diff --git a/_snippets/common-links.md b/_snippets/common-links.md index 0a87308..658f8df 100644 --- a/_snippets/common-links.md +++ b/_snippets/common-links.md @@ -1,6 +1,6 @@ [archivebox]: /recipes/archivebox/ -[autopirate]: /recipes/autopirate/ [authelia]: /ha-docker-swarm/authelia/ +[autopirate]: /recipes/autopirate/ [bazarr]: /recipes/autopirate/bazarr/ [calibre-web]: /recipes/calibre-web/ [cyberchef]: /recipes/cyberchef/ @@ -17,6 +17,7 @@ [linx]: /recipes/linx/ [mealie]: /recipes/mealie/ [miniflux]: /recipes/miniflux/ +[minio]: /recipes/minio/ [mylar]: /recipes/autopirate/mylar/ [nightscout]: /recipes/nightscout/ [nzbget]: /recipes/autopirate/nzbget/ @@ -25,7 +26,7 @@ [openldap]: /recipes/openldap/ [oscarr]: /recipes/autopirate/oscarr/ [paperless-ng]: /recipes/paperless-ng/ -[patreon]: https://www.patreon.com/bePatron?u=6982506 +[patreon]: https://www.patreon.com/bePatron?u=6982506 [photoprism]: /recipes/photoprism/ [plex]: /recipes/plex/ [portainer]: /recipes/portainer/ diff --git a/manuscript/CHANGELOG.md b/manuscript/CHANGELOG.md index 00abc4d..1484345 100644 --- a/manuscript/CHANGELOG.md +++ b/manuscript/CHANGELOG.md @@ -18,6 +18,7 @@ Recipe | Description Recipe | Description | Date ----------------------------|---------------------------------------------------------------------------------|-------------- +[Minio][minio] | Major update to Minio recipe, for new Console UI and Traefik v2 | _22 Oct 2021_ [Traefik Forward Auth][tfa] | Major update for Traefik v2, included instructions for Dex, Google, KeyCloak | _29 Jan 2021_ [Autopirate][autopirate] | Updated all components for Traefik v2 labels | _29 Jan 2021_ [Portainer][portainer] | Bump to version 2, bringing "expert simplicity" to your Docker stack management | _25 Jan 2021_ diff --git a/manuscript/images/buymeacoffee-cover-page.png b/manuscript/images/buymeacoffee-cover-page.png new file mode 100644 index 0000000..701f594 Binary files /dev/null and b/manuscript/images/buymeacoffee-cover-page.png differ diff --git a/manuscript/images/minio.png b/manuscript/images/minio.png index 2cd283f..57c8cf1 100644 Binary files a/manuscript/images/minio.png and b/manuscript/images/minio.png differ diff --git a/manuscript/premix.md b/manuscript/premix.md index 19817f3..6aaf847 100644 --- a/manuscript/premix.md +++ b/manuscript/premix.md @@ -16,7 +16,7 @@ Here's a sample of the directory structure: ??? "What will I find in the pre-mix?" ```bash - . + . ├── README.md ├── ansible │   ├── README.md @@ -154,7 +154,7 @@ Here's a sample of the directory structure: │   │   │   └── funkycore-1.0.0.tgz │   │   ├── templates │   │   │   ├── NOTES.txt -│   │   │   ├──_helpers.tpl +    │   │   ├──_helpers.tpl │   │   │   ├── apps │   │   │   │   ├── bazarr │   │   │   │   │   ├── config-pvc.yaml @@ -228,7 +228,7 @@ Here's a sample of the directory structure: │   │   │   └── postgresql-8.3.0.tgz │   │   ├── myvalues.yaml │   │   ├── templates -│   │   │   ├──_helpers.tpl +    │   │   ├──_helpers.tpl │   │   │   ├── deployment.yaml │   │   │   ├── ingress │   │   │   │   ├── kube.yaml @@ -496,7 +496,7 @@ Here's a sample of the directory structure: │   │   ├── Chart.yaml │   │   ├── templates │   │   │   ├── NOTES.TXT -│   │   │   ├──_helpers.tpl +    │   │   ├──_helpers.tpl │   │   │   ├── deployment.yaml │   │   │   ├── ingress │   │   │   │   ├── kube.yaml diff --git a/manuscript/recipes/minio.md b/manuscript/recipes/minio.md index 10df15b..45336e8 100644 --- a/manuscript/recipes/minio.md +++ b/manuscript/recipes/minio.md @@ -25,23 +25,27 @@ Possible use-cases: ### Setup data locations -We'll need a directory to hold our minio file store, as well as our minio client config, so create a structure at /var/data/minio: +We'll need a directory to hold our minio file store. You can create a blank directory wherever you like (*I used `/var/data/minio`*), or point the `/data` volume to a pre-existing folder structure. ```bash mkdir /var/data/minio -cd /var/data/minio -mkdir -p {mc,data} ``` ### Prepare environment -Create minio.env, and populate with the following variables +Create `minio.env`, and populate with the variables below. ```bash -MINIO_ACCESS_KEY= -MINIO_SECRET_KEY= +MINIO_ROOT_USER=hackme +MINIO_ROOT_PASSWORD=becauseiforgottochangethepassword +MINIO_BROWSER_REDIRECT_URL=https://minio-console.example.com +MINIO_SERVER_URL=https://minio.example.com ``` +!!! note "If minio redirects you to :9001" + `MINIO_BROWSER_REDIRECT_URL` is especially important since recent versions of Minio will redirect web browsers to this URL when they hit the API directly. (*If you find yourself redirected to `http://your-minio-url:9001`, then you've not set this value correctly!*) + + ### Setup Docker Swarm Create a docker swarm config file in docker-compose syntax (v3), something like this: @@ -56,18 +60,50 @@ services: image: minio/minio env_file: /var/data/config/minio/minio.env volumes: - - /var/data/minio/data:/data + - /var/data/minio:/data networks: - traefik_public deploy: labels: + # traefik + - traefik.enable=true + - traefik.docker.network=traefik_public + + # traefikv1 - traefik.frontend.rule=Host:minio.example.com - - traefik.port=9000 - command: minio server /data + - traefik.port=9000 + + - traefik.console.frontend.rule=Host:minio-console.example.com + - traefik.console.port=9001 + + # traefikv2 (death-by-labels, much?) + - traefik.http.middlewares.redirect-https.redirectScheme.scheme=https + - traefik.http.middlewares.redirect-https.redirectScheme.permanent=true + + - traefik.http.routers.minio-https.rule=Host(`minio.example.com`) + - traefik.http.routers.minio-https.entrypoints=https + - traefik.http.routers.minio-https.service=minio + - traefik.http.routers.minio-http.rule=Host(`minio.example.com`) + - traefik.http.routers.minio-http.entrypoints=http + - traefik.http.routers.minio-http.middlewares=redirect-https + - traefik.http.routers.minio-http.service=minio + - traefik.http.services.minio.loadbalancer.server.port=9000 + + - traefik.http.routers.minio-console-https.rule=Host(`minio-console.example.com`) + - traefik.http.routers.minio-console-https.entrypoints=https + - traefik.http.routers.minio-console-https.service=minio-console + - traefik.http.routers.minio-console-http.rule=Host(`minio-console.example.com`) + - traefik.http.routers.minio-console-http.entrypoints=http + - traefik.http.routers.minio-console-http.middlewares=redirect-https + - traefik.http.routers.minio-console-http.service=minio-console + - traefik.http.services.minio-console.loadbalancer.server.port=9001 + + command: minio server /data --console-address ":9001" networks: traefik_public: external: true + ``` ## Serving @@ -76,25 +112,21 @@ networks: Launch the Minio stack by running ```docker stack deploy minio -c ``` -Log into your new instance at https://**YOUR-FQDN**, with the access key and secret key you specified in minio.env. +Log into your new instance at https://minio-console.**YOUR-FQDN**, with the root user and password you specified in `minio.env`. -If you created ```/var/data/minio```, you'll see nothing. If you referenced existing data, you should see all subdirectories in your existing folder represented as buckets. +If you created ```/var/data/minio```, you'll see nothing. If you mapped `/data` to existing data, you should see all subdirectories in your existing folder represented as buckets. -If all you need is single-user access to your data, you're done! 🎉 +Use the Minio console to create a user, or (*ill-advisedly*) continue using the root user/password! + +If all you need is single-user access to your data, you're done! 🎉 If, however, you want to expose data to multiple users, at different privilege levels, you'll need the minio client to create some users and (_potentially_) policies... +## Minio Trickz :clown: + ### Setup minio client -To administer the Minio server, we need the Minio client. While it's possible to download the minio client and run it locally, it's just as easy to do it within a small (5Mb) container. - -I created an alias on my docker nodes, allowing me to run mc quickly: - -```bash -alias mc='docker run -it -v /docker/minio/mc/:/root/.mc/ --network traefik_public minio/mc' -``` - -Now I use the alias to launch the client shell, and connect to my minio instance (_I could also use the external, traefik-provided URL_) +While it's possible to fully administer Minio using the console, it's also possible using the `mc` CLI client, as illustrated below ```bash root@ds1:~# mc config host add minio http://app:9000 admin iambatman diff --git a/manuscript/support.md b/manuscript/support.md index 43df410..d783244 100644 --- a/manuscript/support.md +++ b/manuscript/support.md @@ -44,10 +44,6 @@ Found a bug in your soup? Tell the chef by either: ## Tip the chef -### Buy my book 📖 - -I'm also writing the Geek Cookbook as a formal eBook, on Leanpub (). - ### [Sponsor][7] / [Patreonize][8] me 💰 The best way to support this work is to become a [Sponsor][11] (_GitHub_) or a [Patron][10] (_Patreon_). Sponsors get: @@ -61,6 +57,14 @@ The best way to support this work is to become a [Sponsor][11] (_GitHub_) or a [ Impulsively **[click here (NOW quick do it!)][11]** to sponsor me, or instead thoughtfully and analytically review my GitHub profile **[here][12]** and make up your own mind. +### Buy my book 📖 + +I'm also writing the Geek Cookbook as a formal eBook, on Leanpub (). Buying it supports me once-off, and you continue to have access to the book as future recipes are added. + +### Buy me a coffee ☕️ + +Want to hit me with an (anonymous) thank-you? [Buy me a coffee](https://www.buymeacoffee.com/funkypenguin)! + ### Engage me 🏢 Need some Cloud / Microservices / DevOps / Infrastructure design work done? I'm a full-time [AWS Certified Solution Architect (Professional)][aws_cert], a [CNCF-Certified Kubernetes Administrator](https://www.youracclaim.com/badges/cd307d51-544b-4bc6-97b0-9015e40df40d/public_url) and [Application Developer](https://www.youracclaim.com/badges/9ed9280a-fb92-46ca-b307-8f74a2cccf1d/public_url) - this stuff is my bread and butter! :bread: :fork_and_knife: [Get in touch][contact], and let's talk business!