minio.exe怎么安装
The author selected the Open Internet/Free Speech Fund to receive a donation as part of the Write for DOnations program.
作者选择了“ 开放互联网/言论自由基金会”作为“ Write for DOnations”计划的一部分来接受捐赠。
介绍 (Introduction)
From cloud-based backup solutions to high-availability content delivery networks (CDNs), the ability to store unstructured blobs of object data and make them accessible through HTTP APIs, known as object storage, has become an integral part of the modern technology landscape.
从基于云的备份解决方案到高可用性内容交付网络(CDN) ,存储非结构化对象数据块并使它们可通过称为对象存储的 HTTP API进行访问的能力已成为现代技术格局的组成部分。
Minio is a popular open-source object storage server compatible with the Amazon S3 cloud storage service. Applications that have been configured to talk to Amazon S3 can also be configured to talk to Minio, allowing Minio to be a viable alternative to S3 if you want more control over your object storage server. The service stores unstructured data such as photos, videos, log files, backups, and container/VM images, and can even provide a single object storage server that pools multiple drives spread across many servers.
Minio是一种流行的开源对象存储服务器,与Amazon S3云存储服务兼容。 配置为与Amazon S3对话的应用程序也可以配置为与Minio对话,如果您想对对象存储服务器进行更多控制,则Minio可以替代S3。 该服务存储非结构化数据,例如照片,视频,日志文件,备份和容器/ VM映像,甚至可以提供单个对象存储服务器,该服务器将分布在许多服务器上的多个驱动器池化。
Minio is written in Go, comes with a command line client plus a browser interface, and supports simple queuing service for Advanced Message Queuing Protocol (AMQP), Elasticsearch, Redis, NATS, and PostgreSQL targets. For all of these reasons, learning to set up a Minio object storage server can add a wide range of flexibility and utility to your project.
Minio用Go编写,带有命令行客户端和浏览器界面,并支持针对高级消息队列协议(AMQP) , Elasticsearch , Redis , NATS和PostgreSQL目标的简单排队服务。 由于所有这些原因,学习设置Minio对象存储服务器可以为您的项目增加广泛的灵活性和实用性。
In this tutorial, you will:
在本教程中,您将:
Install the Minio server on your Ubuntu 18.04 server and configure it as a
systemd
service.在Ubuntu 18.04服务器上安装Minio服务器,并将其配置为
systemd
服务 。Set up an SSL/TLS certificate using Let’s Encrypt to secure communication between the server and the client.
使用“ 让我们加密”来设置SSL / TLS证书,以保护服务器与客户端之间的通信。
Access Minio’s browser interface via HTTPS to use and administrate the server.
通过HTTPS访问Minio的浏览器界面,以使用和管理服务器。
先决条件 (Prerequisites)
To complete this tutorial, you will need:
要完成本教程,您将需要:
One Ubuntu 18.04 server set up by following our Ubuntu 18.04 initial server setup tutorial, including a sudo non-root user and a firewall.
按照我们的Ubuntu 18.04初始服务器设置教程 (包括sudo非root用户和防火墙)设置一台Ubuntu 18.04服务器。
A fully registered domain name. You can purchase one on Namecheap or get one for free on Freenom. In this tutorial, your domain will be represented as
your_domain
.完全注册的域名。 你可以购买一个Namecheap或免费获得一个上Freenom 。 在本教程中,您的域将表示为
your_domain
。The following DNS records set up for your Minio server. You can follow our DNS records documentation for details on how to add them for a DigitalOcean Droplet.
为您的Minio服务器设置了以下DNS记录。 您可以阅读我们的DNS记录文档 ,详细了解如何为DigitalOcean Droplet添加它们。
An A record with your server name (e.g.
minio-server.your_domain
) pointing to your object server’s IPv4 address.一个A记录,其中包含您的服务器名称(例如
minio-server.your_domain
),它指向您的对象服务器的IPv4地址。(Optional) If you want your server reachable via IPv6, you’ll need an AAAA record with your server name pointing to your object server’s IPv6 address.
(可选)如果希望服务器可以通过IPv6进行访问,则需要AAAA记录,并且服务器名称必须指向目标服务器的IPv6地址。
步骤1 —安装和配置Minio服务器 (Step 1 — Installing and Configuring the Minio Server)
You can install the Minio server by compiling the source code or via a binary file. To install it from the source, you need to have at least Go 1.12 installed on your system.
您可以通过编译源代码或通过二进制文件来安装Minio服务器。 要从源代码安装它,您至少需要在系统上安装Go 1.12 。
In this step, you will install the server through the precompiled binary and then configure the Minio server afterward.
在此步骤中,您将通过预编译的二进制文件安装服务器,然后再配置Minio服务器。
First, log in to your server, replacing sammy
with your username and your_server_ip
with your Ubuntu 18.04 server’s IP address:
首先,登录到服务器,将sammy
替换为用户名,将your_server_ip
替换为Ubuntu 18.04服务器的IP地址:
ssh sammy@your_server_ip
ssh sammy @ your_server_ip
If you haven’t updated the package database recently, update it now:
如果您最近没有更新软件包数据库,请立即更新:
- sudo apt update sudo apt更新
Next, download the Minio server’s binary file from the official website:
接下来,从官方网站下载Minio服务器的二进制文件:
- wget https://dl.min.io/server/minio/release/linux-amd64/minio wget https://dl.min.io/server/minio/release/linux-amd64/minio
You will receive output similar to the following:
您将收到类似于以下内容的输出:
Output
--2019-08-27 15:08:49-- https://dl.min.io/server/minio/release/linux-amd64/minio
Resolving dl.min.io (dl.min.io)... 178.128.69.202
Connecting to dl.min.io (dl.min.io)|178.128.69.202|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 44511616 (42M) [application/octet-stream]
Saving to: ‘minio’
minio 100%[===================>] 42.45M 21.9MB/s in 1.9s
2019-08-27 15:08:51 (21.9 MB/s) - ‘minio’ saved [44511616/44511616]
Once the download is finished, a file named minio
will be in your working directory. Use the following command to make it executable:
下载完成后,一个名为minio
的文件将位于您的工作目录中。 使用以下命令使其可执行:
- sudo chmod +x minio 须藤chmod + x minio
Now, move the file into the /usr/local/bin
directory where Minio’s systemd
startup script expects to find it:
现在,将文件移到Minio的systemd
启动脚本希望在其中找到的/usr/local/bin
目录中:
- sudo mv minio /usr/local/bin sudo mv minio / usr / local / bin
This will allow us to write a service unit file later in this tutorial to automatically run Minio on startup.
这将使我们能够在本教程的后面部分编写服务单元文件 ,以在启动时自动运行Minio。
For security reasons, it is best to avoid running the Minio server as root. This will limit the damage that can be done to your system if compromised. Since the systemd
script you’ll use in Step 2 looks for a user account and group called minio-user
, make a new user with this name:
出于安全原因,最好避免以root用户身份运行Minio服务器。 如果受到损害,这将限制可能对您的系统造成的损害。 由于您将在第2步中使用的systemd
脚本查找名为minio-user
的用户帐户和组,因此请使用以下名称创建一个新用户:
- sudo useradd -r minio-user -s /sbin/nologin sudo useradd -r微型用户-s / sbin / nologin
In this command, you used the -s
flag to set /sbin/nologin
as the shell for minio-user
. This is a shell that does not allow user login, which is not needed for minio-user
.
在此命令中,使用-s
标志将/sbin/nologin
设置为minio-user
的外壳。 这是一个不允许用户登录的shell,对于minio-user
不需要。
Next, change ownership of the Minio binary to minio-user
:
接下来,将minio-user
二进制文件的所有权更改为minio-user
:
- sudo chown minio-user:minio-user /usr/local/bin/minio sudo chown minio用户:minio用户/ usr / local / bin / minio
Next, you will create a directory where Minio will store files. This will be the storage location for the buckets that you will use later to organize the objects you store on your Minio server. This tutorial will name the directory minio
:
接下来,您将创建一个目录,Minio将在其中存储文件。 这将是存储桶的存储位置,您稍后将使用这些存储桶来组织存储在Minio服务器上的对象。 本教程将命名目录minio
:
sudo mkdir /usr/local/share/minio
须藤mkdir / usr / local / share / minio
Give ownership of that directory to minio-user
:
将目录的所有权授予minio-user
:
sudo chown minio-user:minio-user /usr/local/share/minio
sudo chown minio用户:minio用户/ usr / local / share / minio
Most server configuration files are stored in the /etc
directory, so create your Minio configuration file there:
大多数服务器配置文件存储在/etc
目录中,因此请在此处创建您的Minio配置文件:
sudo mkdir /etc/minio
须藤mkdir / etc / minio
Give ownership of that directory to minio-user
, too:
将该目录的所有权也授予minio-user
:
- sudo chown minio-user:minio-user /etc/minio sudo chown minio-user:minio-user / etc / minio
Use Nano or your favorite text editor to create the environment file needed to modify the default configuration:
使用Nano或您喜欢的文本编辑器来创建修改默认配置所需的环境文件:
sudo nano /etc/default/minio
须藤nano / etc / default / minio
Once the file is open, add in the following lines to set some important environment variables in your environment file:
打开文件后,添加以下行以在环境文件中设置一些重要的环境变量:
MINIO_ACCESS_KEY="minio"
MINIO_VOLUMES="/usr/local/share/minio/"
MINIO_OPTS="-C /etc/minio --address your_server_ip:9000"
MINIO_SECRET_KEY="miniostorage"
Let’s take a look at these variables and the values you set:
让我们看一下这些变量和您设置的值:
MINIO_ACCESS_KEY
: This sets the access key you will use to access the Minio browser user interface.MINIO_ACCESS_KEY
:这将设置用于访问MINIO_ACCESS_KEY
浏览器用户界面的访问密钥。MINIO_SECRET_KEY
: This sets the private key you will use to complete your login credentials into the Minio interface. This tutorial has set the value tominiostorage
, but we advise choosing a different, more complicated password to secure your server.MINIO_SECRET_KEY
:这会将用于完成登录凭据的私钥设置到MINIO_SECRET_KEY
界面中。 本教程将值设置为miniostorage
,但是我们建议选择其他更复杂的密码来保护服务器。MINIO_VOLUMES
: This identifies the storage directory that you created for your buckets.MINIO_VOLUMES
:这标识您为存储桶创建的存储目录。MINIO_OPTS
: This changes where and how the server serves data. The-C
flag points Minio to the configuration directory it should use, while the--address
flag tells Minio the IP address and port to bind to. If the IP address is not specified, Minio will bind to every address configured on the server, includinglocalhost
and any Docker-related IP addresses, so directly specifying the IP address here is recommended. The default port9000
can be changed if you would like.MINIO_OPTS
:这将更改服务器在何处以及如何服务数据。-C
标志将--address
它应使用的配置目录,而--address
标志则告诉--address
要绑定的IP地址和端口。 如果未指定IP地址,则Minio将绑定到服务器上配置的每个地址,包括localhost
和任何与Docker相关的IP地址,因此建议在此处直接指定IP地址。 如果需要,可以更改默认端口9000
。
Finally, save and close the environment file when you’re finished making changes.
最后,完成更改后,保存并关闭环境文件。
You’ve now installed Minio and set some important environment variables. Next, you’ll configure the server to run as a system service.
现在,您已经安装了Minio并设置了一些重要的环境变量。 接下来,您将配置服务器以作为系统服务运行。
第2步-安装Minio Systemd启动脚本 (Step 2 — Installing the Minio Systemd Startup Script)
In this step, you’ll configure the Minio server to be managed as a systemd
service.
在此步骤中,您将Minio服务器配置为作为systemd
服务进行管理。
First, download the official Minio service descriptor file using the following command:
首先,使用以下命令下载官方的Minio服务描述符文件 :
- curl -O https://raw.githubusercontent.com/minio/minio-service/master/linux-systemd/minio.service curl -O https://raw.githubusercontent.com/minio/minio-service/master/linux-systemd/minio.service
You will receive output similar to the following:
您将收到类似于以下内容的输出:
Output
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 835 100 835 0 0 6139 0 --:--:-- --:--:-- --:--:-- 6139
After the download has finished, a file named minio.service
will be in your working directory.
下载完成后,一个名为minio.service
的文件将位于您的工作目录中。
To audit the contents of minio.service
before applying it, open it in a text editor to view its contents:
要在应用前审核minio.service
的内容, minio.service
在文本编辑器minio.service
其打开以查看其内容:
- nano minio.service 纳米微服务
This will show the following:
这将显示以下内容:
[Unit]
Description=MinIO
Documentation=https://docs.min.io
Wants=network-online.target
After=network-online.target
AssertFileIsExecutable=/usr/local/bin/minio
[Service]
WorkingDirectory=/usr/local/
User=minio-user
Group=minio-user
EnvironmentFile=/etc/default/minio
ExecStartPre=/bin/bash -c "if [ -z \"${MINIO_VOLUMES}\" ]; then echo \"Variable MINIO_VOLUMES not set in /etc/default/minio\"; exit 1; fi"
ExecStart=/usr/local/bin/minio server $MINIO_OPTS $MINIO_VOLUMES
# Let systemd restart this service always
Restart=always
# Specifies the maximum file descriptor number that can be opened by this process
LimitNOFILE=65536
# Disable timeout logic and wait until process is stopped
TimeoutStopSec=infinity
SendSIGKILL=no
[Install]
WantedBy=multi-user.target
# Built for ${project.name}-${project.version} (${project.name})
This service unit file starts the Minio server using the minio-user
user that you created earlier. It also implements the environment variables you set in the last step, and makes the server run automatically on startup. For more information on systemd
unit files, see our guide Understanding Systemd Units and Unit Files.
该服务单元文件使用您先前创建的minio-user
用户启动minio-user
服务器。 它还实现了您在上一步中设置的环境变量,并使服务器在启动时自动运行。 有关systemd
单位文件的更多信息,请参阅我们的指南了解Systemd单位和单位文件 。
Once you’ve looked over the script’s contents, close your text editor.
查看脚本的内容后,关闭文本编辑器。
Systemd requires that unit files be stored in the systemd
configuration directory, so move minio.service
there:
Systemd要求将单元文件存储在systemd
配置目录中,因此将minio.service
那里:
- sudo mv minio.service /etc/systemd/system sudo mv minio.service / etc / systemd / system
Then, run the following command to reload all systemd units:
然后,运行以下命令以重新加载所有systemd单元:
- sudo systemctl daemon-reload sudo systemctl守护进程重新加载
Finally, enable Minio to start on boot:
最后,启用Minio在启动时启动:
- sudo systemctl enable minio sudo systemctl启用minio
This will give the following output:
这将给出以下输出:
Output
Created symlink from /etc/systemd/system/multi-user.target.wants/minio.service to /etc/systemd/system/minio.service.
Now that the systemd script is installed and configured, it’s time to start the server.
现在已经安装并配置了systemd脚本,现在该启动服务器了。
步骤3 —启动Minio服务器 (Step 3 — Starting the Minio Server)
In this step, you’ll start the server and modify the firewall to allow access through the browser interface.
在此步骤中,您将启动服务器并修改防火墙以允许通过浏览器界面进行访问。
First, start the Minio server:
首先,启动Minio服务器:
- sudo systemctl start minio 须藤systemctl开始迷你
Next, verify Minio’s status, the IP address it’s bound to, its memory usage, and more by running this command:
接下来,通过运行以下命令来验证Minio的状态,其绑定的IP地址,其内存使用情况以及更多其他信息:
- sudo systemctl status minio sudo systemctl状态迷你
You will get the following output:
您将获得以下输出:
Output
● minio.service - MinIO
Loaded: loaded (/etc/systemd/system/minio.service; enabled; vendor preset: enabled)
Active: active (running) since Mon 2019-12-09 21:54:02 UTC; 46s ago
Docs: https://docs.min.io
Process: 3405 ExecStartPre=/bin/bash -c if [ -z "${MINIO_VOLUMES}" ]; then echo "Variable MINIO_VOLUMES not set in /etc/default/minio"; exit 1; fi (code=exited, status=0/SUCCES
Main PID: 3407 (minio)
Tasks: 7 (limit: 1152)
CGroup: /system.slice/minio.service
└─3407 /usr/local/bin/minio server -C /etc/minio --address your_server_IP:9000 /usr/local/share/minio/
Dec 09 21:54:02 cart-Minion-Object-1804-1 systemd[1]: Started MinIO.
Dec 09 21:54:03 cart-Minion-Object-1804-1 minio[3407]: Endpoint: http://your_server_IP:9000
Dec 09 21:54:03 cart-Minion-Object-1804-1 minio[3407]: Browser Access:
Dec 09 21:54:03 cart-Minion-Object-1804-1 minio[3407]: http://your_server_IP:9000
...
Next, enable access through the firewall to the Minio server on the configured port. In this tutorial, that’s port 9000
.
接下来,在配置的端口上启用通过防火墙对Minio服务器的访问。 在本教程中,端口为9000
。
First add the rule:
首先添加规则:
sudo ufw allow 9000
sudo ufw允许9000
Then, enable the firewall:
然后,启用防火墙:
- sudo ufw enable sudo ufw启用
You will get the following prompt:
您将收到以下提示:
Output
Command may disrupt existing ssh connections. Proceed with operation (y|n)?
Press y
and ENTER
to confirm this. You will then get the following output:
按y
和ENTER
确认。 然后,您将获得以下输出:
Output
Firewall is active and enabled on system startup
Minio is now ready to accept traffic, but before connecting to the server, you will secure communication by installing an SSL/TLS certificate.
Minio现在准备接受流量,但是在连接到服务器之前,您将通过安装SSL / TLS证书来保护通信。
步骤4 —使用TLS证书保护对Minio Server的访问 (Step 4 — Securing Access to Your Minio Server With a TLS Certificate)
In this step, you will secure access to your Minio server using a private key and public certificate that has been obtained from a certificate authority (CA), in this case Let’s Encrypt. To get a free SSL certificate, you will use Certbot.
在此步骤中,您将使用从证书颁发机构(CA)(在本例中为Let's Encrypt )获得的私钥和公共证书来确保对Minio服务器的访问安全。 要获得免费的SSL证书,您将使用Certbot 。
First, allow HTTP and HTTPS access through your firewall. To do this, open port 80
, which is the port for HTTP:
首先,允许通过防火墙的HTTP和HTTPS访问。 为此,请打开端口80
,该端口是HTTP的端口:
- sudo ufw allow 80 sudo ufw允许80
Next, open up port 443
for HTTPS:
接下来,打开HTTPS的端口443
:
- sudo ufw allow 443 sudo ufw允许443
Once you’ve added these rules, check on your firewall’s status with the following command:
添加这些规则后,请使用以下命令检查防火墙的状态:
- sudo ufw status verbose sudo ufw状态详细
You will receive output similar to the following:
您将收到类似于以下内容的输出:
Output
Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing), disabled (routed)
New profiles: skip
To Action From
-- ------ ----
22/tcp (OpenSSH) ALLOW IN Anywhere
9000 ALLOW IN Anywhere
443 ALLOW IN Anywhere
80 ALLOW IN Anywhere
22/tcp (OpenSSH (v6)) ALLOW IN Anywhere (v6)
9000 (v6) ALLOW IN Anywhere (v6)
443 (v6) ALLOW IN Anywhere (v6)
80 (v6) ALLOW IN Anywhere (v6)
This confirms that ports 80
and 443
are open, ensuring that your server accepts requests from the internet.
这确认端口80
和443
已打开,确保您的服务器接受来自Internet的请求。
Next, you will install Certbot. Since Certbot maintains a separate PPA repository, you will first have to add it to your list of repositories before installing Certbot as shown:
接下来,您将安装Certbot。 由于Certbot维护一个单独的PPA存储库,因此在安装Certbot之前,您首先必须将其添加到存储库列表中,如下所示:
To prepare to add the PPA repository, first install software-properties-common
, a package for managing PPAs:
要准备添加PPA存储库,请首先安装用于管理PPA的软件包software-properties-common
:
- sudo apt install software-properties-common sudo apt安装软件属性通用
This package provides some useful scripts for adding and removing PPAs instead of doing it manually.
该软件包提供了一些有用的脚本来添加和删除PPA,而不是手动执行。
Now add the Universe repository:
现在添加Universe存储库:
- sudo add-apt-repository universe sudo add-apt-repository Universe
This repository contains free and open source software maintained by the Ubuntu community, but is not officially maintained by Canonical, the developers of Ubuntu. This is where we will find the repository for Certbot.
该存储库包含由Ubuntu社区维护的免费和开源软件,但未由Ubuntu的开发人员Canonical正式维护。 在这里我们可以找到Certbot的存储库。
Next, add the Certbot repository:
接下来,添加Certbot存储库:
- sudo add-apt-repository ppa:certbot/certbot sudo add-apt-repository ppa:certbot / certbot
You will receive the following output:
您将收到以下输出:
Output
This is the PPA for packages prepared by Debian Let's Encrypt Team and backported for Ubuntu(s).
More info: https://launchpad.net/~certbot/+archive/ubuntu/certbot
Press [ENTER] to continue or ctrl-c to cancel adding it
Press ENTER
to accept.
按ENTER
接受。
Then update the package list:
然后更新软件包列表:
- sudo apt update sudo apt更新
Finally, install certbot
:
最后,安装certbot
:
- sudo apt install certbot sudo apt安装certbot
Next, you will use certbot
to generate a new SSL certificate.
接下来,您将使用certbot
生成新的SSL证书。
Since Ubuntu 18.04 doesn’t yet support automatic installation, you will use the certonly
command and --standalone
to obtain the certificate:
由于Ubuntu 18.04尚不支持自动安装,因此您将使用certonly
命令和--standalone
获取证书:
sudo certbot certonly --standalone -d minio-server.your_domain
sudo certbot certonly --standalone -d微型服务器。 your_domain
--standalone
means that this certificate is for a built-in standalone web server. For more information on this, see our How To Use Certbot Standalone Mode to Retrieve Let’s Encrypt SSL Certificates on Ubuntu 18.04 tutorial.
--standalone
表示此证书适用于内置的独立 Web服务器。 有关此内容的更多信息,请参见我们的如何使用Certbot独立模式检索在Ubuntu 18.04上加密SSL证书的教程。
You will receive the following output:
您将收到以下输出:
Output
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator standalone, Installer None
Enter email address (used for urgent renewal and security notices) (Enter 'c' to
cancel):
Add your email and press ENTER
.
添加您的电子邮件,然后按ENTER
。
Certbot will then ask you to register with Let’s Encrypt:
然后,Certbot会要求您向Let's Encrypt注册:
Output
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must
agree in order to register with the ACME server at
https://acme-v02.api.letsencrypt.org/directory
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(A)gree/(C)ancel:
Type A
and press ENTER
to agree.
键入A
,然后按ENTER
以表示同意。
Next, you will be asked if you are willing to share your email with the Electronic Frontier Foundation:
接下来,将询问您是否愿意与电子前沿基金会共享您的电子邮件:
Output
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Would you be willing to share your email address with the Electronic Frontier
Foundation, a founding partner of the Let's Encrypt project and the non-profit
organization that develops Certbot? We'd like to send you email about our work
encrypting the web, EFF news, campaigns, and ways to support digital freedom.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o:
Once you answer Y
or N
, your public and private keys will be generated and saved in the /etc/letsencrypt/live/minio-server.your_domain_name
directory.
回答Y
或N
,将生成您的公钥和私钥,并将其保存在/etc/letsencrypt/live/minio-server. your_domain_name
/etc/letsencrypt/live/minio-server. your_domain_name
目录。
Next, copy these two files (privkey.pem
and fullchain.pem
) into the certs
directory under Minio’s server configuration folder, which is /etc/minio
for this tutorial. Use the following to copy privkey.pem
and rename the file private.key
:
接下来,将这两个文件( privkey.pem
和fullchain.pem
)复制到fullchain.pem
的服务器配置文件夹下的certs
目录中,该文件夹在本教程中为/etc/minio
。 使用以下命令复制privkey.pem
并重命名文件private.key
:
sudo cp /etc/letsencrypt/live/minio-server.your_domain_name/privkey.pem /etc/minio/certs/private.key
须藤cp / etc / letsencrypt / live / minio-server。 your_domain_name /privkey.pem / etc / minio /certs/private.key
Then do the same for fullchain.pem
, naming the result public.crt
:
然后对fullchain.pem
执行相同的fullchain.pem
,将结果命名为public.crt
:
sudo cp /etc/letsencrypt/live/minio-server.your_domain_name/fullchain.pem /etc/minio/certs/public.crt
须藤cp / etc / letsencrypt / live / minio-server。 your_domain_name /fullchain.pem / etc / minio /certs/public.crt
Now, change the ownership of the files to minio-user
. First, do this for private.key
:
现在,将文件的所有权更改为minio-user
。 首先,对private.key
执行此操作:
sudo chown minio-user:minio-user /etc/minio/certs/private.key
sudo chown minio用户:minio用户/ etc / minio /certs/private.key
Then public.crt
:
然后public.crt
:
sudo chown minio-user:minio-user /etc/minio/certs/public.crt
sudo chown minio用户:minio用户/ etc / minio /certs/public.crt
Restart the Minio server, so that it becomes aware of the certificate and starts using HTTPS:
重新启动Minio服务器,以便它知道证书并开始使用HTTPS:
- sudo systemctl restart minio sudo systemctl重新启动minio
Let’s Encrypt certificates are only valid for ninety days. This is to encourage users to automate their certificate renewal process. The Certbot package you installed automatically adds a renew script to /etc/cron.d
. This script runs twice a day and will automatically renew any certificate that’s within thirty days of expiration.
让我们加密证书仅有效期为90天。 这是为了鼓励用户自动化其证书续订过程。 您安装的Certbot软件包会自动将更新脚本添加到/etc/cron.d
。 该脚本每天运行两次,并将在到期后三十天内自动续订任何证书。
With that, Minio’s connection is now secure, and the SSL/TLS certificate will automatically renew for you. In the next step, you’ll connect to Minio through the browser to use the server.
这样,Minio的连接现在是安全的,并且SSL / TLS证书将自动为您续订。 在下一步中,您将通过浏览器连接到Minio以使用服务器。
步骤5 —使用HTTPS安全连接到Minio的Web界面 (Step 5 — Securely Connecting to Minio’s Web Interface Using HTTPS)
In this step, you’ll securely connect to the Minio web interface via HTTPS, and then you’ll create buckets and upload objects into them.
