做网站用图床是一个常见做法,好处是把静态文件放在一个专门的服务器上分担主站点的流量,通过异步延迟载入图片来优化网站的载入速度,本文介绍 Minio 的基本配置方法。
下载 Minio
wget https://dl.min.io/server/minio/release/linux-amd64/minio -P /usr/local/bin chmod +x /usr/local/bin
赋予 Minio 程序用户和组权限
chown www:www /usr/local/bin/minio
建议和 nginx 的用户和组相同,便于访问,我使用的是 www。
创建环境变量文件
配置文件定义环境变量,路径是 /etc/default/minio
MINIO_VOLUMES="/data/" MINIO_OPTS="-C /etc/minio --address 127.0.0.1:9000 --console-address 127.0.0.1:9001" MINIO_ROOT_USER="管理员账号" MINIO_ROOT_PASSWORD="管理员密码"
这里把配置文件设置在 /etc/minio,默认监听在 127.0.0.1 的 9000 和 9001 端口,其中 9000 端口用作 web 访问,9001 用作管理。注意修改 root 账户名称和密码,另外赋予 /data 访问权限(www):
使用 systemd 来管理
创建 systemd 脚本,文件路径为 /etc/systemd/system/minio.service:
[Unit] Description=MinIO Documentation=https://docs.min.io Wants=network-online.target After=network-online.target AssertFileIsExecutable=/usr/local/bin/minio [Service] WorkingDirectory=/usr/local/ User=minio-user Group=minio-user EnvironmentFile=/etc/default/minio ExecStartPre=/bin/bash -c "if [ -z \"${MINIO_VOLUMES}\" ]; then echo \"Variable MINIO_VOLUMES not set in /etc/default/minio\"; exit 1; fi" ExecStart=/usr/local/bin/minio server $MINIO_OPTS $MINIO_VOLUMES # Let systemd restart this service always Restart=always # Specifies the maximum file descriptor number that can be opened by this process LimitNOFILE=65536 # Disable timeout logic and wait until process is stopped TimeoutStopSec=infinity SendSIGKILL=no [Install] WantedBy=multi-user.target # Built for ${project.name}-${project.version} (${project.name})
开启并启动:
systemctl enable minio.service systemctl start minio.service
配置对外访问
在配置文件里,我们将 Minio 监听的是 127.0.0.1,默认只有本机能访问,我们需要配置 Nginx 的反向代理,并将访问地址暴露到互联网。具体过程略,有需要的请参考下面这篇文章:

配置好之后创建一个配置文件,将服务对外暴露(配置部分的 SSL 证书请自行用 acme.sh 申请,这里不赘述):
server { listen 443 ssl http2; #listen [::]:443 ssl http2; server_name XXXXXX.XXX; ssl_certificate /root/.acme.sh/XXX/fullchain.cer; ssl_certificate_key /root/.acme.sh/XXX/XXX.key; ssl_session_timeout 5m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; ssl_prefer_server_ciphers on; ssl_ciphers "TLS13-AES-256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-128-GCM-SHA256:TLS13-AES-128-CCM-8-SHA256:TLS13-AES-128-CCM-SHA256:EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5"; ssl_session_cache builtin:1000 shared:SSL:10m; # openssl dhparam -out /usr/local/nginx/conf/ssl/dhparam.pem 2048 ssl_dhparam /usr/local/nginx/conf/ssl/dhparam.pem; # To allow special characters in headers ignore_invalid_headers off; # Allow any size file to be uploaded. # Set to a value such as 1000m; to restrict file size to a specific value client_max_body_size 0; # To disable buffering proxy_buffering off; location / { proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-NginX-Proxy true; # This is necessary to pass the correct IP to be hashed real_ip_header X-Real-IP; proxy_connect_timeout 300; # To support websocket proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; chunked_transfer_encoding off; proxy_pass http://127.0.0.1:9001; } }
这里配置的是 console address,也就是管理界面。下面这个则是访问端口(9000)的配置文件(注意域名要跟管理部分区分开):
server { listen 443 ssl http2; #listen [::]:443 ssl http2; server_name access.XXXXXX.XXX; ssl_certificate /root/.acme.sh/XXX/fullchain.cer; ssl_certificate_key /root/.acme.sh/XXX/XXX.key; ssl_session_timeout 5m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; ssl_prefer_server_ciphers on; ssl_ciphers "TLS13-AES-256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-128-GCM-SHA256:TLS13-AES-128-CCM-8-SHA256:TLS13-AES-128-CCM-SHA256:EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5"; ssl_session_cache builtin:1000 shared:SSL:10m; # openssl dhparam -out /usr/local/nginx/conf/ssl/dhparam.pem 2048 ssl_dhparam /usr/local/nginx/conf/ssl/dhparam.pem; # To allow special characters in headers ignore_invalid_headers off; # Allow any size file to be uploaded. # Set to a value such as 1000m; to restrict file size to a specific value client_max_body_size 0; # To disable buffering proxy_buffering off; location / { proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_connect_timeout 300; # Default is HTTP/1, keepalive is only enabled in HTTP/1.1 proxy_http_version 1.1; proxy_set_header Connection ""; chunked_transfer_encoding off; proxy_pass http://127.0.0.1:9000; } }
配置完毕后重启 nginx
systemctl restart nginx
最后,通过刚才设置的账号密码登陆到管理界面,创建 Buckets,生成 Toeken,就可以正常使用了。对 WordPress 而言,建议使用下面这个插件对接 S3 对象存储:
文章评论