Skip to content

Instantly share code, notes, and snippets.

@masezou

masezou/minio-windows-setup.ps1 Secret

Last active February 21, 2025 05:03
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save masezou/fa8ea7bdfd69b2d41600247716ee8e09 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save masezou/fa8ea7bdfd69b2d41600247716ee8e09 to your computer and use it in GitHub Desktop.
Download ZIP
MinIO Setup for Windows Server (Single Node)
Raw
minio-windows-setup.ps1
# Minio datapath
$miniodatapath = "C:\miniodata"
# Initial admin user
$miniologinuser = "miniologinuser"
$miniologinpass = "miniologinuser"
# root user (it is not for console acceess and API)
$miniorootuser = "minioadminuser-n0t-t0-Use"
$miniorootpass = "m!n!0Adm!nUs3r$@1192"
$env:MINIOPATH="C:\minio"
mkdir C:\minio
cd C:\minio
Invoke-WebRequest -Uri https://dl.min.io/client/mc/release/windows-amd64/mc.exe -OutFile mc.exe
$currentPath = [Environment]::GetEnvironmentVariable("Path", [EnvironmentVariableTarget]::Machine)
$newPath = "$currentPath;C:\minio"
[Environment]::SetEnvironmentVariable("Path", $newPath, [EnvironmentVariableTarget]::Machine)
Invoke-WebRequest -Uri https://dl.min.io/server/minio/release/windows-amd64/minio.exe -OutFile minio.exe
Invoke-WebRequest -Uri https://www.gnupg.org/ftp/gcrypt/gnutls/w32/gnutls-3.6.0-w64.zip -OutFile gnutls-3.6.0-w64.zip
Invoke-WebRequest -Uri https://github.com/winsw/winsw/releases/download/v2.12.0/WinSW-x64.exe -OutFile minio-service.exe
mkdir C:\minio\gnutils
Expand-Archive -Path C:\minio\gnutls-3.6.0-w64.zip -DestinationPath C:\minio\gnutils
Remove-Item -Path "C:\minio\gnutls-3.6.0-w64.zip" -Force
$ENV:Path+=";C:\minio\gnutils\win64-build\bin"
mkdir $env:USERPROFILE\.minio\certs
cd $env:USERPROFILE\.minio\certs
C:\minio\gnutils\win64-build\bin\certtool.exe --generate-privkey --outfile private.key
echo @"
# X.509 Certificate options
#
# DN options
# The organization of the subject.
organization = "Example Inc."
# The organizational unit of the subject.
#unit = "sleeping dept."
# The state of the certificate owner.
state = "Example"
# The country of the subject. Two letter code.
country = "EX"
# The common name of the certificate owner.
cn = "minio example"
# In how many days, counting from today, this certificate will expire.
expiration_days = 365
# X.509 v3 extensions
# DNS name(s) of the server
dns_name = "$Env:COMPUTERNAME"
# (Optional) Server IP address
ip_address = "127.0.0.1"
# Whether this certificate will be used for a TLS server
tls_www_server
"@ >cert.cnf
ls -r -file -filter *.cnf | % { (get-content -encoding Default $_.FullName) -join "`r`n" | set-content -encoding Default $_.FullName }
C:\minio\gnutils\win64-build\bin\certtool.exe --generate-self-signed --load-privkey .\private.key --template .\cert.cnf --outfile .\public.crt
mkdir $env:USERPROFILE\mc\certs\CAs
cp $env:USERPROFILE\.minio\certs\public.crt $env:USERPROFILE\mc\certs\CAs
certutil -addstore ROOT $env:USERPROFILE\.minio\certs\public.crt
mkdir $miniodatapath
$env:CONSOLE_MINIO_SERVER = $Env:COMPUTERNAME
$env:CONSOLE_MINIO_SERVER = $Env:CONSOLE_MINIO_SERVER+=":9000"
$env:CONSOLE_MINIO_SERVER = "https://"+$Env:CONSOLE_MINIO_SERVER
write-host $env:CONSOLE_MINIO_SERVER
$env:CONSOLE_PROMETHEUS_URL = $Env:COMPUTERNAME
$env:CONSOLE_PROMETHEUS_URL = $Env:CONSOLE_PROMETHEUS_URL+=":9090"
$env:CONSOLE_PROMETHEUS_URL = "http://"+$Env:CONSOLE_PROMETHEUS_URL
write-host $env:CONSOLE_PROMETHEUS_URL
New-NetFirewallRule -DisplayName "Minio-Allow-Inbound-TCP9000" -Direction Inbound -Protocol TCP -LocalPort 9000 -Action Allow -Profile Any
New-NetFirewallRule -DisplayName "Minio-Allow-Inbound-TCP9001" -Direction Inbound -Protocol TCP -LocalPort 9001 -Action Allow -Profile Any
cd C:\minio
echo @"
<service>
<id>MinIO</id>
<name>MinIO</name>
<description>MinIO is a high performance object storage server</description>
<executable>minio.exe</executable>
<env name="MINIO_ROOT_USER" value="miniorootuser"/>
<env name="MINIO_ROOT_PASSWORD" value="miniorootuser"/>
<env name="MINIO_API_ROOT_ACCESS" value="on"/>
<env name="MINIO_BROWSER" value="on" />
<env name="MINIO_BROWSER_LOGIN_ANIMATION" value="on" />
<env name="MINIO_BROWSER_SESSION_DURATION" value="12h" />
<env name="MINIO_COMPRESSION_ENABLE" value="on" />
<env name="MINIO_COMPRESSION_EXTENSIONS" value=".txt, .log, .csv, .json, .tar, .xml, .bin" />
<arguments>server $miniodatapath --address ":9000" --console-address ":9001"</arguments>
<logmode>rotate</logmode>
<serviceaccount>
<domain>$Env:COMPUTERNAME</domain>
<user>Administrator</user>
<password>Password00!</password>
<allowservicelogon>true</allowservicelogon>
</serviceaccount>
</service>
"@ >minio-service.xml
./minio-service.exe install
start-service minio
Start-Sleep 10
C:\minio\mc.exe alias rm local
$env:URLHOST = $Env:COMPUTERNAME
$env:URLHOST = $Env:URLHOST+=":9000"
write-host $env:URLHOST
C:\minio\mc.exe alias set local https://$env:URLHOST miniorootuser miniorootuser --api S3v4
C:\minio\mc.exe admin user add local "$miniologinuser" "$miniologinpass"
C:\minio\mc.exe admin policy attach local consoleAdmin --user "$miniologinuser"
stop-service minio
./minio-service.exe uninstall
Remove-Item -Path "C:\minio\minio-service.xml" -Force
echo @"
<service>
<id>MinIO</id>
<name>MinIO</name>
<description>MinIO is a high performance object storage server</description>
<executable>minio.exe</executable>
<env name="MINIO_ROOT_USER" value="$miniorootuser"/>
<env name="MINIO_ROOT_PASSWORD" value="$miniorootpass"/>
<env name="MINIO_API_ROOT_ACCESS" value="off"/>
<env name="MINIO_BROWSER" value="on" />
<env name="MINIO_BROWSER_LOGIN_ANIMATION" value="on" />
<env name="MINIO_BROWSER_SESSION_DURATION" value="12h" />
<env name="MINIO_COMPRESSION_ENABLE" value="on" />
<env name="MINIO_COMPRESSION_EXTENSIONS" value=".txt, .log, .csv, .json, .tar, .xml, .bin" />
<arguments>server $miniodatapath --address ":9000" --console-address ":9001"</arguments>
<logmode>rotate</logmode>
<serviceaccount>
<domain>$Env:COMPUTERNAME</domain>
<user>Administrator</user>
<password>Password00!</password>
<allowservicelogon>true</allowservicelogon>
</serviceaccount>
</service>
"@ >minio-service.xml
./minio-service.exe install
start-service minio
C:\minio\mc.exe alias rm local
C:\minio\mc.exe alias set local https://$env:URLHOST "$miniologinuser" "$miniologinpass" --api S3v4
echo @"
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"admin:*"
]
},
{
"Effect": "Allow",
"Action": [
"kms:*"
]
},
{
"Effect": "Allow",
"Action": [
"s3:*"
],
"Resource": [
"arn:aws:s3:::*"
],
"Condition": {
"IpAddress": {
"aws:SourceIp": [
"10.0.0.0/8",
"172.16.0.0/12",
"192.168.0.0/16"
]
}
}
}
]
}
"@ >consoleAdmin-local.json
$targetpath = "C:\minio\consoleAdmin-local.json"
(Get-Content $targetpath) -Join "`r`n" | Set-Content $targetpath
C:\minio\mc.exe admin policy create local consoleAdmin-local consoleAdmin-local.json
rm consoleAdmin-local.json
echo @"
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"admin:BandwidthMonitor",
"admin:ConsoleLog",
"admin:OBDInfo",
"admin:Profiling",
"admin:Prometheus",
"admin:ServerInfo",
"admin:ServerTrace",
"admin:TopLocksInfo"
],
"Resource": [
"arn:aws:s3:::*"
],
"Condition": {
"IpAddress": {
"aws:SourceIp": [
"10.0.0.0/8",
"172.16.0.0/12",
"192.168.0.0/16"
]
}
}
}
]
}
"@ >diagnostics-local.json
$targetpath = "C:\minio\diagnostics-local.json"
(Get-Content $targetpath) -Join "`r`n" | Set-Content $targetpath
C:\minio\mc.exe admin policy create local diagnostics-local diagnostics-local.json
rm diagnostics-local.json
echo @"
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:*"
],
"Resource": [
"arn:aws:s3:::*"
],
"Condition": {
"IpAddress": {
"aws:SourceIp": [
"10.0.0.0/8",
"172.16.0.0/12",
"192.168.0.0/16"
]
}
}
}
]
}
"@ >readwrite-local.json
$targetpath = "C:\minio\readwrite-local.json"
(Get-Content $targetpath) -Join "`r`n" | Set-Content $targetpath
C:\minio\mc.exe admin policy create local readwrite-local readwrite-local.json
rm readwrite-local.json
echo @"
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:GetBucketLocation",
"s3:GetObject"
],
"Resource": [
"arn:aws:s3:::*"
],
"Condition": {
"IpAddress": {
"aws:SourceIp": [
"10.0.0.0/8",
"172.16.0.0/12",
"192.168.0.0/16"
]
}
}
}
]
}
"@ >readonly-local.json
$targetpath = "C:\minio\readonly-local.json"
(Get-Content $targetpath) -Join "`r`n" | Set-Content $targetpath
C:\minio\mc.exe admin policy create local readonly-local readonly-local.json
rm readonly-local.json
echo @"
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:PutObject"
],
"Resource": [
"arn:aws:s3:::*"
],
"Condition": {
"IpAddress": {
"aws:SourceIp": [
"10.0.0.0/8",
"172.16.0.0/12",
"192.168.0.0/16"
]
}
}
}
]
}
"@ >writeonly-local.json
$targetpath = "C:\minio\writeonly-local.json"
(Get-Content $targetpath) -Join "`r`n" | Set-Content $targetpath
C:\minio\mc.exe admin policy create local writeonly-local writeonly-local.json
rm writeonly-local.json
C:\minio\mc.exe admin info local
C:\minio\mc.exe alias list local
start https://$env:URLHOST
Write-Host Done. credential is $miniologinuser / $miniologinpass Hit any key -NoNewLine
[Console]::ReadKey() | Out-Null
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment