Choose a different version or distribution
Introduction
Before we begin talking about how to set up MinIO Object Storage Server on Ubuntu 22.04, let’s briefly understand – What is MinIO?
MinIO is a popular open-source object storage system that allows you to store and retrieve vast amounts of unstructured data in a highly scalable and cost-effective manner. With its simple interface and compatibility with Amazon S3, Minio is designed to provide cloud storage capabilities on your own infrastructure.
It offers features like data encryption, versioning, and replication, ensuring data security and availability. Whether you are a developer or an enterprise, Minio simplifies your data storage needs, making it an ideal choice for modern applications and workflows.
In this tutorial, you’ll set up MinIO Object Storage Server on Ubuntu 22.04. We will also address a few FAQs on how to set up MinIO Object Storage Server on Ubuntu 22.04.
Advantages of MinIO
- Scalability: MinIO enables easy scaling of storage capacity to accommodate growing data demands.
- Cost-effectiveness: MinIO's open-source nature eliminates vendor lock-in and reduces storage costs.
- Compatibility: MinIO is API-compatible with Amazon S3, ensuring seamless integration with existing applications and tools.
- Security: MinIO offers data encryption, access control, and audit capabilities, ensuring the safety of stored information.
- Reliability: With features like data versioning and replication, MinIO ensures high availability and data redundancy for reliable storage.
Prerequisites to Set Up an Object Storage Server Using MinIO on Ubuntu 22.04
- Ubuntu 22.04 64-bit operating system
- A user account with sudo privileges
- Command-line/terminal
You will be needing a domain name in this tutorial, you can purchase one or can use a free domain name. In this tutorial, we will be addressing your domain as your_domain
.
Step 1 - Install and Configure the MinIO Server
1) Firstly, you need to install and configure the MinIO server through a precompiled binary.
- Login into your server by replacing
johny
with your username andyour_server_ip
with your Ubuntu 22.04 server’s IP address:
ssh johny@your_server_ip
2) After that, update the package database and upgrade your system.
sudo apt update && sudo apt upgrade -y
3) Now, download the deb file from the MinIO server’s official website:
wget https://dl.min.io/server/minio/release/linux-amd64/minio_20230629051228.0.0_amd64.deb
You must see the following output:
Output
--2023-06-30 10:57:35-- https://dl.min.io/server/minio/release/linux-amd64/minio_20230629051228.0.0_amd64.deb
Resolving dl.min.io (dl.min.io)... 178.128.69.202, 138.68.11.125
Connecting to dl.min.io (dl.min.io)|178.128.69.202|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 37578640 (36M) [application/vnd.debian.binary-package]
Saving to: ‘minio_20230629051228.0.0_amd64.deb’
minio_20230629051228.0.0_amd64.deb 100%[=======================================================================================================>] 35.84M 14.3MB/s in 2.5s
2023-06-30 10:57:37 (14.3 MB/s) - ‘minio_20230629051228.0.0_amd64.deb’ saved [37578640/37578640]
4) Now, Install it using dpkg
or apt
:
sudo dpkg -i minio_20230629051228.0.0_amd64.deb
5) Now, Let's make a new user and group since the systemd
looks for a user account and group called minio-user
. Avoid running the MinIO server as root for security reasons:
sudo groupadd -r minio-user
sudo useradd -M -r -g minio-user minio-user -s /sbin/nologin
In this command, the -s
flag means to set /sbin/nologin
as the shell for minio-user
. This is a shell that does not allow user login, which is not needed for minio-user
. -M
flag instructs not to create a home directory for that user. -g
means to add that user to a given group. -r
instructs to create a system user.
6) After that, you must create a directory to store files. MinIO servers later organize the objects you store as buckets in this storage location. We will name the directory as minio
in this tutorial:
sudo mkdir /usr/local/share/minio
7) Now, let the minio-user
get ownership of that directory:
sudo chown minio-user:minio-user /usr/local/share/minio
12) After that, create your MinIO configuration file at /etc
directory:
sudo mkdir /etc/minio
13) Now again, let's give ownership of that directory to minio-user
, too:
sudo chown minio-user:minio-user /etc/minio
14) Meanwhile, create the environment file needed to modify the default configuration using Nano (you can use any text editor as you wish):
sudo nano /etc/default/minio
15) Now, set some important environment variables in your environment file by adding the following lines:
MINIO_ACCESS_KEY="minio"
MINIO_VOLUMES="/usr/local/share/minio/"
MINIO_OPTS="-C /etc/minio --address your_server_ip:9000"
MINIO_SECRET_KEY="miniostorage"
Now, change your_server_ip
with your local IP address, then save and close the file after making changes.
Step 2 - Configure the firewall for MinIO Server
1) First, activate access through the firewall to the MinIO server on the configured port. In this tutorial, that port will be port 9000
.
- Firstly, add the rule:
- Now, activate the firewall:
- You must see the following output:
- To generate the following output, press
y
andENTER
:
sudo ufw allow 9000
sudo ufw allow 22
sudo ufw enable
Output
Command may disrupt existing ssh connections. Proceed with operation (y|n)?
Output
Firewall is active and enabled on system startup
Finally, your MinIO server is ready to accept the traffic! Start the minIO using the below command
sudo systemctl start minio
Step 3 - Secure Access to Your MinIO Server With a TLS Certificate or Self-signed.
If you don't have a domain name, or you don't want https
you can skip this step.
1) Firstly, open the port 80
to allow HTTP and HTTPS access through your firewall:
sudo ufw allow 80
2) Secondly, for HTTPS, open up port 443
:
sudo ufw allow 443
3) Next, check the firewall status after adding these rules by running the following command:
sudo ufw status verbose
You must receive a similar output:
Output
Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing), disabled (routed)
New profiles: skip
To Action From
-- ------ ----
22/tcp (OpenSSH) ALLOW IN Anywhere
9000 ALLOW IN Anywhere
443 ALLOW IN Anywhere
80 ALLOW IN Anywhere
22/tcp (OpenSSH (v6)) ALLOW IN Anywhere (v6)
9000 (v6) ALLOW IN Anywhere (v6)
443 (v6) ALLOW IN Anywhere (v6)
80 (v6) ALLOW IN Anywhere (v6)
Now your port 443
and port 80
are open.
4) After that, you will install Certbot to maintain a separate PPA repository by adding it to your list of repositories:
- Firstly, install
software-properties-common
, a package for managing PPAs: - Secondly, add the Universe repository:
- Now, it's time to add the Certbot repository:
sudo apt install software-properties-common
sudo add-apt-repository universe
sudo add-apt-repository ppa:certbot/certbot
You must see the following output:
Output
This is the PPA for packages prepared by Debian Let's Encrypt Team and backported for Ubuntu(s).
More info: https://launchpad.net/~certbot/+archive/ubuntu/certbot
Press [ENTER] to continue or ctrl-c to cancel adding it
Press ENTER
and accept.
- Now, update the package list:
- Finally, install
certbot
:
sudo apt update
sudo apt install certbot
5) Now, generate a new SSL certificate by using certbot
:
- Use the
certonly
command and--standalone
to obtain the certificate:
sudo certbot certonly --standalone -d minio-server.your_domain
You must see the following output:
Output
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator standalone, Installer None
Enter email address (used for urgent renewal and security notices) (Enter 'c' to
cancel):
Press ENTER
and add your email.
Certbot will then ask you to register with Let’s Encrypt:
Output
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must
agree in order to register with the ACME server at
https://acme-v02.api.letsencrypt.org/directory
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(A)gree/(C)ancel:
Press ENTER
and type A
to agree.
Now you will be asked for your consent:
Output
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Would you be willing to share your email address with the Electronic Frontier
Foundation, a founding partner of the Let's Encrypt project and the non-profit
organization that develops Certbot? We'd like to send you email about our work
encrypting the web, EFF news, campaigns, and ways to support digital freedom.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o:
Once you answer Y
or N
, your public and private keys will be generated and saved in the /etc/letsencrypt/live/minio-server.your_domain_name
directory.
6) Now, it's time to copy these two files (privkey.pem
and fullchain.pem
) into the certs
directory under MinIO’s server configuration folder, which is /etc/minio
for this tutorial. Use the following to copy privkey.pem
and rename the file private.key
:
sudo cp /etc/letsencrypt/live/minio-server.your_domain_name/privkey.pem /etc/minio/certs/private.key
7) After that, repeat the same with fullchain.pem
, naming the result public.crt
:
sudo cp /etc/letsencrypt/live/minio-server.your_domain_name/fullchain.pem /etc/minio/certs/public.crt
8) Now, change the ownership of the files to minio-user
:
sudo chown minio-user:minio-user /etc/minio/certs/*
10) After that, to start using HTTPS, start the MinIO server:
sudo systemctl restart minio
Step 5 - Secure Connection to MinIO’s Web Interface Using HTTPS
1) First, connect to the MinIO web interface through HTTPS. You can access their web interface by pointing your browser to https://minio-server.your_domain:9000
or http://your_ip:9000
.
Below, you can see the login screen of the MinIO server:
2) Now, you can log in by using your credentials. Enter the MINIO_ACCESS_KEY
you set in the /etc/default/minio
environment file in Step 1 for the Username. Enter the MINIO_SECRET_KEY
you set in the same file for Password And click on login.
- Now, create a new bucket list where you can store objects, click on
Create a Bucket
in the main interface.
Now, enter a name for your new bucket in the prompt, check the radio button according to you, and then press ENTER
key to save your progress
FAQs to Set Up MinIO Object Storage Server on Ubuntu 22.04
What are the system requirements for running MinIO on Ubuntu 22.04?
MinIO has modest system requirements. You will need a 64-bit operating system with at least 4 GB of RAM and sufficient storage capacity for your data.
Can I use MinIO as a replacement for Amazon S3?
Yes, MinIO is API-compatible with Amazon S3, allowing you to use it as a drop-in replacement for S3 in your applications and workflows.
How do I configure storage buckets in MinIO?
Once MinIO is installed, you can use the Minio client or the web-based user interface to create and manage storage buckets. Detailed instructions are available in the MinIO documentation.
Is my data secure with MinIO?
MinIO provides various security features such as data encryption, access control policies, and SSL/TLS support to ensure the security of your stored data.
Can I integrate MinIO with my existing applications?
Yes, MinIO offers a range of client libraries and SDKs in multiple programming languages, making it easy to integrate with your existing applications.
How can I monitor the performance and health of my MinIO server?
MinIO provides a web-based user interface and command-line tools that allow you to monitor server performance, view metrics, and check the overall health of your MinIO deployment.
Can I use MinIO in a distributed setup?
Absolutely! MinIO is designed for distributed deployments, and you can set up a cluster of MinIO servers to achieve higher performance and availability. The MinIO documentation provides guidance on setting up a distributed environment.
Conclusion
We hope this simple tutorial helped you understand how to set up an object storage server using MinIO on Ubuntu 22.04.
If you have any queries, please leave a comment below, and we’ll be happy to respond to them for sure.