs defaults 0 0
UUID="4e561726-f4de-484c-968b-30a600b8fd23" /data/minio/disk4 xfs defaults 0 0
# minio-4
UUID="4c6938af-f953-4219-980b-b33f722eff60" /data/minio/disk1 xfs defaults 0 0
UUID="64f3de0d-f867-4584-8e67-8880416bc3af" /data/minio/disk2 xfs defaults 0 0
UUID="ca2cdd17-832f-4eee-af10-871c10195c7f" /data/minio/disk3 xfs defaults 0 0
UUID="4015e564-0e94-4bfa-96ba-b9919e5fa466" /data/minio/disk4 xfs defaults 0 0
# 卸载已挂载的磁盘
umount /data/minio/disk1
umount /data/minio/disk2
umount /data/minio/disk3
umount /data/minio/disk4
# 以上为手动操作 以下是使用循环脚本 可以参考使用
# 设置开机自启
# 其余的按照磁盘字母 挂载到 /minio/disk1 对应的数字累加目录
n=1
for x in {b..e}; do
dev="/dev/sd${x}"
mntp="/minio/disk${n}"
((n++))
blkid -s UUID "$dev" | awk -F ' ' '{print $2}' | xargs -I {} echo "{} $mntp xfs defaults 0 0"
done | tee -a /etc/fstab
# 循环查看 /dev/sdb 到 /dev/sde 的 UUID 号
n=1
for x in {b..e}; do
dev="/dev/sd${x}"; mntp="/minio/disk${n}"
((n++))
blkid -s UUID "$dev" | awk -F ' ' '{print $2}' | xargs -I {} echo "$dev {} $mntp xfs defaults 0 0"
done
# 执行安装
# 创建所需目录
mkdir -p /apps/minio/{bin,sbin,etc,logs,certs}
# 下载 server
wget https://dl.min.io/server/minio/release/linux-amd64/minio -O /apps/minio/sbin/minio
# 下载 client
wget https://dl.min.io/client/mc/release/linux-amd64/mc -O /apps/minio/bin/mc
# cp minio /apps/minio/sbin/minio
# cp mc /apps/minio/bin/mc
chmod 755 /apps/minio/sbin/minio
chmod 755 /apps/minio/bin/mc
# install -o root -g root -m 0755 -d /apps/minio/sbin
# install -o root -g root -m 0755 -d /apps/minio/bin
# install -o root -g root -m 0755 minio /apps/minio/sbin/minio
# install -o root -g root -m 0755 mc /apps/minio/bin/mc
# 写入环境变量
echo 'export PATH=/apps/minio/bin:/apps/minio/sbin:$PATH' >> /etc/profile
source /etc/profile
# 检查版本或帮助
minio -v
minio -h
# 服务管理
cat > /apps/minio/etc/minio.conf << 'EOF'
MINIO_ROOT_USER="admin"
MINIO_ROOT_PASSWORD="i4Seeyon"
MINIO_PROMETHEUS_AUTH_TYPE="public"
MINIO_PROMETHEUS_URL="http://192.168.100.120:9090"
MINIO_PROMETHEUS_JOB_ID="minio-job"
MINIO_CONSOLE_WEB_SOCKET_ENABLED=true
MINIO_CONSOLE_WEB_SOCKET_PORT=9001
MINIO_VOLUMES="http://192.168.100.241/data/minio/disk1 \
http://192.168.100.241/data/minio/disk2 \
http://192.168.100.241/data/minio/disk3 \
http://192.168.100.241/data/minio/disk4 \
http://192.168.100.242/data/minio/disk1 \
http://192.168.100.242/data/minio/disk2 \
http://192.168.100.242/data/minio/disk3 \
http://192.168.100.242/data/minio/disk4 \
http://192.168.100.243/data/minio/disk1 \
http://192.168.100.243/data/minio/disk2 \
http://192.168.100.243/data/minio/disk3 \
http://192.168.100.243/data/minio/disk4 \
http://192.168.100.244/data/minio/disk1 \
http://192.168.100.244/data/minio/disk2 \
http://192.168.100.244/data/minio/disk3 \
http://192.168.100.244/data/minio/disk4 "
MINIO_OPTS="--certs-dir /apps/minio/certs --config-dir /apps/minio/etc"
EOF
# 如果需要启用SSL加密 则添加以下参数 注意按需修改
# MINIO_SSL_CERT_FILE="/apps/minio/certs/oso.plus.cer"
# MINIO_SSL_KEY_FILE="/apps/minio/certs/oso.plus.key"
# MINIO_SSL_ENABLE=true
cat > /etc/systemd/system/minio.service << 'EOF'
[Unit]
Description=minio service
Documentation=https://docs.minio.io
[Service]
EnvironmentFile=-/apps/minio/etc/minio.conf
ExecStart=/apps/minio/sbin/minio server --address :9000 --console-address :9001 $MINIO_OPTS
Restart=on-failure
RestartSec=15
[Install]
WantedBy=multi-user.target
EOF
systemctl daemon-reload
systemctl status minio
systemctl enable minio
systemctl restart minio
systemctl stop minio
注意:开启TLS加密后,如果在证书目录下没有证书文件,好像会自动转为非TLS加密。
# 防火墙设置
Allow port access for Firewalls By default MinIO uses the port 9000 to listen for incoming connections. If your platform blocks the port by default, you may need to enable access to the port.
# ufw
For hosts with ufw enabled (Debian based distros), you can use ufw command to allow traffic to specific ports. Use below command to allow access to port 9000
ufw allow 9000
Below command enables all incoming traffic to ports ranging from 9000 to 9010.
ufw allow 9000:9010/tcp
# firewall-cmd
For hosts with firewall-cmd enabled (CentOS), you can use firewall-cmd command to allow traffic to specific ports. Use below commands to allow access to port 9000
firewall-cmd --get-active-zones
This command gets the active zone(s). Now, apply port rules to the relevant zones returned above. For example if the zone is public, use
firewall-cmd --zone=public --add-port=9000/tcp --permanent
firewall-cmd --zone=public --add-port=9001/tcp --permanent
Note that permanent makes sure the rules are persistent across firewall start, restart or reload. Finally reload the firewall for changes to take effect.
firewall-cmd --reload
# iptables
For hosts with iptables enabled (RHEL, CentOS, etc), you can use iptables command to enable all traffic coming to specific ports. Use below command to allow access to port 9000
iptables -A INPUT -p tcp --dport 9000 -j ACCEPT
service iptables restart
Below command enables all incoming traffic to ports ranging from 9000 to 9010.
iptables -A INPUT -p tcp --dport 9000:9010 -j ACCEPT
service iptables restart
# 负载均衡
使用 nginx 或 tengine 来做负载均衡器。
# 把 include /apps/nginx/conf.d/http/minio.conf; 添加到 /apps/nginx/conf/nginx.conf 中
cat /apps/nginx/conf.d/http/minio.conf
upstream minio-api-server {
# session_sticky;
server 192.168.100.241:9000;
server 192.168.100.242:9000;
server 192.168.100.243:9000;
server 192.168.100.244:9000;
}
server {
listen 9000;
listen [::]:9000;
server_name m.oso.plus m.k8s.lan;
charset utf-8;
# 开启 SSL 时的证书配置
# ssl_protocols TLSv1.2 TLSv1.3;
# ssl_certificate "/apps/nginx/certs/oso.plus.crt";
# ssl_certificate_key "/apps/nginx/certs/oso.plus.key";
# ssl_session_cache shared:SSL:1m;
# ssl_session_timeout 5m;
# ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
# ssl_prefer_server_ciphers on;
ignore_invalid_headers off;
client_max_body_size 0;
proxy_buffering off;
location / {
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_http_version 1.1;
proxy_set_header Connection "";
chunked_transfer_encoding off;
proxy_pass http://minio-api-server;
}
# 错误页面重定向配置
error_page 500 502 503 504 /50x.html;
location = /50x.html {
# root /path/to/html/files;
internal;
}
# minio api 访问日志记录
access_log logs/www_access_minio_api.log main;
}
upstream minio-console-server {
# session_sticky;
ip_hash;
# 修改和增删后端服务器
server 192.168.100.241:9001;
server 192.168.100.242:9001;
server 192.168.100.243:9001;
server 192.168.100.244:9001;
}
server {
listen 9001;
listen [::]:9001;
server_name m.oso.plus m.k8s.lan;
charset utf-8;
# 开启 SSL 时的证书配置
# ssl_protocols TLSv1.2 TLSv1.3;
# ssl_certificate "/apps/nginx/certs/oso.plus.crt";
# ssl_certificate_key "/apps/nginx/certs/oso.plus.key";
# ssl_session_cache shared:SSL:1m;
# ssl_session_timeout 5m;
# ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
# ssl_prefer_server_ciphers on;
ignore_invalid_headers off;
client_max_body_size 0;
proxy_buffering off;
location / {
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_http_version 1.1;
chunked_transfer_encoding off;
# 添加 websocket 支持
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_headers_hash_max_size 51200;
proxy_headers_hash_bucket_size 6400;
proxy_pass http://minio-console-server;
}
# 错误页面重定向配置
error_page 500 502 503 504 /50x.html;
location = /50x.html {
# root /path/to/html/files;
internal;
}
# minio 控制台访问日志记录
access_log logs/www_access_minio_console.log main;
}
# 文心一言提供的nginx配置
# MinIO 负载均衡配置
# 上游服务器组,列出所有的 MinIO 节点
upstream minio_servers {
server 192.168.100.241:9000;
server 192.168.100.242:9000;
server 192.168.100.243:9000;
server 192.168.100.244:9000;
}
# 配置负载均衡策略,这里使用轮询策略
upstream minio_console_servers {
server 192.168.100.241:9001;
server 192.168.100.242:9001;
server 192.168.100.243:9001;
server 192.168.100.244:9001;
}
# 配置 Nginx 作为反向代理服务器
server {
listen 9000; # MinIO API 端口
server_name m.k8s.lan; # 使用你提供的 MinIO 域名
location / {
proxy_pass http://minio_servers; # 反向代理到 MinIO 集群
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
# 配置 Nginx 作为反向代理服务器,处理 MinIO 控制台的 WebSockets 连接
server {
listen 9001; # MinIO 控制台 WebSockets 端口
server_name m.k8s.lan; # 使用你提供的 MinIO 域名
location / {
proxy_pass http://minio_console_servers; # 反向代理到 MinIO 控制台集群
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade; # 支持 WebSockets 协议升级
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
# 验证测试
# 任意安装有 mc 客户端 或 浏览器 的机子
[root@minio-1 scripts]# mc config host add minio http://m.k8s.lan:9000
Enter Access Key: admin
Enter Secret Key:
Added `minio` successfully.
[root@minio-1 scripts]# mc admin info minio
● 192.168.100.241:9000
Uptime: 2 days
Version: 2023-09-23T03:47:50Z
Network: 4/4 OK
Drives: 4/4 OK
Pool: 1
● 192.168.100.242:9000
Uptime: 2 days
Version: 2023-09-23T03:47:50Z
Network: 4/4 OK
Drives: 4/4 OK
Pool: 1
● 192.168.100.243:9000
Uptime: 2 days
Version: 2023-09-23T03:47:50Z
Network: 4/4 OK
Drives: 4/4 OK
Pool: 1
● 192.168.100.244:9000
Uptime: 2 days
Version: 2023-09-23T03:47:50Z
Network: 4/4 OK
Drives: 4/4 OK
Pool: 1
Pools:
1st, Erasure sets: 1, Drives per erasure set: 16
0 B Used, 1 Bucket, 0 Objects
16 drives online, 0 drives offline
# 版本更新
systemctl stop minio
chmod 755 -R ./mc ./minio
\cp mc /apps/minio/bin/; \cp minio /apps/minio/sbin/
minio -version; mc -version
# 在线更新
mc admin update
若 minio 开启了 https 时,注意 harbor 连接 minio 的配置也需要相应的修改。 创建 S3 存储桶后,无法更改存储桶名称,因此请明智地选择名称。
# 问题排查
# 问题:使用nginx代理控制台时经常报错 Objects List unavailable. Please review your WebSockets configuration and try again
1、在 nginx 添加如下配置
# 添加 websocket 支持
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_headers_hash_max_size 51200;
proxy_headers_hash_bucket_size 6400;
2、所有 minio 节点的 /apps/minio/etc/minio.conf 配置文件内添加环境变量
MINIO_CONSOLE_WEB_SOCKET_ENABLED=true
MINIO_CONSOLE_WEB_SOCKET_PORT=9001
# 清理已使用的磁盘下的所有数据
问题:启动报错如下
minio[7630]: ERROR Unable to initialize backend: https://192.168.100.169:9000/data/minio/disk1 drive is already being used in another erasure deployment. (Number of drives specified: 8 but the number of drives found in the 7th drive's format.json: 2)
解决:清理已使用的磁盘下的所有数据,包含隐藏文件。
systemctl stop minio
rm -rf /data/minio/disk{1,2}/*
rm -rf /data/minio/disk{1,2}/.[!.]*
umount /data/minio/disk{1,2}
# 以下nginx配置未验证
# HTTP 重定向到 HTTPS
server {
listen 80;
server_name m.oso.plus;
location / {
return 301 https://$host$request_uri;
}
}
# 定义 MinIO 集群的 API 后端服务器组
upstream minio-api-cluster {
server 192.168.100.241:9000;
server 192.168.100.242:9000;
server 192.168.100.243:9000;
server 192.168.100.244:9000;
}
# 定义 MinIO 集群的 Console 后端服务器组
upstream minio-console-cluster {
ip_hash;
server 192.168.100.241:9001;
server 192.168.100.242:9001;
server 192.168.100.243:9001;
server 192.168.100.244:9001;
}
# HTTPS 服务器块
server {
listen 443 ssl;
server_name m.oso.plus;
charset utf-8;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_certificate "/apps/nginx/certs/oso.plus.crt";
ssl_certificate_key "/apps/nginx/certs/oso.plus.key";
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_prefer_server_ciphers on;
ignore_invalid_headers off;
client_max_body_size 0;
proxy_buffering off;
location / {
proxy_pass http://minio-api-cluster;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_http_version 1.1;
proxy_set_header Connection "";
chunked_transfer_encoding off;
# API 访问日志记录
access_log logs/www_access_minio_api.log main;
}
location /console {
proxy_pass http://minio-console-cluster;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_http_version 1.1;
chunked_transfer_encoding off;
# 添加 websocket 支持
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_headers_hash_max_size 51200;
proxy_headers_hash_bucket_size 6400;
# 控制台访问日志记录
access_log logs/www_access_minio_console.log main;
}
# 错误页面重定向配置
error_page 500 502 503 504 /50x.html;
