MiniIO is a S3 High performance Object Storage server released under GNU. It is capable of replication and load balancing to provide a high degree of performance and reliability.
In this section we will discuss 3 things.
The Minio S3 Server.
The Minio S3 Client
The AWS Client
Additional Clients are:
Cyberduck – A long standing file exchange client.
Filezilla Pro – As of 2021 there may very well be a problem with Filezilla Pro. It appears to be focused on connecting to AWS Regions. I do not know if this problem persists.
GOAL 1: Let’s install the MinIO server. Fortunately this is simple.
chmod +x minio
sudo ./minio server /minio
Note: we will discuss a few things next, like how to configure a certificate.
HOW to use SSL
There are a number of ways to create a SSL. In this instance we are going to explore the use of a utility called certgen which is provided for from a minio GIT repository. We could have just as easily have used OpenSSL. We could have used or created a certificate using “Let’s Encrypt” or using Python and the Cryptography module.
git clone https://github.com/minio/certgen.git
Now GO is not my go to language of choice. I have only used it to explore the language. So it might be the case that you will need to install parts of the GO development library in order to create a workable version of “certgen”. I will take a slight pause at the fact that the MinIO binary was provided for us.
To install “go” in ubuntu you can do the following:
snap install go --classic
So it should be installed. We can see what version we are using by inquiring about the version/release.
root@node:/home/user/certgen# go version go version go1.16.7 linux/amd64
Now it’s time to build it.
export GOPATH=/home/user/certgen go build certgen.go
Now that we have built the command we can use it to create a self signed cert with an IP Address.
root@node:/home/user/certgen# ./certgen --host 192.168.150.110 2021/09/26 14:10:47 wrote public.crt 2021/09/26 14:10:47 wrote private.key
The cert will be of the form:
Version V3 Signature hash algorithm: SHA256 Public Key: RSA (2048 Bits) Subject: Acme Co Subject Alternative Name: IP Address = 192.168.150.110 Basic Contstraings: Subject Type=End Entity Path Length Contraint=None
Now we can copy these over more useful location:
I choose /root/minio/certs because this is listed as the default directory. ( when in Rome … )
cp private.key /root/.minio/certs cp public.crt /root/.minio/certs
NOTE: If Minio learns it can use uses CERTS it will launch the portal to use HTTPS insteap of HTTPS.
Now we can:
./minio server /mnt/storage
This assumes that in the /mnt directory you have create a folder named storage
Perhaps you have mounted another disk or storage system to this.
We might want to use the Minio CLI. To get this we simply
$ wget https://dl.minio.io/client/mc/release/linux-amd64/mc
Alternatively we might can use the AWS CLI.
C:\Users\User>aws --endpoint-url https://192.168.150.110:9000 s3 ls test 2021-09-26 08:37:09 13073 Untitled.png 2021-09-26 09:26:09 3 test.txt
In this cheesy example we will pretended that I created an access_key and secret_key of ec2-user.
aws configure set access_key ec2-user aws configure set secret_key ec2-user
To list the AWS configuration information:
C:\Users\User.aws>aws configure list Name Value Type Location ---- ----- ---- -------- profile None None access_key user shared-credentials-file secret_key user shared-credentials-file region None None
If you want to use SSL and not have to specify the –no-verify-ssl option, then you need to set the AWS_CA_BUNDLE environment variable. I will come back and visit this as I was not able to snap my fingers and get this to work.
aws --no-verify-ssl --endpoint-url https://192.168.150.110:9000 s3 ls
aws --no-verify-ssl --endpoint-url https://192.168.150.110:9000 s3 ls s3://test
It may be the case that you will want to install this as a service. For a linux based system the easiest way to do this might be to simply create an entry for the service.
cat <<EOF | sudo tee /etc/systemd/system/minio.service [Unit] Description=minio [Service] WorkingDirectory=/Home/user ExecStart=/home/user/minio server /mnt storage [install] WantedBy=multi-user.target EOF
Time to reload the daemon; start the service and then inquire as to its status.
sudo systemctl daemon-reload sudo systemctl start minio.service sudo service minio status