minio配置https

LiHaiYang 发布于 2023-10-8 14:34 阅读：2846 文件系统

创建证书存放路径

[root@VM-0-10-centos ~]# mkdir root/.minio/certs
[root@VM-0-10-centos ~]# cd .minio/certs

生成私钥

[root@VM-0-10-centos certs]# openssl genrsa -out private.key 1024
Generating RSA private key, 1024 bit long modulus
.............++++++
.........................................................++++++
e is 65537 (0x10001)

生成证书申请文件csr

[root@VM-0-10-centos certs]# openssl req -new -key private.key -out private.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:cn
State or Province Name (full name) []:bj
Locality Name (eg, city) [Default City]:bj
Organization Name (eg, company) [Default Company Ltd]:bj
Organizational Unit Name (eg, section) []:bj
Common Name (eg, your name or your server's hostname) []:minio.jishuliu.cn  #绑定的域名(此处随便写)
Email Address []:bj

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:  #密码建议为空
An optional company name []:  #密码建议为空

生成证书

[root@VM-0-10-centos certs]# openssl x509 -req -in private.csr -out public.crt -signkey private.key -days 3650
Signature ok
subject=/C=cn/ST=bj/L=bj/O=bj/OU=bj/CN=minio.jishuliu.cn/emailAddress=bj
Getting Private key

配置域名映射

[root@VM-0-10-centos certs]# ip addr show eth0  |grep inet
    inet 10.206.0.10/20 brd 10.206.15.255 scope global eth0
    inet6 fe80::5054:ff:fed6:e7d7/64 scope link 
[root@VM-0-10-centos certs]# echo "10.206.0.10 minio.jishuliu.cn" >> /etc/hosts  #证书的域名和本地的内网IP地址

启动minio

[root@VM-0-10-centos ~]# ./minio server /data --address "minio.jishuliu.cn:9000"

┏━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┓
┃ You are running an older version of MinIO released 2 years ago ┃
┃ Update: Run `mc admin update`                                  ┃
┗━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┛

Endpoint: https://minio.jishuliu.cn:9000 
RootUser: minioadmin 
RootPass: minioadmin 

Browser Access:
   https://minio.jishuliu.cn:9000

Command-line Access: https://docs.min.io/docs/minio-client-quickstart-guide
   $ mc alias set myminio https://minio.jishuliu.cn:9000 minioadmin minioadmin

Object API (Amazon S3 compatible):
   Go:         https://docs.min.io/docs/golang-client-quickstart-guide
   Java:       https://docs.min.io/docs/java-client-quickstart-guide
   Python:     https://docs.min.io/docs/python-client-quickstart-guide
   JavaScript: https://docs.min.io/docs/javascript-client-quickstart-guide
   .NET:       https://docs.min.io/docs/dotnet-client-quickstart-guide

Certificate:
    Signature Algorithm: SHA256-RSA
    Issuer: C=cn, ST=bj, UnknownOID=2.5.4.7, O=bj, OU=bj, CN=minio.jishuliu.cn, emailAddress=bj
    Validity
        Not Before: Sun, 08 Oct 2023 06:22:20 GMT
        Not After : Wed, 05 Oct 2033 06:22:20 GMT

Detected default credentials 'minioadmin:minioadmin', please change the credentials immediately using 'MINIO_ROOT_USER' and 'MINIO_ROOT_PASSWORD'
IAM initialization complete

访问需配置本地host访问minio指定的域名

扫描二维码，在手机上阅读