MinIO Deployment with Docker Compose and Nginx Reverse Proxy

When working with modern cloud-native environments, object storage solutions like MinIO play a critical role. In this project, I set up MinIO using Docker Compose, To make the service easily accessible, I configured Nginx as a reverse proxy. Here’s a step-by-step breakdown of how I built and configured this solution.

Why MinIO?

MinIO is an open-source object storage solution that is lightweight, fast, and S3-compatible. It’s perfect for hosting object storage for modern applications, whether self-hosted or part of a larger infrastructure.

For this project, my goals were:

  1. Deploy MinIO in a containerized environment using Docker Compose.
  2. Ensure persistent data storage with Docker volumes.
  3. Use Nginx to serve MinIO storage and its console through a custom domain.

Environment Setup

1. Docker Compose Configuration

The docker-compose.yml file defines the MinIO service. Here’s what I implemented:

version: '3.1'
services:
  minio:
    image: quay.io/minio/minio:RELEASE.2024-11-07T00-52-20Z
    container_name: "minio"
    hostname: minio
    ports:
      - "${MINIO_SOCKET}:9000"
      - "${MINIO_DATA_SOCKET}:9001"
    environment:
      MINIO_ROOT_USER: $MINIO_ROOT_USER
      MINIO_ROOT_PASSWORD: $MINIO_ROOT_PASSWORD
      MINIO_SERVER_URL: $MINIO_SERVER_URL
      MINIO_BROWSER_REDIRECT_URL: $MINIO_BROWSER_REDIRECT_URL
    command: server /data --console-address ":9001"
    volumes:
      - minio-data:/data
    restart: always
volumes:
  minio-data:

Key Features:

  • MinIO is exposed on port 9000 for storage and 9001 for the management console.
  • Persistent data storage is ensured using a Docker volume named minio-data.
  • Environment variables provide flexibility for managing credentials and service URLs.
2. Environment Variables

The .env file stores configuration details like root credentials, platform, and service URLs.

COMPOSE_PROJECT_NAME=minio

MINIO_SOCKET=127.0.0.1:9000
MINIO_DATA_SOCKET=127.0.0.1:9001

MINIO_ROOT_USER=admin
MINIO_ROOT_PASSWORD=<secure-password>

MINIO_SERVER_URL="https://minio.example.net"
MINIO_BROWSER_REDIRECT_URL="https://minio.example.net/minio/ui"

With this approach, sensitive data like passwords can be managed securely without hardcoding them in the compose file.

Reverse Proxy with Nginx

To improve accessibility and security, I configured Nginx as a reverse proxy. This allows MinIO to be accessed using a custom domain: https://minio.example.net.

Here’s the Nginx configuration:

upstream minio_s3 {
   server 127.0.0.1:9000;   
}

upstream minio_console {
   server 127.0.0.1:9001;
}

server {
   listen       80;
   listen  [::]:80;
   server_name  minio.example.net;

   ignore_invalid_headers off;
   client_max_body_size 100m;
   proxy_buffering off;
   proxy_request_buffering off;

   location / {
      proxy_set_header Host $http_host;
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header X-Forwarded-Proto $scheme;

      proxy_connect_timeout 300;
      proxy_http_version 1.1;
      proxy_set_header Connection "";
      chunked_transfer_encoding off;

      proxy_pass http://minio_s3;
   }

   location /minio/ui/ {
      rewrite ^/minio/ui/(.*) /$1 break;
      proxy_set_header Host $http_host;
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header X-Forwarded-Proto $scheme;
      proxy_set_header X-NginX-Proxy true;

      real_ip_header X-Real-IP;
      proxy_connect_timeout 300;

      proxy_http_version 1.1;
      proxy_set_header Upgrade $http_upgrade;
      proxy_set_header Connection "upgrade";

      chunked_transfer_encoding off;

      proxy_pass http://minio_console;
   }
}

Key Highlights:

  • The upstream directive defines separate routes for MinIO’s S3 API (9000) and console (9001).
  • Configurations like client_max_body_size and proxy_set_header ensure compatibility and security.
  • WebSocket support is enabled for the MinIO console.

How It Works

Launch the MinIO Service:
Run the following command to start the MinIO container:

docker-compose up -d

Access the Service:

  • S3-compatible storage: https://minio.example.net
  • Web console: https://minio.example.net/minio/ui

Persistent Data Storage:
The minio-data volume retains all uploaded files, ensuring no data loss even if the container restarts.

Environment-Specific Configuration:
By using environment variables, the deployment can be tailored to different setups with minimal changes.

Conclusion

This project successfully demonstrates how MinIO can be deployed using Docker Compose with enhanced accessibility via Nginx. By leveraging containerization and reverse proxying, this setup is scalable, secure, and ready for production use.

This project reflects my ability to:

  • Configure and deploy containerized applications.
  • Use reverse proxy servers for routing and security.
  • Solve real-world deployment challenges.

With MinIO, you get a robust object storage solution ready to serve modern applications seamlessly.

Share your passion

Related Posts