在此步骤中,您将通过HTTPS安全地连接到Minio Web界面,然后创建存储桶并将对象上传到其中。
Access the web interface by pointing your browser to https://minio-server.your_domain:9000
.
通过将浏览器指向https://minio-server. your_domain : 9000
来访问Web界面https://minio-server. your_domain : 9000
https://minio-server. your_domain : 9000
。
You will see the Minio server login screen:
您将看到Minio服务器登录屏幕:
Now, log in to the main interface by entering your credentials. For Access Key, enter the MINIO_ACCESS_KEY
you set in the /etc/default/minio
environment file in Step 1. For Secret Key, type the MINIO_SECRET_KEY
you set in the same file. Once you’ve entered the credentials, click the round button with the arrow directly below the input fields.
现在,通过输入您的凭据登录到主界面。 对于Access Key,输入MINIO_ACCESS_KEY
您在设置/etc/default/ minio
环境文件中的第1步 。 对于“密钥” ,键入在同一文件中设置的MINIO_SECRET_KEY
。 输入凭据后,请在输入字段正下方单击带有箭头的圆形按钮。
You will then be presented with the Minio user interface. To create a new bucket in which you can store objects, click the light-red + button on the bottom right of the main interface to bring up two additional yellow buttons.
然后,您将看到Minio用户界面。 要创建一个可以存储对象的新存储桶,请单击主界面右下角的浅红色+按钮,以调出另外两个黄色按钮。
Click the middle yellow button and enter a name for your new bucket in the prompt, pressing the ENTER
key to save your response. Your new bucket is now ready to be used for storage.
单击中间的黄色按钮,然后在提示中输入新存储桶的名称,然后按ENTER
键以保存您的响应。 现在,您的新存储桶就可以用于存储了。
Note: When naming your Minio bucket, make sure that your name only contains lowercase letters, numbers, or hyphens. Minio limits bucket naming conventions in order to be compatible with AWS S3 standards.
注意:命名Minio存储桶时,请确保您的名称仅包含小写字母,数字或连字符。 Minio限制存储桶命名约定,以便与AWS S3标准兼容。
When you want to add objects into your bucket, click the same light-red button as before and then click the top yellow button to open a file-upload prompt.
如果要将对象添加到存储桶中,请单击与以前相同的浅红色按钮,然后单击顶部的黄色按钮以打开文件上传提示。
At this point, you’ve worked through the entire basic web interface of creating buckets and uploading objects.
至此,您已经完成了创建存储桶和上传对象的整个基本Web界面。
结论 (Conclusion)
You now have your own Minio object storage server that you can connect to securely from the web interface using a Let’s Encrypt SSL/TLS certificate. Optionally, you may want to look at the Minio desktop clients for FreeBSD, Linux, Mac, and Windows as an alternative way to use and administrate your object storage server.
现在,您拥有自己的Minio对象存储服务器,可以使用“让我们加密SSL / TLS”证书从Web界面安全地连接到该对象。 (可选)您可能希望查看FreeBSD,Linux,Mac和Windows的Minio桌面客户端 ,作为使用和管理对象存储服务器的另一种方法。
Additionally, if you’d like to increase your Minio installation’s storage capacity beyond your server’s disk size, you can use DigitalOcean’s block storage service to attach a volume to your server, extending storage capacity by as much as 80 TB.
此外,如果您希望将Minio安装的存储容量增加到服务器磁盘大小以外,则可以使用DigitalOcean的块存储服务将卷附加到服务器上,从而将存储容量最多扩展80 TB。
More information about Minio is available at the project’s documentation website. If you’d like to learn more about object storage, browse our Object Storage tutorials.
有关Minio的更多信息,请访问项目文档网站 。 如果您想了解有关对象存储的更多信息,请浏览我们的对象存储教程 。
minio.exe怎么安装