【实用的docker小技巧】minio(自建oss)

minio(自建oss)

官方文档

开源地址

这是一个开源、免费的、兼容AWS S3的存储服务，可以用来存储文件，比如图片、视频等。

在家用场景，我们一般往上放备份

启动

#!/bin/bash

echo 'Asia/Shanghai' > /etc/timezone

docker kill minio
docker rm minio
docker run -d \
   --network=host \
   --name minio \
   --restart=always \
   -v /etc/timezone:/etc/timezone:ro \
   -v /etc/localtime:/etc/localtime:ro \
   -v $(pwd)/data:/data \
   -e "MINIO_ROOT_USER=root" \
   -e "MINIO_ROOT_PASSWORD=password" \
   -e "MINIO_BROWSER_REDIRECT_URL=http://s3.xxxwahotdog.top" \
   minio/minio server /data --console-address ":9001"

# 国内镜像国内镜像registry.cn-hangzhou.aliyuncs.com/buyfakett/minio

configuration

upstream minio_s3 {
    least_conn;
    server 192.168.1.1:9000;
}

upstream minio_console {
    least_conn;
    server 192.168.1.1:9001;
}

server {
    listen       80;
    server_name  test.com;
    access_log /data/logs/nginx/json_minioSubnet.log json;

    # Allow special characters in headers
    ignore_invalid_headers off;
    # Allow any size file to be uploaded.
    # Set to a value such as 1000m; to restrict file size to a specific value
    client_max_body_size 0;
    # Disable buffering
    proxy_buffering off;
    proxy_request_buffering off;

    location / {
        proxy_set_header Host $http_host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;

        proxy_connect_timeout 3600;
        # Default is HTTP/1, keepalive is only enabled in HTTP/1.1
        proxy_http_version 1.1;
        proxy_set_header Connection "";
        chunked_transfer_encoding off;

        proxy_pass http://minio_s3; # This uses the upstream directive definition to load balance
    }

    location /minio/ui/ {
        rewrite ^/minio/ui/(.*) /$1 break;
        proxy_set_header Host $http_host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-NginX-Proxy true;

        # This is necessary to pass the correct IP to be hashed
        real_ip_header X-Real-IP;

        proxy_connect_timeout 3600;

        # To support websockets in MinIO versions released after January 2023
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        # Some environments may encounter CORS errors (Kubernetes + Nginx Ingress)
        # Uncomment the following line to set the Origin request to an empty string
        # proxy_set_header Origin '';

        chunked_transfer_encoding off;

        proxy_pass http://minio_console; # This uses the upstream directive definition to load balance
    }
}

linux挂载

# apt install -y s3fs
# yum install -y epel-release s3fs-fuse

echo "access_key:secret_key" > /data/minio-config/passwd
chmod 600 /data/minio-config/passwd
/usr/bin/s3fs <bucket> /data/minio/test -o passwd_file=/data/minio-config/passwd -o url=https://xxx.top -o use_path_request_style

监控

# 下载mc并生成token
wget https://dl.min.io/client/mc/release/linux-amd64/mc -O /usr/local/bin/mc && chmod +x /usr/local/bin/mc
mc alias set <ALIAS> <YOUR-S3-ENDPOINT> <YOUR-ACCESS-KEY> <YOUR-SECRET-KEY> --api s3v4
mc admin prometheus generate <ALIAS>

grafana中导入13502

权限管理

我们还可以权限管理, 我这里演示的是名为test桶的所有权限

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "s3:GetBucketLocation",
        "s3:ListBucket",
        "s3:ListBucketMultipartUploads"
      ],
      "Resource": "arn:aws:s3:::test"
    },
    {
      "Effect": "Allow",
      "Action": [
        "s3:PutObject",
        "s3:GetObject",
        "s3:DeleteObject",
        "s3:ListMultipartUploadParts",
        "s3:AbortMultipartUpload"
      ],
      "Resource": "arn:aws:s3:::test/*"
    }
  ]
}