Bring Minio up-to-date, add traefikv2 labels (#201)

2025-12-13 17:56:26 +00:00 · 2021-10-25 15:36:36 +13:00
parent 22293fa93d
commit f5b1facdd2
7 changed files with 69 additions and 31 deletions
--- a/_snippets/common-links.md
+++ b/_snippets/common-links.md
@@ -1,6 +1,6 @@
 [archivebox]:       /recipes/archivebox/
-[autopirate]:       /recipes/autopirate/
 [authelia]:         /ha-docker-swarm/authelia/
+[autopirate]:       /recipes/autopirate/
 [bazarr]:           /recipes/autopirate/bazarr/
 [calibre-web]:      /recipes/calibre-web/
 [cyberchef]:        /recipes/cyberchef/
@@ -17,6 +17,7 @@
 [linx]:             /recipes/linx/
 [mealie]:           /recipes/mealie/
 [miniflux]:         /recipes/miniflux/
+[minio]:            /recipes/minio/
 [mylar]:            /recipes/autopirate/mylar/
 [nightscout]:       /recipes/nightscout/
 [nzbget]:           /recipes/autopirate/nzbget/
--- a/manuscript/CHANGELOG.md
+++ b/manuscript/CHANGELOG.md
@@ -18,6 +18,7 @@ Recipe                   | Description

 Recipe                      | Description                                                                     | Date
 ----------------------------|---------------------------------------------------------------------------------|--------------
+[Minio][minio] | Major update to Minio recipe, for new Console UI and Traefik v2      | _22 Oct 2021_
 [Traefik Forward Auth][tfa] | Major update for Traefik v2, included instructions for Dex, Google, KeyCloak    | _29 Jan 2021_
 [Autopirate][autopirate]    | Updated all components for Traefik v2 labels                                    | _29 Jan 2021_
 [Portainer][portainer]      | Bump to version 2, bringing "expert simplicity" to your Docker stack management | _25 Jan 2021_
--- a/manuscript/images/buymeacoffee-cover-page.png
+++ b/manuscript/images/buymeacoffee-cover-page.png
--- a/manuscript/images/minio.png
+++ b/manuscript/images/minio.png
--- a/manuscript/premix.md
+++ b/manuscript/premix.md
@@ -154,7 +154,7 @@ Here's a sample of the directory structure:
    │   │   │   └── funkycore-1.0.0.tgz
    │   │   ├── templates
    │   │   │   ├── NOTES.txt
-│   │   │   ├──_helpers.tpl
+    │   │   ├──_helpers.tpl
    │   │   │   ├── apps
    │   │   │   │   ├── bazarr
    │   │   │   │   │   ├── config-pvc.yaml
@@ -228,7 +228,7 @@ Here's a sample of the directory structure:
    │   │   │   └── postgresql-8.3.0.tgz
    │   │   ├── myvalues.yaml
    │   │   ├── templates
-│   │   │   ├──_helpers.tpl
+    │   │   ├──_helpers.tpl
    │   │   │   ├── deployment.yaml
    │   │   │   ├── ingress
    │   │   │   │   ├── kube.yaml
@@ -496,7 +496,7 @@ Here's a sample of the directory structure:
    │   │   ├── Chart.yaml
    │   │   ├── templates
    │   │   │   ├── NOTES.TXT
-│   │   │   ├──_helpers.tpl
+    │   │   ├──_helpers.tpl
    │   │   │   ├── deployment.yaml
    │   │   │   ├── ingress
    │   │   │   │   ├── kube.yaml
--- a/manuscript/recipes/minio.md
+++ b/manuscript/recipes/minio.md
@@ -25,23 +25,27 @@ Possible use-cases:

 ### Setup data locations

-We'll need a directory to hold our minio file store, as well as our minio client config, so create a structure at /var/data/minio:
+We'll need a directory to hold our minio file store. You can create a blank directory wherever you like (*I used `/var/data/minio`*), or point the `/data` volume to a pre-existing folder structure.

 ```bash
 mkdir /var/data/minio
-cd /var/data/minio
-mkdir -p {mc,data}
 ```

 ### Prepare environment

-Create minio.env, and populate with the following variables
+Create `minio.env`, and populate with the variables below.

 ```bash
-MINIO_ACCESS_KEY=<some random, complex string>
-MINIO_SECRET_KEY=<another random, complex string>
+MINIO_ROOT_USER=hackme
+MINIO_ROOT_PASSWORD=becauseiforgottochangethepassword
+MINIO_BROWSER_REDIRECT_URL=https://minio-console.example.com
+MINIO_SERVER_URL=https://minio.example.com
 ```

+!!! note "If minio redirects you to :9001"
+    `MINIO_BROWSER_REDIRECT_URL` is especially important since recent versions of Minio will redirect web browsers to this URL when they hit the API directly. (*If you find yourself redirected to `http://your-minio-url:9001`, then you've not set this value correctly!*)
+
+
 ### Setup Docker Swarm

 Create a docker swarm config file in docker-compose syntax (v3), something like this:
@@ -56,18 +60,50 @@ services:
    image: minio/minio
    env_file: /var/data/config/minio/minio.env
    volumes:
-     - /var/data/minio/data:/data
+     - /var/data/minio:/data
    networks:
      - traefik_public
    deploy:
      labels:
+        # traefik
+        - traefik.enable=true
+        - traefik.docker.network=traefik_public 
+
+        # traefikv1
        - traefik.frontend.rule=Host:minio.example.com
        - traefik.port=9000   
-    command:  minio server /data
+
+        - traefik.console.frontend.rule=Host:minio-console.example.com
+        - traefik.console.port=9001 
+
+        # traefikv2 (death-by-labels, much?)
+        - traefik.http.middlewares.redirect-https.redirectScheme.scheme=https
+        - traefik.http.middlewares.redirect-https.redirectScheme.permanent=true
+
+        - traefik.http.routers.minio-https.rule=Host(`minio.example.com`)
+        - traefik.http.routers.minio-https.entrypoints=https
+        - traefik.http.routers.minio-https.service=minio
+        - traefik.http.routers.minio-http.rule=Host(`minio.example.com`)
+        - traefik.http.routers.minio-http.entrypoints=http
+        - traefik.http.routers.minio-http.middlewares=redirect-https
+        - traefik.http.routers.minio-http.service=minio
+        - traefik.http.services.minio.loadbalancer.server.port=9000
+
+        - traefik.http.routers.minio-console-https.rule=Host(`minio-console.example.com`)
+        - traefik.http.routers.minio-console-https.entrypoints=https
+        - traefik.http.routers.minio-console-https.service=minio-console
+        - traefik.http.routers.minio-console-http.rule=Host(`minio-console.example.com`)
+        - traefik.http.routers.minio-console-http.entrypoints=http
+        - traefik.http.routers.minio-console-http.middlewares=redirect-https
+        - traefik.http.routers.minio-console-http.service=minio-console
+        - traefik.http.services.minio-console.loadbalancer.server.port=9001
+
+    command:  minio server /data --console-address ":9001"

 networks:
  traefik_public:
    external: true
+
 ```

 ## Serving
@@ -76,25 +112,21 @@ networks:

 Launch the Minio stack by running ```docker stack deploy minio -c <path -to-docker-compose.yml>```

-Log into your new instance at https://**YOUR-FQDN**, with the access key and secret key you specified in minio.env.
+Log into your new instance at https://minio-console.**YOUR-FQDN**, with the root user and password you specified in `minio.env`.

-If you created ```/var/data/minio```, you'll see nothing. If you referenced existing data, you should see all subdirectories in your existing folder represented as buckets.
+If you created ```/var/data/minio```, you'll see nothing. If you mapped `/data` to existing data, you should see all subdirectories in your existing folder represented as buckets.
+
+Use the Minio console to create a user, or (*ill-advisedly*) continue using the root user/password!

 If all you need is single-user access to your data, you're done! 🎉 

 If, however, you want to expose data to multiple users, at different privilege levels, you'll need the minio client to create some users and (_potentially_) policies...

+## Minio Trickz :clown:
+
 ### Setup minio client

-To administer the Minio server, we need the Minio client. While it's possible to download the minio client and run it locally, it's just as easy to do it within a small (5Mb) container.
-
-I created an alias on my docker nodes, allowing me to run mc quickly:
-
-```bash
-alias mc='docker run -it -v /docker/minio/mc/:/root/.mc/ --network traefik_public minio/mc'
-```
-
-Now I use the alias to launch the client shell, and connect to my minio instance (_I could also use the external, traefik-provided URL_)
+While it's possible to fully administer Minio using the console, it's also possible using the `mc` CLI client, as illustrated below

 ```bash
 root@ds1:~# mc config host add minio http://app:9000 admin iambatman
--- a/manuscript/support.md
+++ b/manuscript/support.md
@@ -44,10 +44,6 @@ Found a bug in your soup? Tell the chef by either:

 ## Tip the chef

-### Buy my book 📖
-
-I'm also writing the Geek Cookbook as a formal eBook, on Leanpub (<https://leanpub.com/geeks-cookbook>).
-
 ### [Sponsor][7] / [Patreonize][8] me 💰

 The best way to support this work is to become a [Sponsor][11] (_GitHub_) or a [Patron][10] (_Patreon_). Sponsors get:
@@ -61,6 +57,14 @@ The best way to support this work is to become a [Sponsor][11] (_GitHub_) or a [

 Impulsively **[click here (NOW quick do it!)][11]** to sponsor me, or instead thoughtfully and analytically review my GitHub profile **[here][12]** and make up your own mind.

+### Buy my book 📖
+
+I'm also writing the Geek Cookbook as a formal eBook, on Leanpub (<https://leanpub.com/geeks-cookbook>). Buying it supports me once-off, and you continue to have access to the book as future recipes are added.
+
+### Buy me a coffee ☕️
+
+Want to hit me with an (anonymous) thank-you? [Buy me a coffee](https://www.buymeacoffee.com/funkypenguin)!
+
 ### Engage me 🏢

 Need some Cloud / Microservices / DevOps / Infrastructure design work done? I'm a full-time [AWS Certified Solution Architect (Professional)][aws_cert], a [CNCF-Certified Kubernetes Administrator](https://www.youracclaim.com/badges/cd307d51-544b-4bc6-97b0-9015e40df40d/public_url) and [Application Developer](https://www.youracclaim.com/badges/9ed9280a-fb92-46ca-b307-8f74a2cccf1d/public_url) - this stuff is my bread and butter! :bread: :fork_and_knife: [Get in touch][contact], and let's talk business!