minio/docs
1
0
Fork 0
mirror of https://github.com/minio/docs.git synced 2025-07-30 07:03:26 +03:00
Code Activity

Updating Nginx Reverse Proxy documentation (#743)

Browse Source 
- Proxying MinIO based on subdomains of a single hostname
- Proxying MinIO based on subpath of a single hostname
- Including the websocket upload logic
This commit is contained in:
Ravind Kumar
2023-03-06 12:19:44 -05:00
committed by GitHub
parent b1bf12145f
commit 732b6c3de7
5 changed files with 200 additions and 114 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
source/integrations/integrations.rst
View File

@ -20,6 +20,6 @@ All provided guides assume familiarity with the third-party integration software
/integrations/using-minio-with-veeam.md
/integrations/disaggregated-spark-and-hadoop-hive-with-minio.md
/integrations/aws-cli-with-minio.md
/integrations/setup-nginx-proxy-with-minio.md
/integrations/setup-nginx-proxy-with-minio
/integrations/presigned-put-upload-via-browser.md
/integrations/generate-lets-encrypt-certificate-using-certbot-for-minio.md

113
source/integrations/setup-nginx-proxy-with-minio.md
View File

@ -1,113 +0,0 @@
# Set up Nginx proxy with MinIO Server [![Slack](https://slack.min.io/slack?type=svg)](https://slack.min.io)
Nginx is an open source Web server and a reverse proxy server.
In this recipe we will learn how to set up Nginx proxy with MinIO Server.
## 1. Prerequisites
Install MinIO Server from [here](https://min.io/docs/minio/linux/reference/minio-mc.html).
## 2. Installation
Install Nginx from [here](http://nginx.org/en/download.html).
## 3. Configuration
### Proxy all requests
Add the following content as a file ``/etc/nginx/sites-enabled``, e.g. ``/etc/nginx/sites-enabled/minio`` and also remove the existing ``default`` file in same directory.
```sh
server {
listen 80;
server_name example.com;
# To allow special characters in headers
ignore_invalid_headers off;
# Allow any size file to be uploaded.
# Set to a value such as 1000m; to restrict file size to a specific value
client_max_body_size 0;
# To disable buffering
proxy_buffering off;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;
proxy_connect_timeout 300;
# Default is HTTP/1, keepalive is only enabled in HTTP/1.1
proxy_http_version 1.1;
proxy_set_header Connection "";
chunked_transfer_encoding off;
proxy_pass http://localhost:9000; # If you are using docker-compose this would be the hostname i.e. minio
# Health Check endpoint might go here. See https://www.nginx.com/resources/wiki/modules/healthcheck/
# /minio/health/live;
}
}
```
Note:
* Replace example.com with your own hostname.
* Replace ``http://localhost:9000`` with your own server name.
* Add ``client_max_body_size 1000m;`` in the ``http`` context in order to be able to upload large files — simply adjust the value accordingly. The default value is `1m` which is far too low for most scenarios. To disable checking of client request body size, set ``client_max_body_size`` to `0`.
* Nginx buffers responses by default. To disable Nginx from buffering MinIO response to temp file, set `proxy_buffering off;`. This will improve time-to-first-byte for client requests.
* Nginx disallows special characters by default. Set ``ignore_invalid_headers off;`` to allow headers with special characters.
### Proxy requests based on the bucket
If you want to serve web-application and MinIO from the same nginx port then you can proxy the MinIO requests based on the bucket name using path based routing. For nginx this uses the `location` directive, which also supports object key pattern-match based proxy splitting.
```sh
# Proxy requests to the bucket "photos" to MinIO server running on port 9000
location /photos/ {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;
proxy_connect_timeout 300;
# Default is HTTP/1, keepalive is only enabled in HTTP/1.1
proxy_http_version 1.1;
proxy_set_header Connection "";
chunked_transfer_encoding off;
proxy_pass http://localhost:9000;
}
# Proxy any other request to the application server running on port 9001
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;
proxy_connect_timeout 300;
# Default is HTTP/1, keepalive is only enabled in HTTP/1.1
proxy_http_version 1.1;
proxy_set_header Connection "";
chunked_transfer_encoding off;
proxy_pass http://localhost:9001;
}
```
## 4. Recipe Steps
### Step 1: Start MinIO server.
```sh
minio server /mydatadir
```
### Step 2: Restart Nginx server.
```sh
sudo service nginx restart
```
## Explore Further
Refer [this blog post](https://www.nginx.com/blog/enterprise-grade-cloud-storage-nginx-plus-minio/) for various MinIO and Nginx configuration options.

197
source/integrations/setup-nginx-proxy-with-minio.rst Normal file
View File

@ -0,0 +1,197 @@
.. _integrations-nginx-proxy:
======================================
Configure NGINX Proxy for MinIO Server
======================================
.. default-domain:: minio
.. contents:: Table of Contents
:local:
:depth: 2
The following documentation covers the minimum settings required to configure NGINX to proxy requests to MinIO.
This documentation assumes the following:
- An existing `NGINX <http://nginx.org/en/download.html>`__ deployment
- An existing :ref:`MinIO <minio-installation>` deployment
- A DNS hostname which uniquely identifies the MinIO deployment
There are two models for proxying requests to the MinIO Server API and the MinIO Console:
.. tab-set::
.. tab-item:: Dedicated DNS
Create or configure a dedicated DNS name for the MinIO service.
For the MinIO Server S3 API, proxy requests to the root of that domain.
For the MinIO Console Web GUI, proxy requests to the ``/minio`` subpath.
For example, given the hostname ``minio.example.net``:
- Proxy requests to the root ``https://minio.example.net`` to the MinIO Server listening on ``https://minio.local:9000``.
- Proxy requests to the subpath ``https://minio.example.net/minio`` to the MinIO Console listening on ``https://minio.local:9001``.
The following location blocks provide a template for further customization in your unique environment:
.. code-block:: nginx
:class: copyable
upstream minio {
least_conn;
server minio-01.internal-domain.com;
server minio-02.internal-domain.com;
server minio-03.internal-domain.com;
server minio-04.internal-domain.com;
}
server {
listen 80;
listen [::]:80;
server_name minio.example.net;
# Allow special characters in headers
ignore_invalid_headers off;
# Allow any size file to be uploaded.
# Set to a value such as 1000m; to restrict file size to a specific value
client_max_body_size 0;
# Disable buffering
proxy_buffering off;
proxy_request_buffering off;
location / {
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_connect_timeout 300;
# Default is HTTP/1, keepalive is only enabled in HTTP/1.1
proxy_http_version 1.1;
proxy_set_header Connection "";
chunked_transfer_encoding off;
proxy_pass https://minio:9000/; # This uses the upstream directive definition to load balance
}
location /minio {
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-NginX-Proxy true;
# This is necessary to pass the correct IP to be hashed
real_ip_header X-Real-IP;
proxy_connect_timeout 300;
# To support websockets in MinIO versions released after January 2023
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
chunked_transfer_encoding off;
proxy_pass https://minio:9001/; # This uses the upstream directive definition to load balance and assumes a static Console port of 9001
}
}
The S3 API signature calculation algorithm does *not* support proxy schemes where you host either the MinIO Server API or Console GUI on a subpath, such as ``example.net/s3/`` or ``example.net/console/``.
.. tab-item:: Subdomain
Create or configure separate, unique subdomains for the MinIO Server S3 API and for the MinIO Console Web GUI.
For example, given the root domain of ``example.net``:
- Proxy request to the subdomain ``minio.example.net`` to the MinIO Server listening on ``https://minio.local:9000``
- Proxy requests to the subdomain ``console.example.net`` to the MinIO Console listening on ``https://minio.local:9001``
The following location blocks provide a template for further customization in your unique environment:
.. code-block:: nginx
:class: copyable
upstream minio {
least_conn;
server minio-01.internal-domain.com;
server minio-02.internal-domain.com;
server minio-03.internal-domain.com;
server minio-04.internal-domain.com;
}
server {
listen 80;
listen [::]:80;
server_name minio.example.net;
# Allow special characters in headers
ignore_invalid_headers off;
# Allow any size file to be uploaded.
# Set to a value such as 1000m; to restrict file size to a specific value
client_max_body_size 0;
# Disable buffering
proxy_buffering off;
proxy_request_buffering off;
location / {
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_connect_timeout 300;
# Default is HTTP/1, keepalive is only enabled in HTTP/1.1
proxy_http_version 1.1;
proxy_set_header Connection "";
chunked_transfer_encoding off;
proxy_pass http://minio:9000/; # This uses the upstream directive definition to load balance
}
}
server {
listen 80;
listen [::]:80;
server_name console.example.net;
# Allow special characters in headers
ignore_invalid_headers off;
# Allow any size file to be uploaded.
# Set to a value such as 1000m; to restrict file size to a specific value
client_max_body_size 0;
# Disable buffering
proxy_buffering off;
proxy_request_buffering off;
location / {
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-NginX-Proxy true;
# This is necessary to pass the correct IP to be hashed
real_ip_header X-Real-IP;
proxy_connect_timeout 300;
# To support websocket
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
chunked_transfer_encoding off;
proxy_pass http://minio:9001/; # This uses the upstream directive definition to load balance and assumes a static Console port of 9001
}
}
The S3 API signature calculation algorithm does *not* support proxy schemes where you host either the MinIO Server API or Console GUI on a subpath, such as ``minio.example.net/s3/`` or ``console.example.net/gui``.

1
source/operations/install-deploy-manage/deploy-minio-multi-node-multi-drive.rst
View File

@ -56,6 +56,7 @@ The following load balancers are known to work well with MinIO:
Configuring firewalls or load balancers to support MinIO is out of scope for
this procedure.
The :ref:`integrations-nginx-proxy` reference provides a baseline configuration for using NGINX as a reverse proxy with basic load balancing configured.
Sequential Hostnames
~~~~~~~~~~~~~~~~~~~~

1
source/operations/install-deploy-manage/expand-minio-deployment.rst
View File

@ -68,6 +68,7 @@ The following load balancers are known to work well with MinIO:
Configuring firewalls or load balancers to support MinIO is out of scope for
this procedure.
The :ref:`integrations-nginx-proxy` reference provides a baseline configuration for using NGINX as a reverse proxy with basic load balancing configured.
Sequential Hostnames
~~~~~~~~~~~~~~~~~~~~