How to setup Minio Object Storage

Introduction

We often talk about Object storages and how they are really helpful in setting up a cheap cloud storage service, be it for personal projects or as an enterprise solution. In this blog post we will shed light on what object-storages are actually, why they are so popular, and how can we setup the Minio Object Storage pretty quickly. As a bonus, We will also take a look on how to configure Nginx load-balancer for Minio.

Note
I have also written a comprehensive guide one how we can "USE" a Minio by accessing the Minio API in a Golang application. The principle stays the same, irrespective of the programming language of your choice. Minio offers SDK for many popular programming languages.

What is Object Storage?

Object storage is a data storage architecture that manages data as objects, as opposed to other storage architectures like file systems which manage data as a file hierarchy, or block storage which manages data as blocks within sectors and tracks. Each object typically includes the data itself, metadata, and a unique identifier. This structure is particularly useful for unstructured data such as multimedia files, backups, and log files.

What makes Object-storages really popular is the fact that it is an ideal solution for handling large amounts of unstructured data. Now pay attention here, Unstructured Data can mean literally anything, be it large backups of our operating system files, some directory, simply high definition multimedia files, log files, anything.

Why is Object Storage Popular?

Now there are several factors contribute to the popularity of an object storage, some of which can be outlined as

• Scalability: Easily handles large volumes of data.
• Durability and Reliability: Often includes built-in replication and error-correction mechanisms.
• Cost-Effective: More economical for storing vast amounts of data compared to traditional storage solutions.
• Accessibility: Objects can be accessed via HTTP APIs, making integration with web applications straightforward.
• Simplicity: Simplifies storage management by removing the complexity associated with hierarchical file systems.

Minio: A Leading Open-Source Solution

Among all the object storage solutions, Minio stands out as a high-performance, distributed object storage system. It's a free and open-source solution, designed to be compatible with Amazon S3 cloud storage service, making it easy for developers to build their own object storage solutions using familiar S3 APIs.

Setup Minio Object Storage

To setup object storage, we use the following docker-compose file

version: '2' networks: minio_net: driver: bridge services: minio: image: 'bitnami/minio:latest' restart: always ports: - '<LOCAL_PORT>:9000' # For API Access - '<LOCAL_PORT>:9001' # For WebUI access environment: - MINIO_ROOT_USER=<ROOT_USERNAME> - MINIO_ROOT_PASSWORD=<ROOT_PASSWORD> volumes: - <PATH_ON_LOCAL_MACHINE>:/bitnami/minio/data healthcheck: disable: true

Notice here, we are using the docker-images prepared and maintained by Bitnami.

The bitnami image above uses the user 1001 for creating and accessing data in the path provided in our volumes. This will cause problem if the directory here is owned by any other user.

To fix this, we change ownership of the directory to user 1001.

sudo chown 1001 <PATH_ON_LOCAL_MACHINE>

This will pull the image and start the container. The minio app can be access at http://localhost:<LOCAL_PORT>.

Domain setup

Now, assign domain / subdomain names to the server, in our domain registrar and install a TLS certificate. For sake of free certs, creating a LetsEncypt certificate is completely valid. Make sure to add two domains, one for the WebUI, other for the API access.

Usually, https://console.<FQ_DOMAIN_NAME> is used for the dashboard URL, while https://s3.<FQ_DOMAIN_NAME> is used for the API access. But we can also use any other domain / subdomain of our choice, for instance, we can host the WebUI at https://minio.<FQ_DOMAIN_NAME> and API at https://s3.<FQ_DOMAIN_NAME>.

After adding the URLs, and issuing the certs, finally, change the docker-compose file config to these URLs also to the yaml file and update the deployment, as shown below.

version: "2" networks: minio_net: driver: bridge services: minio: image: 'bitnami/minio:latest' restart: always ports: - '<LOCAL_PORT>:9000' # For API Access - '<LOCAL_PORT>:9001' # For WebUI access environment: MINIO_ROOT_USER: <ROOT_USERNAME> MINIO_ROOT_PASSWORD: <ROOT_PASSWORD> MINIO_BROWSER_REDIRECT_URL: https://minio.<FQ_DOMAIN_NAME> MINIO_SERVER_URL: https://s3.<FQ_DOMAIN_NAME> volumes: - <PATH_ON_LOCAL_MACHINE>:/bitnami/minio/data healthcheck: disable: true

Nginx Config

We can use Minio behind a load-balancer like Nginx. Assuming we have already added the IP address / DDNS of the server, to our domain registrar such that the Domain resolves to our server's IP address. Then, we can first add the TLS certificate using three step process

1. Add the following section to the nginx config file,
2. Issue TLS certificate using certbot,
3. Update the nginx config file to Redirect the routes to the hosted services.

Add Domain to Nginx config

On our server where we are using our nginx load-balancer, Simply open the nginx config file for editing

cd /etc/nginx/conf.d/ sudo nano nginx.conf

and then paste the following section at the very bottom of the file.

