arsalanses · November 16, 2025 08:14
diff --git a/README.txt b/README.txt
 # This script sets up a MinIO server with a bucket and user, and configures policies for read/write access and public read access.
 openssl rand -hex 10
 openssl rand -hex 20
 mc alias set local http://127.0.0.1:9000 f2fc721724d133e6ebeb 62f2c9d238737b3893721fdbfb3147c5571ddb94

 # Create a bucket named 'bucketname' and set a quota of 25GB
 mc mb local/bucketname
 mc quota set local/bucketname --size 25G

 # Create a user named 'bucketuser' with a specific access key and secret key
 mc admin user add local bucketuser ddf6d38df9c400e6a03db3a957333c7d65b9dad3

 # Create a read/write policy for the bucket and attach it to the user
 cat > /tmp/rw-bucket.json <<'EOF'
 {
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "s3:GetBucketLocation",
        "s3:ListBucket",
        "s3:ListBucketMultipartUploads"
      ],
      "Resource": "arn:aws:s3:::bucketname"
    },
    {
      "Effect": "Allow",
      "Action": [
        "s3:AbortMultipartUpload",
        "s3:DeleteObject",
        "s3:GetObject",
        "s3:ListMultipartUploadParts",
        "s3:PutObject"
      ],
      "Resource": "arn:aws:s3:::bucketname/*"
    }
  ]
 }
 EOF

 mc admin policy create local rw-bucket /tmp/rw-bucket.json

 mc admin policy attach local rw-bucket --user=bucketuser

 # Create a service account for the user
 mc admin accesskey create local bucketuser

 # create a public read policy
 cat > /tmp/public-read.json <<'EOF'
 {
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": "*",
      "Action": [
        "s3:GetBucketLocation",
        "s3:ListBucket"
      ],
      "Resource": [
        "arn:aws:s3:::bucketname"
      ]
    },
    {
      "Effect": "Allow",
      "Principal": "*",
      "Action": [
        "s3:GetObject"
      ],
      "Resource": [
        "arn:aws:s3:::bucketname/*"
      ]
    }
  ]
 }
 EOF

 mc anonymous set-json /tmp/public-read.json local/bucketname

 mc anonymous set private local/bucketname
diff --git a/compose.yml b/compose.yml
 services:
  minio:
    image: hub.hamdocker.ir/coollabsio/minio:2025-10-15T17-29-55Z
    command: server --console-address ":9001" /data
    container_name: minio
    hostname: minio
    restart: unless-stopped
    volumes:
      - minio_data:/data
    environment:
      MINIO_ROOT_USER: ${MINIO_ROOT_USER}
      MINIO_ROOT_PASSWORD: ${MINIO_ROOT_PASSWORD}
      MINIO_SERVER_URL: https://minio-api.example.com
      MINIO_BROWSER_REDIRECT_URL: https://minio-console.example.com
    healthcheck:
 #       test: ["CMD", "curl", "-f", "http://localhost:9000/minio/health/live"]
      test: [ "CMD-SHELL", "echo > /dev/tcp/127.0.0.1/9000 && exit 0 || exit 1" ]
      interval: 30s
      timeout: 20s
      retries: 3
    networks:
      - web
    labels:
      - "traefik.enable=true"
      - "traefik.docker.network=web"

      # api
      - "traefik.http.routers.minio-api.entrypoints=http"
      - "traefik.http.routers.minio-api.rule=Host(`minio-api.example.com`)"
      - "traefik.http.services.minio-api.loadbalancer.server.port=9000"

      - "traefik.http.routers.minio-api-secure.entrypoints=https"
      - "traefik.http.routers.minio-api-secure.rule=Host(`minio-api.example.com`)"
      - "traefik.http.routers.minio-api-secure.tls=true"
      - "traefik.http.routers.minio-api-secure.tls.certresolver=letsencrypt"
      - "traefik.http.routers.minio-api-secure.service=minio-api"

      # console
      - "traefik.http.routers.minio-console.entrypoints=http"
      - "traefik.http.routers.minio-console.rule=Host(`minio-console.example.com`)"
      - "traefik.http.services.minio-console.loadbalancer.server.port=9001"

      - "traefik.http.routers.minio-console-secure.entrypoints=https"
      - "traefik.http.routers.minio-console-secure.rule=Host(`minio-console.example.com`)"
      - "traefik.http.routers.minio-console-secure.tls=true"
      - "traefik.http.routers.minio-console-secure.tls.certresolver=letsencrypt"
      - "traefik.http.routers.minio-console-secure.service=minio-console"

 networks:
  web:
    external: true

 volumes:
  minio_data:
    name: minio_data
	# This script sets up a MinIO server with a bucket and user, and configures policies for read/write access and public read access.
	openssl rand -hex 10
	openssl rand -hex 20
	mc alias set local http://127.0.0.1:9000 f2fc721724d133e6ebeb 62f2c9d238737b3893721fdbfb3147c5571ddb94

	# Create a bucket named 'bucketname' and set a quota of 25GB
	mc mb local/bucketname
	mc quota set local/bucketname --size 25G

	# Create a user named 'bucketuser' with a specific access key and secret key
	mc admin user add local bucketuser ddf6d38df9c400e6a03db3a957333c7d65b9dad3

	# Create a read/write policy for the bucket and attach it to the user
	cat > /tmp/rw-bucket.json <<'EOF'
	{
	"Version": "2012-10-17",
	"Statement": [
	{
	"Effect": "Allow",
	"Action": [
	"s3:GetBucketLocation",
	"s3:ListBucket",
	"s3:ListBucketMultipartUploads"
	],
	"Resource": "arn:aws:s3:::bucketname"
	},
	{
	"Effect": "Allow",
	"Action": [
	"s3:AbortMultipartUpload",
	"s3:DeleteObject",
	"s3:GetObject",
	"s3:ListMultipartUploadParts",
	"s3:PutObject"
	],
	"Resource": "arn:aws:s3:::bucketname/*"
	}
	]
	}
	EOF

	mc admin policy create local rw-bucket /tmp/rw-bucket.json

	mc admin policy attach local rw-bucket --user=bucketuser

	# Create a service account for the user
	mc admin accesskey create local bucketuser

	# create a public read policy
	cat > /tmp/public-read.json <<'EOF'
	{
	"Version": "2012-10-17",
	"Statement": [
	{
	"Effect": "Allow",
	"Principal": "*",
	"Action": [
	"s3:GetBucketLocation",
	"s3:ListBucket"
	],
	"Resource": [
	"arn:aws:s3:::bucketname"
	]
	},
	{
	"Effect": "Allow",
	"Principal": "*",
	"Action": [
	"s3:GetObject"
	],
	"Resource": [
	"arn:aws:s3:::bucketname/*"
	]
	}
	]
	}
	EOF

	mc anonymous set-json /tmp/public-read.json local/bucketname

	mc anonymous set private local/bucketname
	services:
	minio:
	image: hub.hamdocker.ir/coollabsio/minio:2025-10-15T17-29-55Z
	command: server --console-address ":9001" /data
	container_name: minio
	hostname: minio
	restart: unless-stopped
	volumes:
	- minio_data:/data
	environment:
	MINIO_ROOT_USER: ${MINIO_ROOT_USER}
	MINIO_ROOT_PASSWORD: ${MINIO_ROOT_PASSWORD}
	MINIO_SERVER_URL: https://minio-api.example.com
	MINIO_BROWSER_REDIRECT_URL: https://minio-console.example.com
	healthcheck:
	# test: ["CMD", "curl", "-f", "http://localhost:9000/minio/health/live"]
	test: [ "CMD-SHELL", "echo > /dev/tcp/127.0.0.1/9000 && exit 0 \|\| exit 1" ]
	interval: 30s
	timeout: 20s
	retries: 3
	networks:
	- web
	labels:
	- "traefik.enable=true"
	- "traefik.docker.network=web"

	# api
	- "traefik.http.routers.minio-api.entrypoints=http"
	- "traefik.http.routers.minio-api.rule=Host(`minio-api.example.com`)"
	- "traefik.http.services.minio-api.loadbalancer.server.port=9000"

	- "traefik.http.routers.minio-api-secure.entrypoints=https"
	- "traefik.http.routers.minio-api-secure.rule=Host(`minio-api.example.com`)"
	- "traefik.http.routers.minio-api-secure.tls=true"
	- "traefik.http.routers.minio-api-secure.tls.certresolver=letsencrypt"
	- "traefik.http.routers.minio-api-secure.service=minio-api"

	# console
	- "traefik.http.routers.minio-console.entrypoints=http"
	- "traefik.http.routers.minio-console.rule=Host(`minio-console.example.com`)"
	- "traefik.http.services.minio-console.loadbalancer.server.port=9001"

	- "traefik.http.routers.minio-console-secure.entrypoints=https"
	- "traefik.http.routers.minio-console-secure.rule=Host(`minio-console.example.com`)"
	- "traefik.http.routers.minio-console-secure.tls=true"
	- "traefik.http.routers.minio-console-secure.tls.certresolver=letsencrypt"
	- "traefik.http.routers.minio-console-secure.service=minio-console"

	networks:
	web:
	external: true

	volumes:
	minio_data:
	name: minio_data