minio nginx letsencrypt
делаем 2 конфига nginx
первый
/etc/nginx/sites-available/minio с таким содержимым
server {
server_name cdn.minio.ru;
listen 443 ssl;
access_log /var/log/nginx/cdn.minio.ru-access.log;
error_log /var/log/nginx/cdn.minio.ru-error.log;
ssl_certificate /etc/letsencrypt/live/cdn.minio.ru/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/cdn.minio.ru/privkey.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
# To allow special characters in headers
ignore_invalid_headers off;
# Allow any size file to be uploaded.
# Set to a value such as 1000m; to restrict file size to a specific value
client_max_body_size 0;
# To disable buffering
proxy_buffering off;
proxy_request_buffering off;
location / {
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_connect_timeout 300;
# Default is HTTP/1, keepalive is only enabled in HTTP/1.1
proxy_http_version 1.1;
proxy_set_header Connection "";
chunked_transfer_encoding off;
proxy_pass https://localhost:9000;
}
}
второй
/etc/nginx/sites-available/miniocon с таким содержимым
server {
server_name storage.minio.ru;
listen 443 ssl;
access_log /var/log/nginx/storage.minio.ru-access.log;
error_log /var/log/nginx/storage.minio.ru-error.log;
ssl_certificate /etc/letsencrypt/live/storage.minio.ru/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/storage.minio.ru/privkey.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
# To allow special characters in headers
ignore_invalid_headers off;
# Allow any size file to be uploaded.
# Set to a value such as 1000m; to restrict file size to a specific value
client_max_body_size 0;
# To disable buffering
proxy_buffering off;
proxy_request_buffering off;
location / {
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-NginX-Proxy true;
# This is necessary to pass the correct IP to be hashed
real_ip_header X-Real-IP;
proxy_connect_timeout 300;
# To support websocket
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
chunked_transfer_encoding off;
proxy_pass https://localhost:9001;
}
}
И меняем сам конфиг minio на то что ниже
MINIO_ACCESS_KEY="miniosecret"
MINIO_VOLUMES="/mnt/minio"
MINIO_OPTS="-C /etc/minio --address :9000 --console-address :9001"
MINIO_SERVER_URL="https://cdn.minio.ru"
MINIO_BROWSER_REDIRECT_URL=https://storage.minio.ru
MINIO_SECRET_KEY="minioPa$s"
Делаем reboot и пробуем зайдя на страницу https://cdn.minio.ru будем происходить переход на https://storage.minio.ru
Мы получили проксирующий nginx используя 443 порт а не 9000 и 9001
