diff --git a/source/integrations/integrations.rst b/source/integrations/integrations.rst index 4afdeb60..309c3ca9 100644 --- a/source/integrations/integrations.rst +++ b/source/integrations/integrations.rst @@ -20,6 +20,6 @@ All provided guides assume familiarity with the third-party integration software /integrations/using-minio-with-veeam.md /integrations/disaggregated-spark-and-hadoop-hive-with-minio.md /integrations/aws-cli-with-minio.md - /integrations/setup-nginx-proxy-with-minio.md + /integrations/setup-nginx-proxy-with-minio /integrations/presigned-put-upload-via-browser.md /integrations/generate-lets-encrypt-certificate-using-certbot-for-minio.md diff --git a/source/integrations/setup-nginx-proxy-with-minio.md b/source/integrations/setup-nginx-proxy-with-minio.md deleted file mode 100644 index df876b78..00000000 --- a/source/integrations/setup-nginx-proxy-with-minio.md +++ /dev/null @@ -1,113 +0,0 @@ -# Set up Nginx proxy with MinIO Server [![Slack](https://slack.min.io/slack?type=svg)](https://slack.min.io) - -Nginx is an open source Web server and a reverse proxy server. - -In this recipe we will learn how to set up Nginx proxy with MinIO Server. - -## 1. Prerequisites - -Install MinIO Server from [here](https://min.io/docs/minio/linux/reference/minio-mc.html). - -## 2. Installation - -Install Nginx from [here](http://nginx.org/en/download.html). - -## 3. Configuration - -### Proxy all requests -Add the following content as a file ``/etc/nginx/sites-enabled``, e.g. ``/etc/nginx/sites-enabled/minio`` and also remove the existing ``default`` file in same directory. - -```sh -server { - listen 80; - server_name example.com; - - # To allow special characters in headers - ignore_invalid_headers off; - # Allow any size file to be uploaded. - # Set to a value such as 1000m; to restrict file size to a specific value - client_max_body_size 0; - # To disable buffering - proxy_buffering off; - - location / { - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header Host $http_host; - - proxy_connect_timeout 300; - # Default is HTTP/1, keepalive is only enabled in HTTP/1.1 - proxy_http_version 1.1; - proxy_set_header Connection ""; - chunked_transfer_encoding off; - - proxy_pass http://localhost:9000; # If you are using docker-compose this would be the hostname i.e. minio - # Health Check endpoint might go here. See https://www.nginx.com/resources/wiki/modules/healthcheck/ - # /minio/health/live; - } -} -``` - -Note: - -* Replace example.com with your own hostname. -* Replace ``http://localhost:9000`` with your own server name. -* Add ``client_max_body_size 1000m;`` in the ``http`` context in order to be able to upload large files — simply adjust the value accordingly. The default value is `1m` which is far too low for most scenarios. To disable checking of client request body size, set ``client_max_body_size`` to `0`. -* Nginx buffers responses by default. To disable Nginx from buffering MinIO response to temp file, set `proxy_buffering off;`. This will improve time-to-first-byte for client requests. -* Nginx disallows special characters by default. Set ``ignore_invalid_headers off;`` to allow headers with special characters. - -### Proxy requests based on the bucket -If you want to serve web-application and MinIO from the same nginx port then you can proxy the MinIO requests based on the bucket name using path based routing. For nginx this uses the `location` directive, which also supports object key pattern-match based proxy splitting. - -```sh - # Proxy requests to the bucket "photos" to MinIO server running on port 9000 - location /photos/ { - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header Host $http_host; - - proxy_connect_timeout 300; - # Default is HTTP/1, keepalive is only enabled in HTTP/1.1 - proxy_http_version 1.1; - proxy_set_header Connection ""; - chunked_transfer_encoding off; - - proxy_pass http://localhost:9000; - } - - # Proxy any other request to the application server running on port 9001 - location / { - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header Host $http_host; - - proxy_connect_timeout 300; - # Default is HTTP/1, keepalive is only enabled in HTTP/1.1 - proxy_http_version 1.1; - proxy_set_header Connection ""; - chunked_transfer_encoding off; - - proxy_pass http://localhost:9001; - } -``` - -## 4. Recipe Steps - -### Step 1: Start MinIO server. - -```sh -minio server /mydatadir -``` - -### Step 2: Restart Nginx server. - -```sh -sudo service nginx restart -``` - -## Explore Further - -Refer [this blog post](https://www.nginx.com/blog/enterprise-grade-cloud-storage-nginx-plus-minio/) for various MinIO and Nginx configuration options. diff --git a/source/integrations/setup-nginx-proxy-with-minio.rst b/source/integrations/setup-nginx-proxy-with-minio.rst new file mode 100644 index 00000000..a23009d2 --- /dev/null +++ b/source/integrations/setup-nginx-proxy-with-minio.rst @@ -0,0 +1,197 @@ +.. _integrations-nginx-proxy: + +====================================== +Configure NGINX Proxy for MinIO Server +====================================== + +.. default-domain:: minio + +.. contents:: Table of Contents + :local: + :depth: 2 + +The following documentation covers the minimum settings required to configure NGINX to proxy requests to MinIO. + +This documentation assumes the following: + +- An existing `NGINX `__ deployment +- An existing :ref:`MinIO ` deployment +- A DNS hostname which uniquely identifies the MinIO deployment + +There are two models for proxying requests to the MinIO Server API and the MinIO Console: + +.. tab-set:: + + .. tab-item:: Dedicated DNS + + Create or configure a dedicated DNS name for the MinIO service. + + For the MinIO Server S3 API, proxy requests to the root of that domain. + For the MinIO Console Web GUI, proxy requests to the ``/minio`` subpath. + + For example, given the hostname ``minio.example.net``: + + - Proxy requests to the root ``https://minio.example.net`` to the MinIO Server listening on ``https://minio.local:9000``. + + - Proxy requests to the subpath ``https://minio.example.net/minio`` to the MinIO Console listening on ``https://minio.local:9001``. + + The following location blocks provide a template for further customization in your unique environment: + + .. code-block:: nginx + :class: copyable + + upstream minio { + least_conn; + server minio-01.internal-domain.com; + server minio-02.internal-domain.com; + server minio-03.internal-domain.com; + server minio-04.internal-domain.com; + } + + server { + listen 80; + listen [::]:80; + server_name minio.example.net; + + # Allow special characters in headers + ignore_invalid_headers off; + # Allow any size file to be uploaded. + # Set to a value such as 1000m; to restrict file size to a specific value + client_max_body_size 0; + # Disable buffering + proxy_buffering off; + proxy_request_buffering off; + + location / { + proxy_set_header Host $http_host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + + proxy_connect_timeout 300; + # Default is HTTP/1, keepalive is only enabled in HTTP/1.1 + proxy_http_version 1.1; + proxy_set_header Connection ""; + chunked_transfer_encoding off; + + proxy_pass https://minio:9000/; # This uses the upstream directive definition to load balance + } + + location /minio { + proxy_set_header Host $http_host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-NginX-Proxy true; + + # This is necessary to pass the correct IP to be hashed + real_ip_header X-Real-IP; + + proxy_connect_timeout 300; + + # To support websockets in MinIO versions released after January 2023 + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + + chunked_transfer_encoding off; + + proxy_pass https://minio:9001/; # This uses the upstream directive definition to load balance and assumes a static Console port of 9001 + } + } + + The S3 API signature calculation algorithm does *not* support proxy schemes where you host either the MinIO Server API or Console GUI on a subpath, such as ``example.net/s3/`` or ``example.net/console/``. + + .. tab-item:: Subdomain + + Create or configure separate, unique subdomains for the MinIO Server S3 API and for the MinIO Console Web GUI. + + For example, given the root domain of ``example.net``: + + - Proxy request to the subdomain ``minio.example.net`` to the MinIO Server listening on ``https://minio.local:9000`` + + - Proxy requests to the subdomain ``console.example.net`` to the MinIO Console listening on ``https://minio.local:9001`` + + The following location blocks provide a template for further customization in your unique environment: + + .. code-block:: nginx + :class: copyable + + upstream minio { + least_conn; + server minio-01.internal-domain.com; + server minio-02.internal-domain.com; + server minio-03.internal-domain.com; + server minio-04.internal-domain.com; + } + + server { + listen 80; + listen [::]:80; + server_name minio.example.net; + + # Allow special characters in headers + ignore_invalid_headers off; + # Allow any size file to be uploaded. + # Set to a value such as 1000m; to restrict file size to a specific value + client_max_body_size 0; + # Disable buffering + proxy_buffering off; + proxy_request_buffering off; + + location / { + proxy_set_header Host $http_host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + + proxy_connect_timeout 300; + # Default is HTTP/1, keepalive is only enabled in HTTP/1.1 + proxy_http_version 1.1; + proxy_set_header Connection ""; + chunked_transfer_encoding off; + + proxy_pass http://minio:9000/; # This uses the upstream directive definition to load balance + } + } + + server { + + listen 80; + listen [::]:80; + server_name console.example.net; + + # Allow special characters in headers + ignore_invalid_headers off; + # Allow any size file to be uploaded. + # Set to a value such as 1000m; to restrict file size to a specific value + client_max_body_size 0; + # Disable buffering + proxy_buffering off; + proxy_request_buffering off; + + location / { + proxy_set_header Host $http_host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-NginX-Proxy true; + + # This is necessary to pass the correct IP to be hashed + real_ip_header X-Real-IP; + + proxy_connect_timeout 300; + + # To support websocket + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + + chunked_transfer_encoding off; + + proxy_pass http://minio:9001/; # This uses the upstream directive definition to load balance and assumes a static Console port of 9001 + } + } + + The S3 API signature calculation algorithm does *not* support proxy schemes where you host either the MinIO Server API or Console GUI on a subpath, such as ``minio.example.net/s3/`` or ``console.example.net/gui``. + diff --git a/source/operations/install-deploy-manage/deploy-minio-multi-node-multi-drive.rst b/source/operations/install-deploy-manage/deploy-minio-multi-node-multi-drive.rst index 39681761..cf40a4b7 100644 --- a/source/operations/install-deploy-manage/deploy-minio-multi-node-multi-drive.rst +++ b/source/operations/install-deploy-manage/deploy-minio-multi-node-multi-drive.rst @@ -56,6 +56,7 @@ The following load balancers are known to work well with MinIO: Configuring firewalls or load balancers to support MinIO is out of scope for this procedure. +The :ref:`integrations-nginx-proxy` reference provides a baseline configuration for using NGINX as a reverse proxy with basic load balancing configured. Sequential Hostnames ~~~~~~~~~~~~~~~~~~~~ diff --git a/source/operations/install-deploy-manage/expand-minio-deployment.rst b/source/operations/install-deploy-manage/expand-minio-deployment.rst index 5b2366e8..42c17e92 100644 --- a/source/operations/install-deploy-manage/expand-minio-deployment.rst +++ b/source/operations/install-deploy-manage/expand-minio-deployment.rst @@ -68,6 +68,7 @@ The following load balancers are known to work well with MinIO: Configuring firewalls or load balancers to support MinIO is out of scope for this procedure. +The :ref:`integrations-nginx-proxy` reference provides a baseline configuration for using NGINX as a reverse proxy with basic load balancing configured. Sequential Hostnames ~~~~~~~~~~~~~~~~~~~~