698 字

3 分钟

Docker-Compose 自部署 MinIO S3 对象存储服务

2025-01-14

2026-01-28

minio-s3

MinIO 是个开源的对象存储服务器，兼容 Amazon S3 API。MinIO 在大数据、云计算和容器化环境中广泛应用，为应用程序提供了可靠、高效的对象存储服务。很多项目都支持 S3 接口，Lobe-Chat、思源笔记、Obsidian 的 Self-hosted LiveSync 插件都能用它做数据同步。因此自部署一个 MinIO 单节点 S3 对象存储服务器，自己用起来也方便许多。

环境准备#

先确认有 Docker:

1
docker -v
2
docker-compose -v

如果没有 Docker 或 Docker Compose，装一下:

1
# 安装 Docker
2
curl -sSL https://get.docker.com/ | sh
3
systemctl start docker
4
systemctl enable docker
5

6
# 安装 Docker Compose
7
curl -L https://github.com/docker/compose/releases/download/v2.9.0/docker-compose-`uname -s`-`uname -m` -o /usr/local/bin/docker-compose
8

9
# 赋予 docker-compose 执行权限
10
chmod +x /usr/local/bin/docker-compose

部署#

创建目录:

1
mkdir -p /opt/minio/{s3_data,config}
2
cd /opt/minio

docker-compose.yml:

1
version: "3.5"
2

3
services:
4
  minio:
5
    image: minio/minio:RELEASE.2025-04-22T22-12-26Z
6
    container_name: minio
7
    restart: always
8
    ports:
9
      - "9000:9000"  # API
10
      - "9001:9001"  # 控制台
11
    environment:
12
      TZ: "Asia/Shanghai"
13
      MINIO_ROOT_USER: "admin"  # 可以改成你的用户名
14
      MINIO_ROOT_PASSWORD: "your-strong-password"  # 换成强密码
15
      MINIO_CORS_ALLOW_ORIGIN: "*"
16
    healthcheck:
17
      test: ["CMD", "curl", "-f", "http://localhost:9000/minio/health/live"]
18
      interval: 30s
19
      timeout: 10s
20
      retries: 5
21
      start_period: 60s
22
    volumes:
23
      - ./s3_data:/data
24
      - ./config:/root/.minio
25
    command: "server /data --console-address :9001 --address :9000"

启动:

1
docker-compose up -d

等几分钟容器完全启动，浏览器访问控制台:

1
http://你的服务器IP:9001

用你设置的用户名密码登录。

API 地址是:

1
http://你的服务器IP:9000

日常维护#

1
# 停止
2
docker-compose down
3

4
# 重启
5
docker-compose restart
6

7
# 更新镜像
8
docker-compose pull
9
docker-compose up -d
10

11
# 查看日志
12
docker-compose logs -f minio

排查问题#

访问不了先检查防火墙:

1
# Ubuntu/Debian
2
sudo ufw allow 9000/tcp
3
sudo ufw allow 9001/tcp
4

5
# CentOS/RHEL
6
sudo firewall-cmd --add-port=9000/tcp --permanent
7
sudo firewall-cmd --add-port=9001/tcp --permanent
8
sudo firewall-cmd --reload

看端口占用:

1
netstat -tlnp | grep :9000
2
netstat -tlnp | grep :9001

检查容器状态:

1
docker ps | grep minio

Nginx 反向代理#

准备工作#

防火墙开放 80 和 443 端口
准备两个二级域名, DNS 记录指向你的服务器 IP:
- api.your-domain.com → 你的服务器 IP
- console.your-domain.com → 你的服务器 IP

配置#

Debian/Ubuntu 保存到 /etc/nginx/sites-available/minio，CentOS/RHEL 保存到 /etc/nginx/conf.d/minio.conf:

1
# API
2
server {
3
    listen 80;
4
    server_name api.your-domain.com;
5
    return 301 https://$server_name$request_uri;
6
}
7