location = /50x.html {
# root /path/to/html/files;
internal;
}
}
[root@ngx http]# cat minio.conf
# resolver 192.168.100.254;
upstream minio-api-server {
# session_sticky;
server 192.168.100.241:9000;
server 192.168.100.242:9000;
server 192.168.100.243:9000;
server 192.168.100.244:9000;
}
server {
listen 9000;
listen [::]:9000;
server_name m.oso.plus m.k8s.lan;
charset utf-8;
ignore_invalid_headers off;
client_max_body_size 0;
proxy_buffering off;
location / {
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_http_version 1.1;
proxy_set_header Connection "";
chunked_transfer_encoding off;
proxy_pass http://minio-api-server;
}
# http 错误页
error_page 500 502 503 504 /50x.html;
# 访问日志记录
access_log logs/www_access_minio_server.log main;
}
upstream minio-console-server {
# session_sticky;
ip_hash;
# 修改和增删后端服务器
server 192.168.100.241:9001;
server 192.168.100.242:9001;
server 192.168.100.243:9001;
server 192.168.100.244:9001;
}
server {
listen 9001;
listen [::]:9001;
server_name m.oso.plus m.k8s.lan;
charset utf-8;
ignore_invalid_headers off;
client_max_body_size 0;
proxy_buffering off;
location / {
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_http_version 1.1;
# proxy_set_header Connection "";
chunked_transfer_encoding off;
# 添加 websocket 支持
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_headers_hash_max_size 51200;
proxy_headers_hash_bucket_size 6400;
proxy_pass http://minio-console-server;
}
# http 错误页
error_page 500 502 503 504 /50x.html;
# 访问日志记录
access_log logs/www_access_minio_console.log main;
}
# 系统监控
https://docs.minio.io/docs/how-to-monitor-minio-using-prometheus.html
https://grafana.com/grafana/dashboards/13502-minio-dashboard
# 其他的文档没来得及整理的
官网宣传MinIO是世界上速度最快的分布式对象存储。 https://min.io https://github.com/minio/operator/releases https://aws.amazon.com/cn/s3/ http://www.shadow-li.com.cn/minio-study-stage-2/
# 单节点部署
# amd64
wget https://dl.min.io/server/minio/release/linux-amd64/minio
chmod +x minio
MINIO_ROOT_USER=admin MINIO_ROOT_PASSWORD=password ./minio server /mnt/data --console-address ":9001"
wget https://dl.min.io/client/mc/release/linux-amd64/mc
chmod +x mc
mc alias set myminio/ http://MINIO-SERVER MYUSER MYPASSWORD
# arm64
wget https://dl.min.io/server/minio/release/linux-arm64/minio
chmod +x minio
MINIO_ROOT_USER=admin MINIO_ROOT_PASSWORD=password ./minio server /mnt/data --console-address ":9001"
wget https://dl.min.io/client/mc/release/linux-arm64/mc
chmod +x mc
mc alias set myminio/ http://MINIO-SERVER MYUSER MYPASSWORD
# 多节点部署
# 容器化部署
# amd64/arm64
# server
podman run -p 9000:9000 -p 9001:9001 minio/minio server /data --console-address ":9001"
# clenti
podman run --name my-mc --hostname my-mc -it --entrypoint /bin/bash --rm minio/mc
[root@my-mc /]# mc alias set myminio/ https://my-minio-service MY-USER MY-PASSWORD
[root@my-mc /]# mc ls myminio/mybucket
# k8s 上部署
略
# 启用 SSL 后的证书文件名和目录结构
# 务必查考官方文档:
https://min.io/docs/minio/linux/operations/network-encryption.html
https://github.com/minio/minio/tree/master/docs/tls
/apps/minio/
├── bin
│ └── mc
├── certs
│ ├── CAs
│ │ └── ca.crt
│ ├── private.key
│ └── public.crt
├── etc
│ └── minio.conf
├── logs
└── sbin
└── minio
编撰人:yangfc
