以下是在Ubuntu上安全安装MinIO的关键步骤,涵盖权限管理、加密、防火墙等核心安全措施:
wget https://dl.min.io/server/minio/release/linux-amd64/minio
chmod +x minio
sudo mv minio /usr/local/bin/
minio-user
并设置数据目录权限:sudo useradd -r -s /sbin/nologin minio-user
sudo mkdir -p /mnt/minio/data
sudo chown -R minio-user:minio-user /mnt/minio/data
sudo nano /etc/default/minio
# 添加以下内容(密码需符合复杂性要求)
MINIO_ROOT_USER="admin"
MINIO_ROOT_PASSWORD="StrongPassword123!"
MINIO_VOLUMES="/mnt/minio/data"
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /mnt/minio/minio.key -out /mnt/minio/minio.crt
sudo nano /etc/default/minio
# 添加以下参数
MINIO_OPTS="--address :9000 --console-address :9001 --ssl-enabled"
sudo nano /etc/systemd/system/minio.service
# 关键配置
[Service]
User=minio-user
Group=minio-user
ExecStart=/usr/local/bin/minio server $MINIO_OPTS $MINIO_VOLUMES
Restart=always
启用服务:sudo systemctl daemon-reload
sudo systemctl enable --now minio
sudo ufw allow from <允许的IP> to any port 9000,9001 proto tcp
sudo ufw enable
# 在环境变量中修改端口(如上一步已配置)
# 确保MINIO_OPTS中未包含--anonymous
sudo nano /etc/default/minio
# 添加日志配置
MINIO_LOGGER_TYPE=file
MINIO_LOGGER_FILE=/var/log/minio.log
sudo apt update && sudo apt upgrade minio
# 备份数据(示例)
rsync -av /mnt/minio/data /backup/minio/
sudo systemctl status minio
tail -f /var/log/minio.log
以上步骤参考自,可根据实际需求调整端口、存储路径等参数。