Minio的使用

date

Nov 19, 2022

slug

minio

status

Published

前言

先引用一下官方的原文 https://min.io/docs/minio/linux/operations/install-deploy-manage/deploy-minio-single-node-single-drive.html#minio-snsd-pre-existing-data

Important

minio在2022-10-24T18-35-07Z 版本之后，不再支持单实例多驱动的模式，如果之前是采用了多驱动的方式，则需要改一下minio的运行方式

使用

单节点单驱动

version: '3'
services:
  minio:
    image: minio/minio
    container_name: minio
    ports:
      - "9000:9000"
      - "9001:9001"
    restart: always
    command: server --console-address ':9001' /data
    environment:
      MINIO_ROOT_USER: admin
      MINIO_ROOT_PASSWORD: 12345678 # 大于等于8位
#    logging:
#      options:
#        max-size: "50M" # 最大文件上传限制
#        max-file: "10"
#      driver: json-file
    volumes:
      - /data/:/data # 映射文件路径
      - ./config:/root/.minio # 映射配置文件
#    network_mode: bridge

单节点多驱动

懒方式

可以考虑用最后一个支持多驱动的版本2022-10-24T18-35-07Z

version: '3'
services:
  minio:
    image: minio/minio:RELEASE.2022-10-24T18-35-07Z
    container_name: minio
    ports:
      - "9000:9000"
      - "9001:9001"
    restart: always
    command: server --console-address ':9001' /data
    environment:
      MINIO_ROOT_USER: admin
      MINIO_ROOT_PASSWORD: 12345678 # 大于等于8位
#    logging:
#      options:
#        max-size: "50M" # 最大文件上传限制
#        max-file: "10"
#      driver: json-file
    volumes:
      - /disk1/:/data # 映射文件路径
      - ./config:/root/.minio # 映射配置文件
#    network_mode: bridge

官方提供

也可以使用官方提供的新方式

version: '3'
services:
  minio:
    image: minio/minio
    container_name: minio
    ports:
      - "9000:9000"
      - "9001:9001"
    restart: always
    command: server --console-address ':9001'
    environment:
      MINIO_ROOT_USER: admin
      MINIO_ROOT_PASSWORD: 12345678 # 大于等于8位
      MINIO_VOLUMES: "/data{1...6}"
    #    logging:
    #      options:
    #        max-size: "50M" # 最大文件上传限制
    #        max-file: "10"
    #      driver: json-file
    volumes:  # 映射文件路径
      - /data1:/data1
      - /data2:/data2
      - /data3:/data3
      - /data4:/data4
      - /data5:/data5
      - /data6:/data6
      - ./config:/root/.minio # 映射配置文件
#    network_mode: bridge

多节点多驱动（推荐）

// todo

minio数据泄露隐藏文件list

只需要在策略中选择 custom,删除 Statement → Action → s3:ListBucket 这一行

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Principal": {
                "AWS": [
                    "*"
                ]
            },
            "Action": [
                "s3:GetBucketLocation",
                "s3:ListBucket",
                "s3:ListBucketMultipartUploads"
            ],
            "Resource": [
                "arn:aws:s3:::gov-miniapp"
            ]
        },
        {
            "Effect": "Allow",
            "Principal": {
                "AWS": [
                    "*"
                ]
            },
            "Action": [
                "s3:AbortMultipartUpload",
                "s3:DeleteObject",
                "s3:GetObject",
                "s3:ListMultipartUploadParts",
                "s3:PutObject"
            ],
            "Resource": [
                "arn:aws:s3:::gov-miniapp/*"
            ]
        }
    ]
}