minio添加https支持

linux ,

概览:

以minio的docker镜像为例来说明给minio添加https。

swarm

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
minio:
  image: minio/minio:latest
  command: server --address ":443" --console-address ":9100" /data
  networks:
    - ingress
  ports:
    - 9100:9100
  environment:
    - MINIO_ACCESS_KEY=admin
    - MINIO_SECRET_KEY=admin
    - MINIO_DOMAIN=minio.example.cc
    - MINIO_SERVER_URL=https://minio.example.cc
  volumes:
    - /data/minio/bucket:/data
    - /data/minio/config:/root/.minio

nginx配置

minioServer

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
server {
    listen  443 ssl http2;
    server_name  minio.example.cc;

    ssl_certificate /etc/nginx/certs/cert.pem;
    ssl_certificate_key /etc/nginx/certs/cert.key;

    # To allow special characters in headers
    ignore_invalid_headers off;
    # Allow any size file to be uploaded.
    # Set to a value such as 1000m; to restrict file size to a specific value
    client_max_body_size 10000m;
    # To disable buffering
    proxy_buffering off;
    proxy_request_buffering off;
    
    location / {
        proxy_set_header Host $http_host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;

        proxy_connect_timeout 300;
        # Default is HTTP/1, keepalive is only enabled in HTTP/1.1
        proxy_http_version 1.1;
        proxy_set_header Connection "";
        chunked_transfer_encoding off;

        proxy_pass http://minioServer;
    }
}

minioConsole

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
server {
    listen  9100 ssl http2;
    server_name  minio.example.cc;

    ssl_certificate /etc/nginx/certs/cert.pem;
    ssl_certificate_key /etc/nginx/certs/cert.key;

    # To allow special characters in headers
    ignore_invalid_headers off;
    # Allow any size file to be uploaded.
    # Set to a value such as 1000m; to restrict file size to a specific value
    client_max_body_size 10000m;
    # To disable buffering
    proxy_buffering off;
    proxy_request_buffering off;
    
    location / {
        proxy_set_header Host $http_host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;

        proxy_connect_timeout 300;
        # Default is HTTP/1, keepalive is only enabled in HTTP/1.1
        proxy_http_version 1.1;
        proxy_set_header Connection "";
        chunked_transfer_encoding off;

        proxy_pass http://minioConsole;
    }
}

Mardan MDevOps Engineer

Hi there, I’m Mardan(ka1i).