8
server {
9
    listen 443 ssl http2;
10
    server_name api.your-domain.com;
11

12
    ssl_certificate /etc/ssl/certs/your-domain.crt;
13
    ssl_certificate_key /etc/ssl/private/your-domain.key;
14

15
    ssl_protocols TLSv1.2 TLSv1.3;
16
    ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512;
17
    ssl_prefer_server_ciphers on;
18

19
    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
20
    add_header X-Content-Type-Options nosniff;
21
    add_header X-Frame-Options DENY;
22

23
    location / {
24
        proxy_pass http://localhost:9000;
25
        proxy_set_header Host $http_host;
26
        proxy_set_header X-Real-IP $remote_addr;
27
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
28
        proxy_set_header X-Forwarded-Proto $scheme;
29
        proxy_connect_timeout 300;
30
        proxy_http_version 1.1;
31
        proxy_set_header Connection "";
32
        chunked_transfer_encoding off;
33
    }
34
}
35

36
# Console
37
server {
38
    listen 80;
39
    server_name console.your-domain.com;
40
    return 301 https://$server_name$request_uri;
41
}
42

43
server {
44
    listen 443 ssl http2;
45
    server_name console.your-domain.com;
46

47
    ssl_certificate /etc/ssl/certs/your-domain.crt;
48
    ssl_certificate_key /etc/ssl/private/your-domain.key;
49

50
    ssl_protocols TLSv1.2 TLSv1.3;
51
    ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512;
52
    ssl_prefer_server_ciphers on;
53

54
    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
55
    add_header X-Content-Type-Options nosniff;
56
    add_header X-Frame-Options DENY;
57

58
    location / {
59
        proxy_pass http://localhost:9001;
60
        proxy_set_header Host $http_host;
61
        proxy_set_header X-Real-IP $remote_addr;
62
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
63
        proxy_set_header X-Forwarded-Proto $scheme;
64
        proxy_set_header X-Forwarded-Prefix /;
65

66
        proxy_http_version 1.1;
67
        proxy_set_header Upgrade $http_upgrade;
68
        proxy_set_header Connection "upgrade";
69

70
        proxy_connect_timeout 300;
71
        proxy_send_timeout 300;
72
        proxy_read_timeout 300;
73
    }
74
}

申请 SSL 证书#

推荐用 Let’s Encrypt:

1
# Debian/Ubuntu
2
sudo apt install certbot python3-certbot-nginx
3
sudo certbot certonly --nginx -d api.your-domain.com -d console.your-domain.com
4

5
# CentOS/RHEL
6
sudo dnf install certbot python3-certbot-nginx
7
sudo certbot certonly --nginx -d api.your-domain.com -d console.your-domain.com

证书在 /etc/letsencrypt/live/your-domain.com/,包含 fullchain.pem 和 privkey.pem。

改 Nginx 配置里的证书路径:

1
ssl_certificate /etc/letsencrypt/live/your-domain.com/fullchain.pem;
2
ssl_certificate_key /etc/letsencrypt/live/your-domain.com/privkey.pem;

测试并重载:

1
sudo nginx -t
2
sudo systemctl reload nginx

现在用 HTTPS 访问:

API: https://api.your-domain.com
控制台: https://console.your-domain.com

支持与分享

如果这篇文章对你有帮助，欢迎分享给更多人或赞助支持！

赞助

Docker-Compose 自部署 MinIO S3 对象存储服务

https://blog.moewah.com/posts/2877/

作者

GoWah

发布于

2025-01-14

许可协议

CC BY-NC-SA 4.0

SEO入门指南：5个技巧让网站排名飙升

通过 Let's Encrypt 获取免费 SSL 证书的两种方法！

Docker-Compose 自部署 MinIO S3 对象存储服务

环境准备#

部署#

日常维护#

排查问题#

Nginx 反向代理#

准备工作#

配置#

申请 SSL 证书#

推荐文章

支持与分享

目录