Last active
June 28, 2025 11:27
-
-
Save aKamrani/a4e3075cfeb6809175ece88409185fce to your computer and use it in GitHub Desktop.
Setup & Configure Minio
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| services: | |
| minio: | |
| container_name: minio | |
| hostname: minio | |
| image: quay.io/minio/minio | |
| restart: unless-stopped | |
| command: server --console-address ":9001" /data | |
| healthcheck: | |
| test: ["CMD", "curl", "-f", "http://localhost:9000/minio/health/live"] | |
| interval: 30s | |
| timeout: 20s | |
| retries: 3 | |
| environment: | |
| MINIO_ROOT_USER: 'admin-console' | |
| MINIO_ROOT_PASSWORD: 'PASSWORD' | |
| ports: | |
| - "9000:9000" | |
| - "9001:9001" | |
| volumes: | |
| - /datatank:/data:rw | |
| nginx: | |
| image: docker.phoenix.mahsan.net/nginx:alpine | |
| restart: unless-stopped | |
| hostname: nginx | |
| container_name: nginx | |
| volumes: | |
| - ./common/nginx/configs/:/etc/nginx/conf.d/ | |
| - ./common/ssl:/etc/nginx/ssl | |
| ports: | |
| - "80:80" | |
| - "443:443" | |
| depends_on: | |
| - minio |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| upstream console_upstream { | |
| server minio:9001; | |
| } | |
| server { | |
| listen 443 ssl; | |
| ssl_certificate /etc/nginx/ssl/certbundle.crt; | |
| ssl_certificate_key /etc/nginx/ssl/server.key; | |
| server_name console.DOMAIN.COM; | |
| client_max_body_size 5G; | |
| ignore_invalid_headers off; | |
| proxy_buffering off; | |
| location / { | |
| proxy_http_version 1.1; | |
| proxy_read_timeout 15m; | |
| proxy_send_timeout 15m; | |
| proxy_request_buffering off; | |
| proxy_set_header Host $host; | |
| proxy_pass http://console_upstream; | |
| } | |
| } | |
| server { | |
| listen 80; | |
| server_name console.DOMAIN.COM; | |
| if ($host = console.DOMAIN.COM) { | |
| return 302 https://$host$request_uri; | |
| } | |
| } |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| upstream storage_upstream { | |
| server minio:9000; | |
| } | |
| server { | |
| listen 443 ssl; | |
| ssl_certificate /etc/nginx/ssl/certbundle_sivansm.crt; | |
| ssl_certificate_key /etc/nginx/ssl/server_sivansm.key; | |
| server_name storage.DOMAIN.COM; | |
| client_max_body_size 10G; | |
| ignore_invalid_headers off; | |
| proxy_buffering off; | |
| location / { | |
| proxy_http_version 1.1; | |
| proxy_read_timeout 15m; | |
| proxy_send_timeout 15m; | |
| proxy_request_buffering off; | |
| #if ($request_method = PUT) { | |
| #add_header 'Access-Control-Allow-Origin' "$http_origin"; | |
| #add_header 'Access-Control-Allow-Methods' 'GET,POST,OPTIONS,PUT,DELETE,PATCH'; | |
| #add_header 'Access-Control-Allow-Headers' 'Authorization,Accept,Origin,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range'; | |
| #} | |
| #if ($request_method = OPTIONS) { | |
| #add_header 'Access-Control-Allow-Origin' "$http_origin"; | |
| #add_header 'Access-Control-Allow-Methods' 'GET,POST,OPTIONS,PUT,DELETE,PATCH'; | |
| #add_header 'Access-Control-Allow-Headers' 'Authorization,Accept,Origin,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range'; | |
| #} | |
| proxy_set_header Host $host; | |
| proxy_pass http://storage_upstream; | |
| } | |
| } | |
| server { | |
| listen 80; | |
| listen [::]:80; | |
| server_name storage.DOMAIN.COM; | |
| if ($host = storage.DOMAIN.COM) { | |
| return 302 https://$host$request_uri; | |
| } | |
| } |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "Version": "2012-10-17", | |
| "Statement": [ | |
| { | |
| "Effect": "Allow", | |
| "Principal": { | |
| "AWS": [ | |
| "*" | |
| ] | |
| }, | |
| "Action": [ | |
| "s3:GetBucketLocation" | |
| ], | |
| "Resource": [ | |
| "arn:aws:s3:::BUCKET_NAME_HERE" | |
| ] | |
| }, | |
| { | |
| "Effect": "Allow", | |
| "Principal": { | |
| "AWS": [ | |
| "*" | |
| ] | |
| }, | |
| "Action": [ | |
| "s3:GetObject" | |
| ], | |
| "Resource": [ | |
| "arn:aws:s3:::BUCKET_NAME_HERE/*" | |
| ] | |
| } | |
| ] | |
| } |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "Version": "2012-10-17", | |
| "Statement": [ | |
| { | |
| "Effect": "Allow", | |
| "Principal": { | |
| "AWS": [ | |
| "*" | |
| ] | |
| }, | |
| "Action": [ | |
| "s3:GetBucketLocation" | |
| ], | |
| "Resource": [ | |
| "arn:aws:s3:::rasan-dejon" | |
| ] | |
| }, | |
| { | |
| "Effect": "Allow", | |
| "Principal": { | |
| "AWS": [ | |
| "*" | |
| ] | |
| }, | |
| "Action": [ | |
| "s3:GetObject" | |
| ], | |
| "Resource": [ | |
| "arn:aws:s3:::rasan-dejon/*" | |
| ] | |
| } | |
| ] | |
| } |
Author
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Use this article to set custom policy for a bucket in minio: https://nuudeli.com/how-to-disable-the-public-list-of-files-in-minio/
This policy disable Bucket Objects Listing in minio:
First, open “Access policy” and set it as “custom”. Then set this ploicy: