Deploy MinIO with Docker Compose.
- setup infrastructure by terraform.
- config environment variables in
.envfile. - run
docker compose up -dto start services. - run
sh helper.sh applyto apply tls certs. - run
sh helper.sh renewto check if renewal works. - config cron to automatically renew tls certs (see below).
Edit .env to configure env vars available in compose.yaml.
Duplicate template.env as .env to get started.
Due to historical reasons, the command for docker compose differs.
It can be either docker compose (new) or docker-compose (old).
Thus specify the command by DOCKER_COMPOSE env var in .env file.
Cloudflare Tunnel
provides a secure way to host without a publicly IP address.
It's recommended to set up infrastructures like Cloudflare Tunnel by Terraform.
See more in terraform/README.md.
By default, template files in /etc/nginx/templates/*.template will be read
and the result of executing envsubst will be output to /etc/nginx/conf.d/.
See more in Using environment variables in nginx configuration (new in 1.19).
Scripts under /docker-entrypoint.d are automatically executed by nginx container.
dummy-tls.sh is mounted there for creating dummy tls certs to avoid nginx crash loop.
The dummy tls certs will be replaced by eligible ones after running sh helper.sh apply.
Nginx is also used in conjunction with certbot to apply and renew tls certificates.
apply-tls.sh and renew-tls.sh
are helper scripts to simplify TLS certs management.
Both of them will source the env vars defined in .env file.
apply-tls.sh will probably be executed only once (if everything's ok in Get Started).
renew-tls.sh should be executed repeatedly before tls certs expire (no more than 3 months).
To reduce manual work, it's recommended to config crontab in the host system.
# run the following command in the root path of this repo.
sudo tee /etc/cron.d/minio-compose << EOF
# renew every 2 months (on the first day of the month).
0 0 1 */2 * root cd $(pwd) && sh helper.sh renew
EOF