Last active
March 19, 2023 14:02
-
-
Save superseb/b8fd848525d68168cbaa4c8f1f44608e to your computer and use it in GitHub Desktop.
Minio using Let's Encrypt certbot obtained certificates
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| if [ "$#" -ne 2 ]; then | |
| echo "Usage: $0 fqdn email" | |
| exit 1 | |
| fi | |
| docker run -p 80:80 -p 443:443 -v /etc/letsencrypt:/etc/letsencrypt certbot/certbot certonly --standalone --agree-tos --reinstall --force-renewal --non-interactive --text --rsa-key-size 4096 --email $2 --domains $1 | |
| mkdir -p /root/.minio/certs | |
| cp /etc/letsencrypt/live/$1/fullchain.pem /root/.minio/certs/public.crt | |
| cp /etc/letsencrypt/live/$1/privkey.pem /root/.minio/certs/private.key | |
| echo "Run the following command:" | |
| ACCESS_KEY=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1) | |
| SECRET_KEY=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1) | |
| echo docker run -d --name=minio -p 9000:9000 -p 9001:9001 -ti -e MINIO_ROOT_USER=$ACCESS_KEY -e MINIO_ROOT_PASSWORD=$SECRET_KEY -e MINIO_SERVER_URL="https://$1:9000" -v /root/.minio:/root/.minio/ -v /root/data:/data minio/minio server --console-address ":9001" /data | |
| echo "" | |
| echo "To use mc, use docker run -it --entrypoint=/bin/sh minio/mc" | |
| echo "And configure: mc config host add minio https://${1}:9000 $ACCESS_KEY $SECRET_KEY" |
You can use this docker-compose for production
version: "3.6"
services:
https-portal:
image: steveltn/https-portal:1
ports:
- '80:80'
- '443:443'
links:
- minio
restart: always
environment:
DOMAINS: 'minio.company.com -> http://minio:9000, bucket1.minio.company.com -> http://minio:9000'
STAGE: 'production' # Don't use production until staging works
# FORCE_RENEW: 'true'
CLIENT_MAX_BODY_SIZE: 5G
minio:
image: minio/minio
environment:
MINIO_DOMAIN: 'minio.company.com'
MINIO_ACCESS_KEY: 'AKXXXXXXXXXXXXXXXXXXX'
MINIO_SECRET_KEY: 'XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX'
command: server /data
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost:9000/minio/health/live"]
interval: 30s
timeout: 20s
retries: 3
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
This is a script I use to test Minio for a few use cases and then tear it down so this uses
--standalone, this is in no way production ready. Renewing certificates (https://certbot.eff.org/docs/using.html#renewing-certificates) is probably the way to get this automated.I can look at a proper example for production if needed, this isn't the usecase for this script at the moment.