git Service of IN-Ulm e.V. Explore Help
Sign In
ulpeters
/
minio
1
0
Fork 0
Files Issues 2 Pull Requests 0 Wiki
Browse Source

fixed tls support

toastie89 2 years ago
parent
ca0f992314
commit
a431ab8c10
3 changed files with 6 additions and 29 deletions
Split View Show Diff Stats
  1. 4 3
      minio/README.md
  2. 2 24
      minio/docker-compose.override.yml
  3. 0 2
      minio/docker-compose.yml

+ 4 - 3
minio/README.md
View File 

@@ -7,9 +7,10 @@ Scope of the **basic setup** is to run minio
 
 - with a directoy mounted for data
 
 - with the container port 9000 (S3) mapped to a host port
 
 
-Scope of the **advance setup** is to run minio
 
-- web ui (console, port 9001) with basic auth behind a reverse-proxy (port 443) with letsencrypt
 
-- s3 (port 9000) with the tls cert from above and restricted to certain source IPs
 
+Scope of the **advance setup** is to run minio in addition
 
+- with TLS support
 
+- with web ui (console, port 9001) exposed to a reverse proxy (port 443)
 
+- with TLS support for s3 (port 9000), borrowed from the reverse proxy above

+ 2 - 24
minio/docker-compose.override.yml
View File 

@@ -1,35 +1,13 @@
 
 version: '3.7'
 
 services:
 
-#  minio-getkeys:
 
-#    container_name: minio-getkeys
 
-#    hostname: minio-getkeys
 
-#    image: alpine
 
-#    user: 0:0  # we need root to read the key/cert
 
-#    restart: on-failure:3
 
-#    # ToDo: Replace with variable
 
-#    volumes:
 
-#      - ${CERT_PATH}:/mnt/src:ro
 
-#      - ./data/home/.minio/certs:/mnt/dst:rw
 
-#    command: >
 
-#              sh -c 'apk add --no-cache inotify-tools
 
-#              && while true;
 
-#              do inotifywait /mnt/src/fullchain.pem --event modify 
-#              && date +%x_%r 
-#              && cp /mnt/src/fullchain.pem  /mnt/dst/public.crt
 
-#              && cp /mnt/src/key.pem        /mnt/dst/private.key
 
-#              && chown 1000:1000            /mnt/dst/*.*
 
-#              && chmod 600                  /mnt/dst/*.*; done'
 
   minio:
 
     networks:
 
       - docker-dmz
 
     volumes:
 
-      - ${CERT_PATH}${HOSTNAME}:/home/data/.minio/certs
 
+      - ${CERT_PATH}${HOSTNAME}/key.pem:/home/data/.minio/certs/private.key
 
+      - ${CERT_PATH}${HOSTNAME}/fullchain.pem:/home/data/.minio/certs/public.crt
 
     expose:
 
       - "9001"
 
-    environment:
 
-      VIRTUAL_HOST: ${HOSTNAME}
 
-      LETSENCRYPT_HOST: ${HOSTNAME}
 
-      LETSENCRYPT_EMAIL: webmaster@${HOSTNAME}
 
       
 networks:
 
   docker-dmz:

+ 0 - 2
minio/docker-compose.yml
View File 

@@ -10,8 +10,6 @@ services:
 
       - ./data/home:/home/data
 
     ports:
 
       - ${PORT_MAPPING} # s3, port 9000
 
-    expose:
 
-      - 9001
 
     environment:
 
       MINIO_ROOT_USER: ${MINIO_ROOT_USER}
 
       MINIO_ROOT_PASSWORD: ${MINIO_ROOT_PASSWORD}