How to Set Up an Object Storage Server Using Minio on Ubuntu 18.04
8 min read

How to Set Up an Object Storage Server Using Minio on Ubuntu 18.04

In this tutorial you will set up an Object Storage Server using Minio on Ubuntu 18.04. Minio is an open-source object storage server released under Apache License V2.
How to Set Up an Object Storage Server Using Minio on Ubuntu 18.04

Introduction

Before we begin talking about how to set up an object storage server using Minio on Ubuntu 18.04, let’s briefly understand – What is Minio?

Minio is an open-source object storage server released under Apache License V2. It is light enough to be bundled with the application stack.

You’ll set up an object storage server using Minio on Ubuntu 18.04 in this tutorial.

Prerequisites

  • Ubuntu 18.04 64-bit operating system
  • A user account with sudo privileges
  • Command-line/terminal

You will be needing a domain name in this tutorial, you can purchase one or can use a free domain name. In this tutorial, we will be addressing your domain as your_domain.

Step 1 - Install and Configure the Minio Server

1) Firstly, you need to install and configure the Minio server through a  precompiled binary.

  • Login into your server by replacing johny with your username and your_server_ip with your Ubuntu 18.04 server’s IP address:
ssh [email protected]_server_ip

2) After that, update the package database.

sudo apt update

4) Now, download the binary file from the Minio server’s official website:

wget https://dl.min.io/server/minio/release/linux-amd64/minio

You must see the following output:

Output

--2021-10-24 10:08:49--  https://dl.min.io/server/minio/release/linux-amd64/minio
Resolving dl.min.io (dl.min.io)... 178.128.69.202
Connecting to dl.min.io (dl.min.io)|178.128.69.202|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 44511616 (42M) [application/octet-stream]
Saving to: ‘minio’

minio               100%[===================>]  42.45M  21.9MB/s    in 1.9s

2021-10-24 10:08:49 (21.9 MB/s) - ‘minio’ saved [44511616/44511616]

5) Meanwhile, execute the file named minio which you will find in your directory:

sudo chmod +x minio

6) Now, it's time to move the file into the /usr/local/bin directory where Minio’s systemd startup script will find it:

sudo mv minio /usr/local/bin

7) Now, Let's make a new user since the systemd script you’ll use in Step 2 looks for a user account and group called minio-user. Avoid running Minio server as root for security reasons:

sudo useradd -r minio-user -s /sbin/nologin

8) In this command, you should use -s flag to set /sbin/nologin as the shell for minio-user. This is a shell that does not allow user login, which is not needed for minio-user.

Next, change ownership of the Minio binary to minio-user:

9) Meanwhile, in this command, to set /sbin/nologin as the shell for minio-user you used -s flag. As user login is not needed for minio-user this shell does not allow user login.

  • Let's change ownership of the Minio binary to minio-user:
sudo chown minio-user:minio-user /usr/local/bin/minio

10) After that, you must create a directory to store files. Minio servers later organize the objects you store as buckets in this storage location. We will name the directory as minio in this tutorial:

sudo mkdir /usr/local/share/minio

11) Now, let the minio-user get ownership of that directory:

sudo chown minio-user:minio-user /usr/local/share/minio

12) After that, create your Minio configuration file at /etc directory:

sudo mkdir /etc/minio

13) Now, again let's give ownership of that directory to minio-user, too:

sudo chown minio-user:minio-user /etc/minio

14) Meanwhile, create the environment file needed to modify the default configuration using Nano(you can use any text editor as you wish):

sudo nano /etc/default/minio

15) Now, set some important environment variables in your environment file by adding the following lines:

MINIO_ACCESS_KEY="minio"
MINIO_VOLUMES="/usr/local/share/minio/"
MINIO_OPTS="-C /etc/minio --address your_server_ip:9000"
MINIO_SECRET_KEY="miniostorage"

Now, save and close the file after making changes.

Step 2 - Install the Minio Systemd Startup Script

1) Firstly, using the following command download the official Minio service descriptor file:

curl -O https://raw.githubusercontent.com/minio/minio-service/master/linux-systemd/minio.service

You must see a similar output:

Output

% Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   835  100   835    0     0   6139      0 --:--:-- --:--:-- --:--:--  6139

2) Secondly, view contents of minio.service before applying it:

nano minio.service

You will see the following:

[Unit]
Description=MinIO
Documentation=https://docs.min.io
Wants=network-online.target
After=network-online.target
AssertFileIsExecutable=/usr/local/bin/minio

[Service]
WorkingDirectory=/usr/local/

User=minio-user
Group=minio-user

EnvironmentFile=/etc/default/minio
ExecStartPre=/bin/bash -c "if [ -z \"${MINIO_VOLUMES}\" ]; then echo \"Variable MINIO_VOLUMES not set in /etc/default/minio\"; exit 1; fi"

ExecStart=/usr/local/bin/minio server $MINIO_OPTS $MINIO_VOLUMES

# Let systemd restart this service always
Restart=always

# Specifies the maximum file descriptor number that can be opened by this process
LimitNOFILE=65536

# Disable timeout logic and wait until process is stopped
TimeoutStopSec=infinity
SendSIGKILL=no

[Install]
WantedBy=multi-user.target

# Built for ${project.name}-${project.version} (${project.name})

After looking at the contents you can close the text editor.

3) After that, you must move minio.service to systemd configuration directory:

sudo mv minio.service /etc/systemd/system

4) Now, reload all systemd units by running the following command:

sudo systemctl daemon-reload

5) Finally, activate Minio to start on boot:

sudo systemctl enable minio

You must see the following output:

Output

Created symlink from /etc/systemd/system/multi-user.target.wants/minio.service to 
/etc/systemd/system/minio.service.

Systemd script is installed and configured now.

Step 3 - Start the Minio Server

1) Firstly, start the Minio Server:

sudo systemctl start minio

2) Verify the IP address, Memory usage, and other stuff regarding the Minio server by running the below command:

sudo systemctl status minio

You must see the following output:

● minio.service - MinIO
   Loaded: loaded (/etc/systemd/system/minio.service; enabled; vendor preset: enabled)
   Active: active (running) since Mon 2019-12-09 21:54:02 UTC; 46s ago
     Docs: https://docs.min.io
  Process: 3405 ExecStartPre=/bin/bash -c if [ -z "${MINIO_VOLUMES}" ]; then echo "Variable MINIO_VOLUMES not set in /etc/default/minio"; exit 1; fi (code=exited, status=0/SUCCES
 Main PID: 3407 (minio)
    Tasks: 7 (limit: 1152)
   CGroup: /system.slice/minio.service
           └─3407 /usr/local/bin/minio server -C /etc/minio --address your_server_IP:9000 /usr/local/share/minio/

Dec 09 21:54:02 cart-Minion-Object-1804-1 systemd[1]: Started MinIO.
Dec 09 21:54:03 cart-Minion-Object-1804-1 minio[3407]: Endpoint:  http://your_server_IP:9000
Dec 09 21:54:03 cart-Minion-Object-1804-1 minio[3407]: Browser Access:
Dec 09 21:54:03 cart-Minion-Object-1804-1 minio[3407]:    http://your_server_IP:9000

3) After that, activate access through the firewall to the Minio server on the configured port. In this tutorial, that port will be port 9000.

  • Firstly, add the rule:
sudo ufw allow 9000
  • Now, activate the firewall:
sudo ufw enable
  • You must see the following output:
Output

Command may disrupt existing ssh connections. Proceed with operation (y|n)?
  • To generate the following output press y and ENTER:
Output

Firewall is active and enabled on system startup

Finally, your Minio server is ready to accept the traffic!

Step 4 - Secure Access to Your Minio Server With a TLS Certificate

1) Firstly, open port 80 to allow HTTP and HTTPS access through your firewall:

sudo ufw allow 80

2) Secondly, for HTTPS open up port 443:

sudo ufw allow 443

3) Next, check the firewall status after adding these rules by running the following command:

sudo ufw status verbose

You must receive a similar output:

Output

Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing), disabled (routed)
New profiles: skip

To                         Action      From
--                         ------      ----
22/tcp (OpenSSH)           ALLOW IN    Anywhere
9000                       ALLOW IN    Anywhere
443                        ALLOW IN    Anywhere
80                         ALLOW IN    Anywhere
22/tcp (OpenSSH (v6))      ALLOW IN    Anywhere (v6)
9000 (v6)                  ALLOW IN    Anywhere (v6)
443 (v6)                   ALLOW IN    Anywhere (v6)
80 (v6)                    ALLOW IN    Anywhere (v6)

Now your port 443 and port 80 are open.

4) After that, you will install Certbot to maintain a separate PPA repository by adding it to your list of repositories:

sudo apt install software-properties-common
sudo add-apt-repository universe
  • Now, it's time to add the Certbot repository:
sudo add-apt-repository ppa:certbot/certbot

You must see the following output:

Output

This is the PPA for packages prepared by Debian Let's Encrypt Team and backported for Ubuntu(s).
More info: https://launchpad.net/~certbot/+archive/ubuntu/certbot
Press [ENTER] to continue or ctrl-c to cancel adding it

Press ENTER and accept.

  • Now, update the package list:
sudo apt update
  • Finally, install certbot:
sudo apt install certbot

5) Now, generate a new SSL certificate by using  certbot:

  • Use the certonly command and --standalone to obtain the certificate:
sudo certbot certonly --standalone -d minio-server.your_domain

You must see the following output:

Output

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator standalone, Installer None
Enter email address (used for urgent renewal and security notices) (Enter 'c' to
cancel):

Press ENTER and add your email.

Certbot will then ask you to register with Let’s Encrypt:

Output

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must
agree in order to register with the ACME server at
https://acme-v02.api.letsencrypt.org/directory
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(A)gree/(C)ancel:

Press ENTER and type A to agree.

Now you will be asked for your consent:

Output

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Would you be willing to share your email address with the Electronic Frontier
Foundation, a founding partner of the Let's Encrypt project and the non-profit
organization that develops Certbot? We'd like to send you email about our work
encrypting the web, EFF news, campaigns, and ways to support digital freedom.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o:

Once you answer Y or N, your public and private keys will be generated and saved in the /etc/letsencrypt/live/minio-server.your_domain_name directory.

6) Now, it's time to copy these two files (privkey.pem and fullchain.pem) into the certs directory under Minio’s server configuration folder, which is /etc/minio for this tutorial. Use the following to copy privkey.pem and rename the file private.key:

sudo cp /etc/letsencrypt/live/minio-server.your_domain_name/privkey.pem /etc/minio/certs/private.key

7) After that, repeat the same with fullchain.pem, naming the result public.crt:

sudo cp /etc/letsencrypt/live/minio-server.your_domain_name/fullchain.pem /etc/minio/certs/public.crt

8) Firstly, doing for private.key change the ownership of the files to minio-user:

sudo chown minio-user:minio-user /etc/minio/certs/private.key

9) Now, to public.crt:

sudo chown minio-user:minio-user /etc/minio/certs/public.crt

10) After that, to start using HTTPS restart the Minio server:

sudo systemctl restart minio

Step 5 - Secure Connection to Minio’s Web Interface Using HTTPS

1) Firstly, connect to Minio web interface through HTTPS. You can access their web interface by pointing your browser to https://minio-server.your_domain:9000.

Below you can see the login screen of the Minio server:

login screen minio

2) Now, you can log in by using your credentials. Enter the  MINIO_ACCESS_KEY you set in the /etc/default/minio environment file in Step 1 for the Access key. Type the MINIO_SECRET_KEY you set in the same file for Secret Key. Below input fields click on the round button with the arrow.

  • Now, create a new bucket list where you can store objects, to bring up the two additional yellow buttons, click the light-red + button on the bottom right of the main interface.
buttons

Now, enter a name for your new bucket in the prompt after clicking the middle yellow button, pressing  ENTER key saves your progress

Note: When naming your Minio bucket, make sure that your name only contains lowercase letters, numbers, or hyphens. Minio limits bucket naming conventions in order to be compatible with AWS S3 standards.

Conclusion

We hope this simple guide helped you understand how to set up an object storage server using Minio on Ubuntu 18.04.

If you have any queries, please leave a comment below and we’ll be happy to respond to them for sure.