Minio安装配置,桶权限设置,nginx代理 https minio
**起因:因为用到ruoyi-vue-plus框架中遇到生产环境是https,但是http的minio上传的文件不能在后台系统中访问**
- 安装配置minio
- 1. 下载安装
- 2. 赋文件执行权限
- 3.创建配置文件
- 4.创建minio.service
- 新版minio创建桶需要配置桶权限
- 1.下载客户端
- 2.设置访问权限
- 3.连接客户端
- 4.设置桶权限
- nginx配置https
- 1.申请创建证书
- 2.修改证书文件名(必须修改)
- 3.nginx的https代理参考配置
安装配置minio
1. 下载安装
mkdir /usr/local/minio && cd /usr/local/minio && mkdir bin data
cd bin
wget https://dl.min.io/server/minio/release/linux-amd64/minio
2. 赋文件执行权限
cd /usr/local/minio
chmod +x bin/minio
3.创建配置文件
mkdir conf
cd conf
vim minio.conf
minio.conf配置文件内容
#用户名
MINIO_ROOT_USER="minio"
#密码
MINIO_ROOT_PASSWORD="Admin@1996"
#配置https或者为了不暴露端口再用到
#MINIO_SERVER_URL="https://minio.**.com/"
#MINIO_BROWSER_REDIRECT_URL="https://minio.**.com/web/"
4.创建minio.service
cd /etc/systemd/system
vim minio.service
minio.service内容
[Unit]
Description=Minio
Wants=network-online.target
After=network-online.target
AssertFileIsExecutable=/usr/local/minio/bin/minio[Service]
EnvironmentFile=/usr/local/minio/conf/minio.conf
WorkingDirectory=/usr/local/minio/
PermissionsStartOnly=true
ExecStart=/usr/local/minio/bin/minio server --console-address :9001 /usr/local/minio/data
ExecReload=/bin/kill -s HUP $MAINPID
ExecStop=/bin/kill -s QUIT $MAINPID
PrivateTmp=true[Install]
WantedBy=multi-user.target
5.服务启动命令
#将服务设置为每次开机启动
systemctl enable minio.service
#启动服务
systemctl start minio
#停止服务
systemctl stop minio
#重启服务
systemctl restrat minio
#查看服务状态
systemctl status minio.service
新版minio创建桶需要配置桶权限
1.下载客户端
wget https://dl.min.io/client/mc/release/linux-amd64/mc -O /usr/local/bin/mc
2.设置访问权限
chmod +x /usr/local/bin/mc
3.连接客户端
mc alias set myminio http://localhost:9000 登陆账号 登陆密码
4.设置桶权限
mc anonymous set download myminio/桶名称
nginx配置https
1.申请创建证书
我使用的证书是通过阿里云申请创建证书,下载Apache格式。网上那些自己申请创建的证书应该也是可以的,没有测试。
2.修改证书文件名(必须修改)
并且把名字修改为private.key和public.crt放在/root/.minio/certs(安装minio自动创建的目录)路径下
3.nginx的https代理参考配置
server {listen 443 ssl;http2 on;server_name minio.yuming.com; ssl_certificate /www/zuche/cert/minio.yuming.com.pem; #nginx证书文件位置 用的也是阿里的相同证书ssl_certificate_key /www/zuche/cert/minio.yuming.com.key; #nginx证书文件配置 用的也是阿里的相同证书ssl_session_timeout 5m;ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;ssl_prefer_server_ciphers on;location / {keepalive_timeout 105s;proxy_connect_timeout 300s;proxy_send_timeout 600s;proxy_read_timeout 600s;client_max_body_size 500m;proxy_set_header Host $http_host;proxy_set_header X-Real-IP $remote_addr;proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;proxy_set_header X-Forwarded-Host $http_host;proxy_set_header X-Forwarded-Port $server_port;proxy_set_header X-Forwarded-Proto $scheme;proxy_buffering off;proxy_pass https://localhost:9000/;}location /web/ {proxy_set_header Host $http_host;proxy_set_header X-Real-IP $remote_addr;proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;proxy_set_header X-Forwarded-Host $http_host;proxy_set_header X-Forwarded-Port $server_port;proxy_set_header X-Forwarded-Proto $scheme;proxy_set_header Upgrade $http_upgrade;proxy_set_header Connection "upgrade";proxy_buffering off;proxy_pass https://localhost:9001/;}} #http forced jump https http强制跳转https配置server{ listen 80;server_name minio.skwl1688.com;rewrite ^(.*)$ https://minio.yuming.com/;location ~ / {index index.html index.php index.htm;}}