# COPY THIS TEMPLATE TO ADD MORE server { listen 80; listen [::]:80; root /var/www/html; server_name minio.<FQ_DOMAIN_NAME>; }

Save the file by pressing CTRL + o, and then exit the editor mode by pressing CTRL + x.

Note
We are assuming that a valid entry for the subdomain has already been made in the domain registrar. If not, please check other blogs to complete that step first.

Issue TLS certificate

Once done, we can issue a TLS certificate for the subdomain using certbot, which issues a certificate for a 90 day period. To do so, simply use the following command in the terminal,

sudo certbot --nginx -d minio.<FQ_DOMAIN_NAME> # Use a proper domain, for example sudo certbot --nginx -d minio.thesmartbug.com

Adding the --nginx flag basically issues a TLS certificate using the Let's Encrypt as certificate authority, and also updates the nginx configuration we saved in the previous step. Meaning, if we take a look at the config file again, we will see many new lines ending with comment # managed by Certbot.

server { root /var/www/html; server_name minio.<FQ_DOMAIN_NAME>; listen [::]:443 ssl; # managed by Certbot listen 443 ssl; # managed by Certbot ssl_certificate /etc/letsencrypt/live/minio.<FQ_DOMAIN_NAME>/fullchain.pem; # managed by Certbot ssl_certificate_key /etc/letsencrypt/live/minio.<FQ_DOMAIN_NAME>/privkey.pem; # managed by Certbot include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot } server { if ($host = minio.<FQ_DOMAIN_NAME>) { return 301 https://$host$request_uri; } # managed by Certbot listen 80; listen [::]:80; server_name minio.<FQ_DOMAIN_NAME>; return 404; # managed by Certbot }

As can be seen above, the lines we added previously, gets expanded to a lot many lines. Certbot added all these lines and will track their renewal date.

Update the nginx config file

Finally, we can also add the remaining config to redirect the incoming request to the service running Minio.

server { root /var/www/html; server_name minio.<FQ_DOMAIN_NAME>; listen [::]:443 ssl; # managed by Certbot listen 443 ssl; # managed by Certbot ssl_certificate /etc/letsencrypt/live/minio.<FQ_DOMAIN_NAME>/fullchain.pem; # managed by Certbot ssl_certificate_key /etc/letsencrypt/live/minio.<FQ_DOMAIN_NAME>/privkey.pem; # managed by Certbot include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot # To disable filesize restriction client_max_body_size 0; location / { # Proxy pass to the service for local LAN IP proxy_pass http://127.0.0.1:<LOCAL_PORT_RUNNING_MINIO>; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_read_timeout 900; # To support websocket proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; } } server { if ($host = minio.<FQ_DOMAIN_NAME>) { return 301 https://$host$request_uri; } # managed by Certbot listen 80; listen [::]:80; server_name minio.<FQ_DOMAIN_NAME>; return 404; # managed by Certbot }

Note, this above configuration is for the WebUI of Minio. For the Server, we've the following configuration.

server { root /var/www/html; server_name s3.<FQ_DOMAIN_NAME>; listen [::]:443 ssl; # managed by Certbot listen 443 ssl; # managed by Certbot ssl_certificate /etc/letsencrypt/live/s3.<FQ_DOMAIN_NAME>/fullchain.pem; # managed by Certbot ssl_certificate_key /etc/letsencrypt/live/s3.<FQ_DOMAIN_NAME>/privkey.pem; # managed by Certbot include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot # Allow special characters in headers ignore_invalid_headers off; # Allow any size file to be uploaded. client_max_body_size 0; # Disable buffering proxy_buffering off; proxy_request_buffering off; location / { # Proxy pass to the service for local LAN IP proxy_pass http://127.0.0.1:7800; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_read_timeout 900; proxy_connect_timeout 300; # Default is HTTP/1, keepalive is only enabled in HTTP/1.1 proxy_http_version 1.1; proxy_set_header Connection ""; chunked_transfer_encoding off; } }

Access Minio

We have to complete the above step for both the URLs which we have used in the docker-compose file in the begining. Next, simply access the Minio WebUI at the URL pointed by MINIO_BROWSER_REDIRECT_URL. Our setup of Minio is complete.

Conclusion

As we saw, it is pretty easy to setup the Minio object storage. Object storage has in a way, revolutionized the way we handle large volumes of unstructured data, making it a cornerstone of almost every modern data infrastructure.

Minio, along with other open-source solutions like Ceph and OpenStack Swift, provides robust, scalable, and cost-effective storage solutions that cater to the needs of businesses of all sizes. As data continues to grow exponentially, the role of efficient object storage systems like Minio will only become more critical.

---

Feel free to post in the comments below if something is unclear or if you've any suggestion. Any feedback is most welcome.