英文文档原文:
Configure NGINX Proxy for MinIO Server — MinIO Object Storage for Linux
原文开始:
The following documentation provides a baseline for configuring NGINX to proxy requests to MinIO in a Linux environment. It is not intended as a comprehensive approach to NGINX, proxying, or reverse proxying in general. Modify the configuration as necessary for your infrastructure.
This documentation assumes the following:
An existing NGINX deployment
An existing MinIO deployment
A DNS hostname which uniquely identifies the MinIO deployment
There are two models for proxying requests to the MinIO Server API and the MinIO Console:
以下文档提供了在Linux环境中将NGINX配置为代理MinIO请求的基线。它不是NGINX、代理或反向代理的综合方法。根据需要修改基础结构的配置。
本文档假定以下内容:
现有NGINX部署
现有的MinIO部署
唯一标识MinIO部署的DNS主机名
向MinIO服务器API和MinIO控制台代理请求有两种模型:
第一种模型:Dedicated DNS (专用DNS)
Create or configure a dedicated DNS name for the MinIO service.
For the MinIO Server S3 API, proxy requests to the root of that domain. For the MinIO Console Web GUI, proxy requests to the /minio
subpath.
For example, given the hostname minio.example.net
:
Proxy requests to the root https://minio.example.net
to the MinIO Server listening on https://minio.local:9000
.
Proxy requests to the subpath https://minio.example.net/minio/ui
to the MinIO Console listening on https://minio.local:9090
.
The following location blocks provide a template for further customization in your unique environment:
为MinIO服务创建或配置专用DNS名称。
对于MinIO服务器S3 API,代理请求到该域的根。对于MinIO控制台Web GUI,代理请求到/MinIO子路径。
例如,给定主机名minio.example.net:
对根的代理请求https://minio.example.net到正在侦听的MinIO服务器https://minio.local:9000.
对子路径的代理请求https://minio.example.net/minio/ui到正在侦听的MinIO控制台https://minio.local:9090.
以下位置块为在您的独特环境中进行进一步自定义提供了模板:
- upstream minio_s3 {
- least_conn;
- server minio-01.internal-domain.com:9000;
- server minio-02.internal-domain.com:9000;
- server minio-03.internal-domain.com:9000;
- server minio-04.internal-domain.com:9000;
- }
-
- upstream minio_console {
- least_conn;
- server minio-01.internal-domain.com:9090;
- server minio-02.internal-domain.com:9090;
- server minio-03.internal-domain.com:9090;
- server minio-04.internal-domain.com:9090;
- }
-
- server {
- listen 80;
- listen [::]:80;
- server_name minio.example.net;
-
- # Allow special characters in headers
- ignore_invalid_headers off;
- # Allow any size file to be uploaded.
- # Set to a value such as 1000m; to restrict file size to a specific value
- client_max_body_size 0;
- # Disable buffering
- proxy_buffering off;
- proxy_request_buffering off;
-
- location / {
- proxy_set_header Host $http_host;
- proxy_set_header X-Real-IP $remote_addr;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- proxy_set_header X-Forwarded-Proto $scheme;
-
- proxy_connect_timeout 300;
- # Default is HTTP/1, keepalive is only enabled in HTTP/1.1
- proxy_http_version 1.1;
- proxy_set_header Connection "";
- chunked_transfer_encoding off;
-
- proxy_pass https://minio_s3; # This uses the upstream directive definition to load balance
- }
-
- location /minio/ui/ {
- rewrite ^/minio/ui/(.*) /$1 break;
- proxy_set_header Host $http_host;
- proxy_set_header X-Real-IP $remote_addr;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- proxy_set_header X-Forwarded-Proto $scheme;
- proxy_set_header X-NginX-Proxy true;
-
- # This is necessary to pass the correct IP to be hashed
- real_ip_header X-Real-IP;
-
- proxy_connect_timeout 300;
-
- # To support websockets in MinIO versions released after January 2023
- proxy_http_version 1.1;
- proxy_set_header Upgrade $http_upgrade;
- proxy_set_header Connection "upgrade";
- # Some environments may encounter CORS errors (Kubernetes + Nginx Ingress)
- # Uncomment the following line to set the Origin request to an empty string
- # proxy_set_header Origin '';
-
- chunked_transfer_encoding off;
-
- proxy_pass https://minio_console; # This uses the upstream directive definition to load balance
- }
- }
The S3 API signature calculation algorithm does not support proxy schemes where you host the MinIO Server API such as example.net/s3/
.
You must also set the following environment variables for the MinIO deployment:
Set MINIO_SERVER_URL to the proxy host FQDN of the MinIO Server (https://minio.example.net
)
Set the MINIO_BROWSER_REDIRECT_URL to the proxy host FQDN of the MinIO Console (https://example.net/minio/ui
)
S3 API签名计算算法不支持托管MinIO Server API的代理方案,例如.net/S3/。
您还必须为MinIO部署设置以下环境变量:
将MINIO_SERVER_URL设置为MINIO服务器的代理主机FQDN(完整域名),
例如:(https://minio.example.net)
将MINIO_BROWSER_REDIRECT_URL设置为MINIO控制台的代理主机FQDN(完整域名)li(https://example.net/minio/ui)