Ubuntu Server with MinIO + Let's Encrypt + Laravel

Installing and Setting Up MinIO on Ubuntu + Lets Encrypt + Laravel integration

Looking for a cost-effective alternative to Amazon S3? MinIO is a great option. In this guide, we’ll walk you through the installation and basic setup of MinIO on your Ubuntu server, along with bonus steps to integrate it with Laravel/PHP.

Of course, setting this up is at your own risk. We are not responsible for anything.

Step 1: Set up Ubuntu Server

Before we begin, make sure you have an Ubuntu server up and running.

Step 2: Install MinIO

To install MinIO, follow the instructions provided in the official MinIO documentation.

Step 3: Configure MinIO systemd Service

After the installation, add the systemd minio.service file. If it’s not added automatically, you can manually add it. You can find an example file here.

Open the minio.service file and remove the following lines:

User=minio-user
Group=minio-user

Without these lines, MinIO will work in the root as described in this GitHub issue.

Step 4: Install Let’s Encrypt SSL Certificate

MinIO supports SSL encryption. To set up SSL, you can use Let’s Encrypt, a free and widely trusted SSL certificate provider.

Follow the instructions at https://certbot.eff.org for Ubuntu to install Let’s Encrypt and generate your SSL certificate.

Step 5: Configure MinIO with Let’s Encrypt

Once you have the SSL certificate generated, you need to configure MinIO to use it. Here’s how:

Copy the SSL certificate files to the MinIO directory:

cp /etc/letsencrypt/live/yourdomain.com/fullchain.pem /root/.minio/certs/public.crt
cp /etc/letsencrypt/live/yourdomain.com/privkey.pem /root/.minio/certs/private.key

Set up a crontab to renew the SSL certificate weekly:

0 5 * * 1 cp /etc/letsencrypt/live/yourdomain.com/fullchain.pem /root/.minio/certs/public.crt
0 5 * * 5 cp /etc/letsencrypt/live/yourdomain.com/privkey.pem /root/.minio/certs/private.key

Step 6: Change MinIO Settings

Modify the MinIO configuration file:

nano /etc/default/minio

Update the following settings:

MINIO_VOLUMES="/mnt/data"
MINIO_OPTS="--address :9000 --console-address :9001"

MINIO_ROOT_USER="your_username"

MINIO_ROOT_PASSWORD="your_password"

MINIO_SERVER_URL="https://yourdomain.com:9000"

MINIO_CONFIG_ENV_FILE=/etc/default/minio

Step 7: Change Default Username and Password

Change the default username and password to secure your MinIO installation.

Step 8: Restart MinIO Service

Restart the MinIO service to apply the changes:

sudo systemctl restart minio.service

Check the status to ensure MinIO is running:

sudo systemctl status minio.service

Step 9: Enable MinIO on Startup

To enable MinIO to run on startup, use the following command:

systemctl enable minio

Step 10: Create a Bucket

Create a bucket in MinIO to store your files. You can use the MinIO web interface or the MinIO command-line tool to create a bucket.

Step 11: Create a Policy for the Bucket

Create a policy for the bucket to define access permissions. Here’s an example policy:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "s3:*"
      ],
      "Resource": [
        "arn:aws:s3:::your_bucket/*"
      ]
    }
  ]
}

Step 12: Create a User and Assign the New Policy

Create a user in MinIO and assign the previously created policy to the user.

Generate an access key and secret key for the user. You will need these keys in the next steps.

Step 13: Set Up Laravel Support for MinIO

If you’re using Laravel or PHP, you can integrate MinIO with your application using the league/flysystem-aws-s3-v3 package.

Install the package via Composer:

composer require league/flysystem-aws-s3-v3 "^3.0"

Next, update the filesystems.php configuration file:

'cloud' => env('FILESYSTEM_CLOUD', 'minio'),
...

'minio' => [
'driver' => 's3',
'endpoint' => env('MINIO_ENDPOINT', 'https://yourdomain.com:9000'),
'use_path_style_endpoint' => true,
'key' => env('MINIO_KEY', '...'),
'secret' => env('MINIO_SECRET', '...'),
'region' => env('MINIO_REGION', 'JUSTSOMETHINGRANDOM'),
'bucket' => env('MINIO_BUCKET', 'BUCKETNAME'),
],

Step 14: Test MinIO Integration in Laravel

Verify the MinIO integration by using Laravel’s tinker console:

php artisan tinker
\Storage::cloud()->put('hello.json', '{"hello": "world"}');
\Storage::cloud()->get('hello.json');

This should return something like “true” or something successful. If not, you can add this filesystems debug option to MinIO: ‘throw’=> env(‘APP_DEBUG’), so it will become something like:

'cloud' => env('FILESYSTEM_CLOUD', 'minio'),
...

'minio' => [
'driver' => 's3',
'endpoint' => env('MINIO_ENDPOINT', 'https://yourdomain.com:9000'),
'use_path_style_endpoint' => true,
'key' => env('MINIO_KEY', '...'),
'secret' => env('MINIO_SECRET', '...'),
'region' => env('MINIO_REGION', 'JUSTSOMETHINGRANDOM'),
'bucket' => env('MINIO_BUCKET', 'BUCKETNAME'),
'throw' => env('APP_DEBUG', false)
],

This will only debug / throw error messages when APP_DEBUG is on. Never run this in production or in sensitive environments.

Step 15: Set Up Reverse DNS

Set up reverse DNS if possible.

Step 16: Restart and Verify

Restart your server and verify that MinIO and the integration with Laravel are still functioning correctly. This will (hopefully) mean that systemd is still working properly.

Step 17: Configure Firewalls

To improve security, you can set up firewalls to restrict access to MinIO:

  • For admin access, allow connections only from your home/office IP addresses.
  • For web access, allow connections only from the IPs of the servers that need access.

Always be wary of the fact that if your home, office or server IP changes, you will have to add them to the whitelist. If the IP addresses change to frequently, take other proper security steps for your server.

By following these steps, you can install and set up a basic MinIO server on your Ubuntu server, avoiding the high costs associated with Amazon S3. Integrating MinIO with Laravel/PHP allows you to leverage the power of object storage in your applications while maintaining control over your data and costs.

Also create a disk space checker cronjob that mails if your disk is almost full, especially if you are using MinIO in single server mode. MinIO has the ability to link multiple servers and replication zones to each other.

If this is too complex, we also created a guide for setting up a simple SFTP server for Ubuntu / Laravel.

Leave a Comment

Your email address will not be published. Required fields are marked *

en_USEnglish
Scroll to Top