Skip to content

Instantly share code, notes, and snippets.

Forked from superseb/
Created December 9, 2023 17:58
Show Gist options
  • Save nnewc/20deab7f2e3ce0cbf70e285768dec160 to your computer and use it in GitHub Desktop.
Save nnewc/20deab7f2e3ce0cbf70e285768dec160 to your computer and use it in GitHub Desktop.
Minio + NGINX in Docker using self signed certificates
if [ "$#" -lt 0 ]; then
echo "Usage: $0"
exit 1
echo "Generating based on found external IP"
FOUNDIP=$(docker run --rm --net=host appropriate/curl
echo "Using API FQDN: ${APIFQDN}"
echo "Using Console FQDN: ${FQDN}"
# Minio setup
# Generated access key and secret key
ACCESS_KEY=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1)
SECRET_KEY=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1)
# Generate certificates
mkdir api
cd api
curl | bash -s -- $APIFQDN
cd ..
mkdir console
cd console
curl | bash -s -- $FQDN
cd ..
cat $PWD/api/certs/ca.pem > $PWD/public.crt
cat $PWD/console/certs/ca.pem >> $PWD/public.crt
# Run minio container
docker run -d --name=minio -e MINIO_ROOT_USER=$ACCESS_KEY -e MINIO_ROOT_PASSWORD=$SECRET_KEY -e MINIO_SERVER_URL="https://${APIFQDN}" -e MINIO_BROWSER_REDIRECT_URL="https://${FQDN}" -v $PWD/data:/data -v $PWD/public.crt:/root/.minio/certs/CAs/public.crt minio/minio server /data --console-address=:9001
# nginx
cat <<EOF > $PWD/nginx.conf
server {
listen 80;
server_name $FQDN;
return 301 https://$FQDN$request_uri;
server {
listen 443 ssl;
server_name $APIFQDN;
# To allow special characters in headers
ignore_invalid_headers off;
# Allow any size file to be uploaded.
# Set to a value such as 1000m; to restrict file size to a specific value
client_max_body_size 0;
# To disable buffering
proxy_buffering off;
ssl_certificate /apicerts/cert.pem;
ssl_certificate_key /apicerts/key.pem;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers off;
location / {
proxy_set_header X-Real-IP \$remote_addr;
proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto \$scheme;
proxy_set_header Host \$http_host;
proxy_connect_timeout 300;
# Default is HTTP/1, keepalive is only enabled in HTTP/1.1
proxy_http_version 1.1;
proxy_set_header Connection "";
chunked_transfer_encoding off;
proxy_pass http://minio:9000;
server {
listen 443 ssl;
server_name $FQDN;
# To allow special characters in headers
ignore_invalid_headers off;
# Allow any size file to be uploaded.
# Set to a value such as 1000m; to restrict file size to a specific value
client_max_body_size 0;
# To disable buffering
proxy_buffering off;
ssl_certificate /consolecerts/cert.pem;
ssl_certificate_key /consolecerts/key.pem;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers off;
location / {
proxy_set_header X-Real-IP \$remote_addr;
proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto \$scheme;
proxy_set_header Host \$http_host;
proxy_connect_timeout 300;
# Default is HTTP/1, keepalive is only enabled in HTTP/1.1
proxy_http_version 1.1;
proxy_set_header Connection "";
chunked_transfer_encoding off;
proxy_pass http://minio:9001;
docker run -d --name=nginx -p 80:80 -p 443:443 -v $PWD/nginx.conf:/etc/nginx/conf.d/minio.conf:ro -v $PWD/api/certs:/apicerts -v $PWD/console/certs:/consolecerts --link=minio nginx
mkdir -p $PWD/.mc/certs/CAs
cat $PWD/api/certs/ca.pem > $PWD/.mc/certs/CAs/public.crt
cat $PWD/console/certs/ca.pem >> $PWD/.mc/certs/CAs/public.crt
docker run --rm -v $PWD/.mc:/root/.mc minio/mc config host add minio https://$APIFQDN $ACCESS_KEY $SECRET_KEY
docker run --rm -v $PWD/.mc:/root/.mc minio/mc mb minio/rancherbackups
echo "Minio API URL: $APIFQDN" | tee -a $MINIO_FILE
echo "Minio Console URL: $FQDN" | tee -a $MINIO_FILE
echo "Minio Access Key: $ACCESS_KEY" | tee -a $MINIO_FILE
echo "Minio Secret Key: $SECRET_KEY" | tee -a $MINIO_FILE
echo "Minio created bucket: rancherbackups" | tee -a $MINIO_FILE
echo "CA certificate:" | tee -a $MINIO_FILE
cat $PWD/api/certs/ca.pem | tee -a $MINIO_FILE
echo "Using Minio mc: list files in rancherbackups" | tee -a $MINIO_FILE
echo "docker run --rm -v \$PWD/.mc:/root/.mc minio/mc ls minio/rancherbackups" | tee -a $MINIO_FILE
echo "Using Minio mc: interactive shell" | tee -a $MINIO_FILE
echo "docker run --rm -v \$PWD/.mc:/root/.mc -ti --entrypoint sh minio/mc" | tee -a $MINIO_FILE
echo "All Minio info is also stored in ${MINIO_FILE}"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment