Skip to content

Instantly share code, notes, and snippets.

Show Gist options
  • Save kstevenson722/e7978a75aec25feaa6ad0965ec313e2d to your computer and use it in GitHub Desktop.
Save kstevenson722/e7978a75aec25feaa6ad0965ec313e2d to your computer and use it in GitHub Desktop.
Setup MinIO on Ubuntu 20.04 LTS with Let's Encrypt SSL

Setup MinIO on Ubuntu 20.04 LTS with Let's Encrypt SSL

✨✨✨✨✨✨✨✨✨✨✨✨✨✨✨✨✨
SUPPORT MY WORK - Everything Helps Thanks
YouTube 🔗 https://YouTube.GetMeTheGeek.com
Buy Me a Coffee ☕ https://www.buymeacoffee.com/getmethegeek
Hire US 🔗 https://getmethegeek.com
Digital Ocean referral 🔗 https://tiny.cc/plxdigitalocean
✨✨✨✨✨✨✨✨✨✨✨✨✨✨✨✨✨

Google Download Link for Go!

https://golang.org/dl/

Install Go

wget -c https://dl.google.com/go/go1.14.2.linux-amd64.tar.gz
tar xvf go1.14.2.linux-amd64.tar.gz
sudo chown -R root:root ./go
sudo mv go /usr/local
sudo echo 'export PATH=$PATH:/usr/local/go/bin' >> /etc/profile
source /etc/profile
go version
rm go1.14.2.linux-amd64.tar.gz

Install MinIO on Ubuntu 20.04 LTS

cd ~
wget https://dl.min.io/server/minio/release/linux-amd64/minio

sudo useradd --system minio --shell /sbin/nologin
sudo usermod -L minio
sudo chage -E0 minio

sudo mv minio /usr/local/bin
sudo chmod +x /usr/local/bin/minio
sudo chown minio:minio /usr/local/bin/minio

sudo touch /etc/default/minio
sudo echo 'MINIO_ACCESS_KEY="minio"' >> /etc/default/minio
sudo echo 'MINIO_VOLUMES="/usr/local/share/minio/"' >> /etc/default/minio
sudo echo 'MINIO_OPTS="-C /etc/minio --address :9000"' >> /etc/default/minio
sudo echo 'MINIO_SECRET_KEY="miniostorage"' >> /etc/default/minio

sudo mkdir /usr/local/share/minio
sudo mkdir /etc/minio

sudo chown minio:minio /usr/local/share/minio
sudo chown minio:minio /etc/minio

cd ~

wget https://raw.githubusercontent.com/minio/minio-service/master/linux-systemd/minio.service

sed -i 's/User=minio-user/User=minio/g' minio.service
sed -i 's/Group=minio-user/Group=minio/g' minio.service

sudo mv minio.service /etc/systemd/system

sudo systemctl daemon-reload
sudo systemctl enable minio
sudo systemctl start minio

sudo systemctl status minio

cd ~

sudo ufw default deny incoming
sudo ufw default allow outgoing
sudo ufw allow ssh
sudo ufw allow 9000
sudo ufw enable
sudo ufw allow http
sudo ufw allow https
sudo ufw status verbose

sudo apt install software-properties-common
sudo add-apt-repository universe
sudo apt update
sudo apt install certbot
sudo certbot certonly --standalone -d minio-server.your_domain
sudo cp /etc/letsencrypt/live/minio-server.your_domain_name/privkey.pem /etc/minio/certs/private.key
sudo cp /etc/letsencrypt/live/minio-server.your_domain_name/fullchain.pem /etc/minio/certs/public.crt
sudo chown minio:minio /etc/minio/certs/private.key
sudo chown minio:minio /etc/minio/certs/public.crt
sudo systemctl restart minio
@harshavardhana
Copy link

x509: cannot validate certificate for 136.xxx.xxx.xxx because it doesn't contain any IP SANs

Fix your cert

@jsalzer
Copy link

jsalzer commented Mar 26, 2022

@OneHitX it really has nothing to do with fixing your cert. It has little to do with fixing the cert, but with the fact that certs are generated using a domain name or FQDN, hence there are no IPs in the cert. When you use certs, minio looks for an IP address by default, since there is no IP in the cert, hence your error. The way fix it is to export the server URL variable. Like this: export MINIO_SERVER_URL="https://servername.domainName.com" where server name and domain name match what you used when you created the cert. Then just re-run minio, you should be good to go.

@harshavardhana
Copy link

@OneHitX it really has nothing to do with fixing your cert. It has little to do with fixing the cert, but with the fact that certs are generated using a domain name or FQDN, hence there are no IPs in the cert.

Thats why fix your certs to include IPs if you wish to access TLS over IPs

@VladimiPutin
Copy link

VladimiPutin commented Mar 28, 2022

Hello,
How can fix this?

/etc/systemd/system/minio.service:13: Unknown key name 'ProtectProc' in section 'Service', ignoring.

Minio version and Ubuntu
minio version RELEASE.2022-03-26T06-49-28Z
Linux vultr 5.4.0-99-generic #112-Ubuntu SMP Thu Feb 3 13:50:55 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux

My server is on Vultr

Regards!

@Zinidia
Copy link

Zinidia commented Jun 30, 2022

To make it easier for people who automate SSL renewal, consider using symbolic links for copying the necessary files. Here's an example of how to do this:

sudo ln -s /etc/letsencrypt/live/minio-server.your_domain_name/privkey.pem /etc/minio/certs/private.key
sudo ln -s /etc/letsencrypt/live/minio-server.your_domain_name/fullchain.pem /etc/minio/certs/public.crt

@sluxzer
Copy link

sluxzer commented Sep 10, 2023

Do you have a dockerized version?

I try to access this one work https://example.website

but when I Access with port https://example.website:9001, I got

This site can’t provide a secure connection
example.website sent an invalid response.
ERR_SSL_PROTOCOL_ERROR

@AnthonMS
Copy link

If I want to use another port than 9000 do I just change the port in the command?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment