Minio安装配置，桶权限设置，nginx代理 https minio

**起因：因为用到ruoyi-vue-plus框架中遇到生产环境是https，但是http的minio上传的文件不能在后台系统中访问**

• • 安装配置minio
  • • [1. 下载安装](#1. 下载安装)
    • [2. 赋文件执行权限](#2. 赋文件执行权限)
    • 3.创建配置文件
    • 4.创建minio.service
  • 新版minio创建桶需要配置桶权限
  • • 1.下载客户端
    • 2.设置访问权限
    • 3.连接客户端
    • 4.设置桶权限
  • nginx配置https
  • • 1.申请创建证书
    • 2.修改证书文件名（必须修改）
    • 3.nginx的https代理参考配置

安装配置minio

1. 下载安装

mkdir /usr/local/minio && cd /usr/local/minio && mkdir bin data
cd bin
wget https://dl.min.io/server/minio/release/linux-amd64/minio

2. 赋文件执行权限

cd /usr/local/minio
chmod +x bin/minio 

3.创建配置文件

mkdir conf
cd conf
vim minio.conf

minio.conf配置文件内容

#用户名
MINIO_ROOT_USER="minio"
#密码
MINIO_ROOT_PASSWORD="Admin@1996"
#配置https或者为了不暴露端口再用到
#MINIO_SERVER_URL="https://minio.**.com/"
#MINIO_BROWSER_REDIRECT_URL="https://minio.**.com/web/"

4.创建minio.service

cd /etc/systemd/system
vim minio.service

minio.service内容

[Unit]
Description=Minio
Wants=network-online.target
After=network-online.target
AssertFileIsExecutable=/usr/local/minio/bin/minio

[Service]
EnvironmentFile=/usr/local/minio/conf/minio.conf
WorkingDirectory=/usr/local/minio/
PermissionsStartOnly=true
ExecStart=/usr/local/minio/bin/minio server --console-address :9001 /usr/local/minio/data
ExecReload=/bin/kill -s HUP $MAINPID
ExecStop=/bin/kill -s QUIT $MAINPID
PrivateTmp=true

[Install]
WantedBy=multi-user.target

5.服务启动命令

#将服务设置为每次开机启动
systemctl enable minio.service
#启动服务
systemctl start minio
#停止服务
systemctl stop minio
#重启服务
systemctl restrat minio
#查看服务状态
systemctl status minio.service

新版minio创建桶需要配置桶权限

1.下载客户端

wget https://dl.min.io/client/mc/release/linux-amd64/mc -O /usr/local/bin/mc

2.设置访问权限

chmod +x /usr/local/bin/mc

3.连接客户端

mc alias set myminio http://localhost:9000 登陆账号 登陆密码

4.设置桶权限

mc anonymous set download myminio/桶名称

nginx配置https

1.申请创建证书

我使用的证书是通过阿里云申请创建证书，下载Apache格式。网上那些自己申请创建的证书应该也是可以的，没有测试。

2.修改证书文件名（必须修改）

并且把名字修改为private.key和public.crt放在/root/.minio/certs(安装minio自动创建的目录)路径下

3.nginx的https代理参考配置

server {
        listen 443 ssl;
        http2 on;
        server_name  minio.yuming.com; 
        
        ssl_certificate      /www/zuche/cert/minio.yuming.com.pem; #nginx证书文件位置 用的也是阿里的相同证书
        ssl_certificate_key  /www/zuche/cert/minio.yuming.com.key; #nginx证书文件配置 用的也是阿里的相同证书
        ssl_session_timeout 5m;
        ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
        ssl_prefer_server_ciphers on;

        location / {
            keepalive_timeout  105s;
            proxy_connect_timeout 300s;
            proxy_send_timeout 600s;
            proxy_read_timeout 600s;
            
            client_max_body_size 500m;
            proxy_set_header Host $http_host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Host $http_host;
            proxy_set_header X-Forwarded-Port $server_port;
            proxy_set_header X-Forwarded-Proto $scheme;
            proxy_buffering off;
            proxy_pass https://localhost:9000/;
        }
        location /web/ {
            proxy_set_header Host $http_host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Host $http_host;
            proxy_set_header X-Forwarded-Port $server_port;
            proxy_set_header X-Forwarded-Proto $scheme;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "upgrade";
            proxy_buffering off;
    		proxy_pass https://localhost:9001/;
        }

    }  

    #http forced jump https http强制跳转https配置
    server{  
        listen 80;
        server_name minio.skwl1688.com;
        rewrite ^(.*)$  https://minio.yuming.com/;
        location ~ / {
            index index.html index.php index.htm;
        }
    }