nginx with MINIO_SERVER_URL - allanrogerr/public GitHub Wiki

ssh -p 20254 [email protected] -o ServerAliveInterval=5 -o "ServerAliveCountMax 100000" -o "StrictHostKeyChecking=off"

cat << FFF > setup-nginx.sh #!/bin/bash

echo "Increase file descriptors available to nginx" if grep -q "nginx.*soft.*nofile.*65536;" /etc/security/limits.conf; then echo "soft limit to file descriptors for nginx already setup" else sudo tee -a /etc/security/limits.conf << EOF nginx soft nofile 65536; EOF echo "soft limit to file descriptors for nginx set to 65536" fi if grep -q "nginx.*hard.*nofile.*65536;" /etc/security/limits.conf; then echo "hard limit to file descriptors for nginx already setup" else sudo tee -a /etc/security/limits.conf << EOF nginx hard nofile 65536; EOF echo "hard limit to file descriptors for nginx set to 65536" fi

echo "Installing NGINX" > /home/ubuntu/setup-proxy-infrastructure.log sudo apt update sudo apt install -y nginx

echo "Preparing NGINX" sudo rm -rf /etc/nginx/sites-available/ sudo mkdir -p /etc/nginx/sites-available/ sudo rm -rf /etc/nginx/sites-enabled/ sudo mkdir -p /etc/nginx/sites-enabled/

sudo rm -rf /etc/nginx/streams-available/ sudo mkdir -p /etc/nginx/streams-available/ sudo rm -rf /etc/nginx/streams-enabled/ sudo mkdir -p /etc/nginx/streams-enabled/ if grep -q "include /etc/nginx/streams-enabled/*;" /etc/nginx/nginx.conf; then echo "streams already setup" else sudo chmod 666 /etc/nginx/nginx.conf sudo tee -a /etc/nginx/nginx.conf << EOF stream { include /etc/nginx/streams-enabled/*; } EOF echo "streams setup" fi

echo "Increase worker connections for listening sockets" if grep -q "worker_connections 65536;" /etc/nginx/nginx.conf; then echo "worker_connections already setup" else sudo sed -i 's/worker_connections.*[0-9];/worker_connections 65536;/' /etc/nginx/nginx.conf echo "worker_connections setup" fi

echo "Add client_max_body_size to enable large transfers" if grep -q "client_max_body_size" /etc/nginx/nginx.conf; then echo "client_max_body_size already setup" else sudo sed -i 's/http {/&\n client_max_body_size 1000M;/' /etc/nginx/nginx.conf echo "client_max_body_size setup" fi

echo "Increase the maximum number of open files per nginx worker process" if grep -q "worker_rlimit_nofile 65536;" /etc/nginx/nginx.conf; then echo "worker_rlimit_nofile already setup" else sudo tee -a /etc/nginx/nginx.conf << EOF worker_rlimit_nofile 65536; EOF echo "worker_rlimit_nofile setup" fi

echo "Generating cipher" sudo openssl dhparam -out /etc/ssl/certs/dhparam.pem 2048

echo "Testing NGINX" (sudo nginx -t 2>&1) && sudo systemctl reload nginx && (echo "Setup complete" ) && exit

echo "Setup failed" FFF

chmod +x setup-nginx.sh ./setup-nginx.sh

wget https://dl.min.io/server/minio/release/linux-amd64/minio chmod +x minio mkdir -p /tmp/data pkill minio MINIO_SERVER_URL=http://nginx-server.minio.training:10000 MINIO_BROWSER_REDIRECT_URL=http://nginx-test.minio.training/minio/ui/ ./minio server /tmp/data --address :9000 --console-address :9090 & MINIO_SERVER_URL=http://nginx-server.minio.training:10000 MINIO_BROWSER_REDIRECT_URL=http://nginx-test.minio.training/minio/ui/ ./minio server /tmp/data --address :9001 --console-address :9091 & MINIO_SERVER_URL=http://nginx-server.minio.training:10000 MINIO_BROWSER_REDIRECT_URL=http://nginx-test.minio.training/minio/ui/ ./minio server /tmp/data --address :9002 --console-address :9092 & MINIO_SERVER_URL=http://nginx-server.minio.training:10000 MINIO_BROWSER_REDIRECT_URL=http://nginx-test.minio.training/minio/ui/ ./minio server /tmp/data --address :9003 --console-address :9093 &

MINIO_SERVER_URL to the proxy host FQDN of the MinIO Server (https://minio.example.net)

sudo tee /etc/nginx/sites-available/nginx-test.minio.training << EOF upstream minio_s3 {

least_conn;

server 127.0.0.1:9000; server 127.0.0.1:9001; server 127.0.0.1:9002; server 127.0.0.1:9003; }

upstream minio_console {

least_conn;

server 127.0.0.1:9090; server 127.0.0.1:9091; server 127.0.0.1:9092; server 127.0.0.1:9093; }

server { listen 80; listen [::]:80; server_name nginx-test.minio.training;

Allow special characters in headers

ignore_invalid_headers off;

Allow any size file to be uploaded.

Set to a value such as 1000m; to restrict file size to a specific value

client_max_body_size 0;

Disable buffering

proxy_buffering off; proxy_request_buffering off;

location /api/ { proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme;

  proxy_connect_timeout 300;
  # Default is HTTP/1, keepalive is only enabled in HTTP/1.1
  proxy_http_version 1.1;
  proxy_set_header Connection "";
  chunked_transfer_encoding off;

  proxy_pass http://minio_s3; # This uses the upstream directive definition to load balance

}

location /minio/ui/ { rewrite ^/minio/ui/(.*) /$1 break; proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-NginX-Proxy true;

  # This is necessary to pass the correct IP to be hashed
  real_ip_header X-Real-IP;

  proxy_connect_timeout 300;

  # To support websockets in MinIO versions released after January 2023
  proxy_http_version 1.1;
  proxy_set_header Upgrade \$http_upgrade;
  proxy_set_header Connection "upgrade";
  # Some environments may encounter CORS errors (Kubernetes + Nginx Ingress)
  # Uncomment the following line to set the Origin request to an empty string
  # proxy_set_header Origin '';

  chunked_transfer_encoding off;

  proxy_pass http://minio_console; # This uses the upstream directive definition to load balance

} } EOF

sudo ln -snf /etc/nginx/sites-available/nginx-test.minio.training /etc/nginx/sites-enabled/ sudo nginx -t 2>&1 sudo nginx -s reload

⚠️ **GitHub.com Fallback** ⚠️