【Minio】Docker部署Minio + 使用nginx配置https访问
-
- 前言
- [1. 申请ssl证书](#1. 申请ssl证书)
- [2. 部署Minio](#2. 部署Minio)
- [3. 配置Nginx](#3. 配置Nginx)
- [4. 问题记录](#4. 问题记录)
前言
通过nginx反向代理,将https请求转发到内部Minio服务端口,内部的Minio还是使用http
Docker安装可参考:Docker实战
1. 申请ssl证书
如果是使用阿里云的话,可以搜索数字证书管理服务,个人免费版90天有效期。
申请好后下载Nginx证书,并上传到自己的服务器/etc/nginx/ssl/minio目录下。
2. 部署Minio
yaml
# 定义compose语义版本
version: '3.8'
# 定义服务
services:
minio:
image: minio/minio:latest
container_name: minio
restart: unless-stopped
command: server /data --console-address ":9001" -address ":9000"
environment:
TZ: Asia/Shanghai
LANG: en_US.UTF-8
MINIO_SERVER_URL: https://minio.xxxx.com # Minio API
MINIO_BROWSER_REDIRECT_URL: https://minio.xxxx.com/web # Minio Web控制台
MINIO_ROOT_USER: minioadmin # Root用户名
MINIO_ROOT_PASSWORD: xxxxxx # Root用户密码
volumes:
- "/usr/local/docker/minio/data:/data"
- "/usr/local/docker/minio/config:/root/.minio"
ports:
- "9000:9000"
- "9001:9001"3. 配置Nginx
在/etc/nginx/conf.d下新增配置文件minio.conf,配置如下:
bash
server {
listen 443 ssl;
server_name minio.xxxx.com;
ssl_certificate /etc/nginx/ssl/minio/minio.xxxx.com.pem;
ssl_certificate_key /etc/nginx/ssl/minio/minio.xxxx.com.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
ssl_prefer_server_ciphers on;
location / {
client_max_body_size 500m;
proxy_connect_timeout 300;
proxy_send_timeout 300;
proxy_read_timeout 300;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $http_host;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_buffering off;
proxy_pass http://localhost:9000;
}
location /web/ {
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $http_host;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_buffering off;
proxy_pass http://localhost:9001/;
}
}
#http forced jump https http强制跳转https配置
server{
listen 80;
server_name minio.xxxx.com;
rewrite ^(.*)$ https://minio.xxxx.com;
location ~ / {
index index.html index.php index.htm;
}
}配置好后,记得执行:nginx -s realod
4. 问题记录
问题1: web控制台中无法查看bucket里面的内容
打开浏览器 F12 控制台发现有很多WebSocket connection to ...的报错信息如下图:
解决方案:Nginx配置中增加以下内容:
