Minio的使用
date
Nov 19, 2022
slug
minio
status
Published
tags
Minio
summary
minio
type
Post
前言
Important
minio在
2022-10-24T18-35-07Z 版本之后,不再支持单实例多驱动的模式,如果之前是采用了多驱动的方式,则需要改一下minio的运行方式使用
单节点单驱动
version: '3'
services:
minio:
image: minio/minio
container_name: minio
ports:
- "9000:9000"
- "9001:9001"
restart: always
command: server --console-address ':9001' /data
environment:
MINIO_ROOT_USER: admin
MINIO_ROOT_PASSWORD: 12345678 # 大于等于8位
# logging:
# options:
# max-size: "50M" # 最大文件上传限制
# max-file: "10"
# driver: json-file
volumes:
- /data/:/data # 映射文件路径
- ./config:/root/.minio # 映射配置文件
# network_mode: bridge单节点多驱动
懒方式
可以考虑用最后一个支持多驱动的版本
2022-10-24T18-35-07Z version: '3'
services:
minio:
image: minio/minio:RELEASE.2022-10-24T18-35-07Z
container_name: minio
ports:
- "9000:9000"
- "9001:9001"
restart: always
command: server --console-address ':9001' /data
environment:
MINIO_ROOT_USER: admin
MINIO_ROOT_PASSWORD: 12345678 # 大于等于8位
# logging:
# options:
# max-size: "50M" # 最大文件上传限制
# max-file: "10"
# driver: json-file
volumes:
- /disk1/:/data # 映射文件路径
- ./config:/root/.minio # 映射配置文件
# network_mode: bridge官方提供
也可以使用官方提供的新方式
version: '3'
services:
minio:
image: minio/minio
container_name: minio
ports:
- "9000:9000"
- "9001:9001"
restart: always
command: server --console-address ':9001'
environment:
MINIO_ROOT_USER: admin
MINIO_ROOT_PASSWORD: 12345678 # 大于等于8位
MINIO_VOLUMES: "/data{1...6}"
# logging:
# options:
# max-size: "50M" # 最大文件上传限制
# max-file: "10"
# driver: json-file
volumes: # 映射文件路径
- /data1:/data1
- /data2:/data2
- /data3:/data3
- /data4:/data4
- /data5:/data5
- /data6:/data6
- ./config:/root/.minio # 映射配置文件
# network_mode: bridge多节点多驱动(推荐)
// todo
minio数据泄露隐藏文件list
背景
当策略模式使用public模式,访问ip+port+bucket 会得到一个很大的xml,记录了文件的信息
minio的桶有一个listObjects的功能,默认最多1000条记录,这就意味着,如果你打开永久下载链接模式,那么任何人可以通过桶路径来获取你保存的所有资源的信息
解决方法
更改策略,只需要在策略中选择 custom,删除
Statement → Action → s3:ListBucket 这一行{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": [
"*"
]
},
"Action": [
"s3:GetBucketLocation",
"s3:ListBucket",
"s3:ListBucketMultipartUploads"
],
"Resource": [
"arn:aws:s3:::gov-miniapp"
]
},
{
"Effect": "Allow",
"Principal": {
"AWS": [
"*"
]
},
"Action": [
"s3:AbortMultipartUpload",
"s3:DeleteObject",
"s3:GetObject",
"s3:ListMultipartUploadParts",
"s3:PutObject"
],
"Resource": [
"arn:aws:s3:::gov-miniapp/*"
]
}
]
}