Bring Minio up-to-date, add traefikv2 labels (#201)

_snippets/common-links.md

@@ -1,6 +1,6 @@
 [archivebox]:       /recipes/archivebox/
-[autopirate]:       /recipes/autopirate/
 [authelia]:         /ha-docker-swarm/authelia/
+[autopirate]:       /recipes/autopirate/
 [bazarr]:           /recipes/autopirate/bazarr/
 [calibre-web]:      /recipes/calibre-web/
 [cyberchef]:        /recipes/cyberchef/
@@ -17,6 +17,7 @@
 [linx]:             /recipes/linx/
 [mealie]:           /recipes/mealie/
 [miniflux]:         /recipes/miniflux/
+[minio]:            /recipes/minio/
 [mylar]:            /recipes/autopirate/mylar/
 [nightscout]:       /recipes/nightscout/
 [nzbget]:           /recipes/autopirate/nzbget/
@@ -25,7 +26,7 @@
 [openldap]:         /recipes/openldap/
 [oscarr]:           /recipes/autopirate/oscarr/
 [paperless-ng]:     /recipes/paperless-ng/
-[patreon]:	        https://www.patreon.com/bePatron?u=6982506
+[patreon]:          https://www.patreon.com/bePatron?u=6982506
 [photoprism]:       /recipes/photoprism/
 [plex]:             /recipes/plex/
 [portainer]:        /recipes/portainer/

manuscript/CHANGELOG.md

@@ -18,6 +18,7 @@ Recipe                   | Description
 
 Recipe                      | Description                                                                     | Date
 ----------------------------|---------------------------------------------------------------------------------|--------------
+[Minio][minio] | Major update to Minio recipe, for new Console UI and Traefik v2      | _22 Oct 2021_
 [Traefik Forward Auth][tfa] | Major update for Traefik v2, included instructions for Dex, Google, KeyCloak    | _29 Jan 2021_
 [Autopirate][autopirate]    | Updated all components for Traefik v2 labels                                    | _29 Jan 2021_
 [Portainer][portainer]      | Bump to version 2, bringing "expert simplicity" to your Docker stack management | _25 Jan 2021_

manuscript/premix.md

@@ -16,7 +16,7 @@ Here's a sample of the directory structure:
 
 ??? "What will I find in the pre-mix?"
     ```bash
-   .
+    .
     ├── README.md
     ├── ansible
     │   ├── README.md
@@ -154,7 +154,7 @@ Here's a sample of the directory structure:
     │   │   │   └── funkycore-1.0.0.tgz
     │   │   ├── templates
     │   │   │   ├── NOTES.txt
-│   │   │   ├──_helpers.tpl
+    │   │   ├──_helpers.tpl
     │   │   │   ├── apps
     │   │   │   │   ├── bazarr
     │   │   │   │   │   ├── config-pvc.yaml
@@ -228,7 +228,7 @@ Here's a sample of the directory structure:
     │   │   │   └── postgresql-8.3.0.tgz
     │   │   ├── myvalues.yaml
     │   │   ├── templates
-│   │   │   ├──_helpers.tpl
+    │   │   ├──_helpers.tpl
     │   │   │   ├── deployment.yaml
     │   │   │   ├── ingress
     │   │   │   │   ├── kube.yaml
@@ -496,7 +496,7 @@ Here's a sample of the directory structure:
     │   │   ├── Chart.yaml
     │   │   ├── templates
     │   │   │   ├── NOTES.TXT
-│   │   │   ├──_helpers.tpl
+    │   │   ├──_helpers.tpl
     │   │   │   ├── deployment.yaml
     │   │   │   ├── ingress
     │   │   │   │   ├── kube.yaml

manuscript/recipes/minio.md

@@ -25,23 +25,27 @@ Possible use-cases:
 
 ### Setup data locations
 
-We'll need a directory to hold our minio file store, as well as our minio client config, so create a structure at /var/data/minio:
+We'll need a directory to hold our minio file store. You can create a blank directory wherever you like (*I used `/var/data/minio`*), or point the `/data` volume to a pre-existing folder structure.
 
 ```bash
 mkdir /var/data/minio
-cd /var/data/minio
-mkdir -p {mc,data}
 ```
 
 ### Prepare environment
 
-Create minio.env, and populate with the following variables
+Create `minio.env`, and populate with the variables below.
 
 ```bash
-MINIO_ACCESS_KEY=<some random, complex string>
+MINIO_ROOT_USER=hackme
-MINIO_SECRET_KEY=<another random, complex string>
+MINIO_ROOT_PASSWORD=becauseiforgottochangethepassword
+MINIO_BROWSER_REDIRECT_URL=https://minio-console.example.com
+MINIO_SERVER_URL=https://minio.example.com
 ```
 
+!!! note "If minio redirects you to :9001"
+    `MINIO_BROWSER_REDIRECT_URL` is especially important since recent versions of Minio will redirect web browsers to this URL when they hit the API directly. (*If you find yourself redirected to `http://your-minio-url:9001`, then you've not set this value correctly!*)
+
+
 ### Setup Docker Swarm
 
 Create a docker swarm config file in docker-compose syntax (v3), something like this:
@@ -56,18 +60,50 @@ services:
     image: minio/minio
     env_file: /var/data/config/minio/minio.env
     volumes:
-     - /var/data/minio/data:/data
+     - /var/data/minio:/data
     networks:
       - traefik_public
     deploy:
       labels:
+        # traefik
+        - traefik.enable=true
+        - traefik.docker.network=traefik_public 
+
+        # traefikv1
         - traefik.frontend.rule=Host:minio.example.com
-        - traefik.port=9000
+        - traefik.port=9000   
-    command:  minio server /data
+
+        - traefik.console.frontend.rule=Host:minio-console.example.com
+        - traefik.console.port=9001 
+
+        # traefikv2 (death-by-labels, much?)
+        - traefik.http.middlewares.redirect-https.redirectScheme.scheme=https
+        - traefik.http.middlewares.redirect-https.redirectScheme.permanent=true
+
+        - traefik.http.routers.minio-https.rule=Host(`minio.example.com`)
+        - traefik.http.routers.minio-https.entrypoints=https
+        - traefik.http.routers.minio-https.service=minio
+        - traefik.http.routers.minio-http.rule=Host(`minio.example.com`)
+        - traefik.http.routers.minio-http.entrypoints=http
+        - traefik.http.routers.minio-http.middlewares=redirect-https
+        - traefik.http.routers.minio-http.service=minio
+        - traefik.http.services.minio.loadbalancer.server.port=9000
+
+        - traefik.http.routers.minio-console-https.rule=Host(`minio-console.example.com`)
+        - traefik.http.routers.minio-console-https.entrypoints=https
+        - traefik.http.routers.minio-console-https.service=minio-console
+        - traefik.http.routers.minio-console-http.rule=Host(`minio-console.example.com`)
+        - traefik.http.routers.minio-console-http.entrypoints=http
+        - traefik.http.routers.minio-console-http.middlewares=redirect-https
+        - traefik.http.routers.minio-console-http.service=minio-console
+        - traefik.http.services.minio-console.loadbalancer.server.port=9001
+
+    command:  minio server /data --console-address ":9001"
 
 networks:
   traefik_public:
     external: true
+
 ```
 
 ## Serving
@@ -76,25 +112,21 @@ networks:
 
 Launch the Minio stack by running ```docker stack deploy minio -c <path -to-docker-compose.yml>```
 
-Log into your new instance at https://**YOUR-FQDN**, with the access key and secret key you specified in minio.env.
+Log into your new instance at https://minio-console.**YOUR-FQDN**, with the root user and password you specified in `minio.env`.
 
-If you created ```/var/data/minio```, you'll see nothing. If you referenced existing data, you should see all subdirectories in your existing folder represented as buckets.
+If you created ```/var/data/minio```, you'll see nothing. If you mapped `/data` to existing data, you should see all subdirectories in your existing folder represented as buckets.
 
-If all you need is single-user access to your data, you're done! 🎉
+Use the Minio console to create a user, or (*ill-advisedly*) continue using the root user/password!
+
+If all you need is single-user access to your data, you're done! 🎉 
 
 If, however, you want to expose data to multiple users, at different privilege levels, you'll need the minio client to create some users and (_potentially_) policies...
 
+## Minio Trickz :clown:
+
 ### Setup minio client
 
-To administer the Minio server, we need the Minio client. While it's possible to download the minio client and run it locally, it's just as easy to do it within a small (5Mb) container.
+While it's possible to fully administer Minio using the console, it's also possible using the `mc` CLI client, as illustrated below
-
-I created an alias on my docker nodes, allowing me to run mc quickly:
-
-```bash
-alias mc='docker run -it -v /docker/minio/mc/:/root/.mc/ --network traefik_public minio/mc'
-```
-
-Now I use the alias to launch the client shell, and connect to my minio instance (_I could also use the external, traefik-provided URL_)
 
 ```bash
 root@ds1:~# mc config host add minio http://app:9000 admin iambatman

manuscript/support.md

@@ -44,10 +44,6 @@ Found a bug in your soup? Tell the chef by either:
 
 ## Tip the chef
 
-### Buy my book 📖
-
-I'm also writing the Geek Cookbook as a formal eBook, on Leanpub (<https://leanpub.com/geeks-cookbook>).
-
 ### [Sponsor][7] / [Patreonize][8] me 💰
 
 The best way to support this work is to become a [Sponsor][11] (_GitHub_) or a [Patron][10] (_Patreon_). Sponsors get:
@@ -61,6 +57,14 @@ The best way to support this work is to become a [Sponsor][11] (_GitHub_) or a [
 
 Impulsively **[click here (NOW quick do it!)][11]** to sponsor me, or instead thoughtfully and analytically review my GitHub profile **[here][12]** and make up your own mind.
 
+### Buy my book 📖
+
+I'm also writing the Geek Cookbook as a formal eBook, on Leanpub (<https://leanpub.com/geeks-cookbook>). Buying it supports me once-off, and you continue to have access to the book as future recipes are added.
+
+### Buy me a coffee ☕️
+
+Want to hit me with an (anonymous) thank-you? [Buy me a coffee](https://www.buymeacoffee.com/funkypenguin)!
+
 ### Engage me 🏢
 
 Need some Cloud / Microservices / DevOps / Infrastructure design work done? I'm a full-time [AWS Certified Solution Architect (Professional)][aws_cert], a [CNCF-Certified Kubernetes Administrator](https://www.youracclaim.com/badges/cd307d51-544b-4bc6-97b0-9015e40df40d/public_url) and [Application Developer](https://www.youracclaim.com/badges/9ed9280a-fb92-46ca-b307-8f74a2cccf1d/public_url) - this stuff is my bread and butter! :bread: :fork_and_knife: [Get in touch][contact], and let's talk business!