docker安装minio支持arm架构,并通过nginx转发
docker安装minio支持arm架构,并通过nginx转发
直接docker安装
minio:
image: minio/minio:RELEASE.2021-10-27T16-29-42Z
container_name: minio
ports:
# api 端口
- "9000:9000"
# 控制台端口
- "9001:9001"
environment:
# 时区上海
TZ: Asia/Shanghai
# 管理后台用户名
MINIO_ACCESS_KEY: ruphy
# 管理后台密码,最小8个字符
MINIO_SECRET_KEY: azi123...
# https需要指定域名
MINIO_SERVER_URL: ""
# 开启压缩 on 开启 off 关闭
MINIO_COMPRESS: "off"
# 扩展名 .pdf,.doc 为空 所有类型均压缩
MINIO_COMPRESS_EXTENSIONS: ""
# mime 类型 application/pdf 为空 所有类型均压缩
MINIO_COMPRESS_MIME_TYPES: ""
volumes:
# 映射当前目录下的data目录至容器内/data目录
- ./data/minio/data:/data
# 映射配置目录
- ./data/minio/config:/root/.minio/
command: server --address ':9000' --console-address ':9001' /data # 指定容器中的目录 /data
privileged: true
# restart: always
networks:
my_net:
ipv4_address: 172.30.0.54
deploy:
resources:
limits:
cpus: 0.25
memory: 512M
reservations:
# cpus: 0.2
memory: 128M
支持mc命令的arm版本
下载安装包
wget https://dl.min.io/server/minio/release/linux-arm64/minio
wget https://dl.min.io/client/mc/release/linux-arm64/mc -O mc
编写Dockerfile
FROM eclipse-temurin:17-jdk-jammy as builder
# 复制预下载的 minio 和 mc 二进制(ARM64)
COPY minio /tmp/minio
COPY mc /tmp/mc
RUN chmod +x /tmp/minio && \
chmod +x /tmp/mc
# 最终镜像(使用更轻量的基础镜像)
FROM nginx:1.21.4
# 从 builder 阶段复制 minio 和 mc 二进制
COPY --from=builder /tmp/minio /usr/local/bin/minio
COPY --from=builder /tmp/mc /usr/local/bin/mc
RUN chmod +x /usr/local/bin/minio && \
chmod +x /usr/local/bin/mc && \
# 创建 mc 配置目录
mkdir -p /root/.mc
# 创建必要目录
RUN mkdir -p /data
# 环境变量
ENV MINIO_ACCESS_KEY=ruphy \
MINIO_SECRET_KEY=azi123... \
MINIO_ROOT_USER=ruphy \
MINIO_ROOT_PASSWORD=azi123... \
MINIO_SERVER_URL=""
# 暴露端口
EXPOSE 9000 9001
# 健康检查
HEALTHCHECK --interval=30s --timeout=5s \
CMD curl -f http://localhost:9000/minio/health/live || exit 1
# 启动脚本(包含自动配置 mc alias)
COPY entrypoint.sh /entrypoint.sh
RUN chmod +x /entrypoint.sh
ENTRYPOINT ["/entrypoint.sh"]
同目录编写entrypoint.sh
#!/bin/sh
# 启动 MinIO 服务器(后台运行)
/usr/local/bin/minio server \
--address ":9000" \
--console-address ":9001" \
/data &
# 等待服务器健康
until curl -f http://localhost:9000/minio/health/live; do
echo "等待 MinIO 启动..."
sleep 1
done
# 配置 mc alias
SERVER_URL="${MINIO_SERVER_URL:-http://localhost:9000}"
mc alias set myminio \
"$SERVER_URL" \
"$MINIO_ROOT_USER" \
"$MINIO_ROOT_PASSWORD" --insecure
# 保持容器运行
wait
打包镜像
docker build -t minio:arm64 .
编写docker-compose.yml配置文件
# 对象存储 OSS
mw-minio:
image: minio:arm64
container_name: mw-minio
ports:
# api 端口
- "19000:19000"
# 控制台端口
- "19001:19001"
# - "80:80"
environment:
# 时区上海
TZ: Asia/Shanghai
# 管理后台用户名
MINIO_ACCESS_KEY: ruphy
MINIO_ROOT_USER: ruphy
# 管理后台密码,最小8个字符
MINIO_SECRET_KEY: Azi123...
MINIO_ROOT_PASSWORD: Azi123...
# https需要指定域名
MINIO_SERVER_URL: ""
#MINIO_SERVER_URL: "http://www.baidu.com:19000"
#MINIO_BROWSER_REDIRECT_URL: "http://www.baidu.com"
MINIO_DOMAIN: www.baidu.com # 域名绑定
MINIO_PUBLIC_IPS: 192.168.10.6
# 开启压缩 on 开启 off 关闭
MINIO_COMPRESS: "off"
# 扩展名 .pdf,.doc 为空 所有类型均压缩
MINIO_COMPRESS_EXTENSIONS: ""
# mime 类型 application/pdf 为空 所有类型均压缩
MINIO_COMPRESS_MIME_TYPES: ""
volumes:
# 映射当前目录下的data目录至容器内/data目录
- ./data/minio/data:/data
# 映射配置目录
- ./data/minio/config:/root/.minio/
# command: server --address ':19000' --console-address ':19001' /data # 不能覆盖entrypoint.sh
privileged: true
restart: always
networks:
mw_net:
ipv4_address: 192.168.10.6
deploy:
resources:
limits:
memory: 2048M
reservations:
memory: 1024M
说明
移除了 command 指令,因为新的 Dockerfile 使用 entrypoint.sh 脚本自动处理启动命令,脚本已包含完整的启动参数:server --address ':9000' --console-address ':9001' /data
nginx配置
worker_processes auto; # 自动根据CPU核心数设置
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 2048; # 提高连接数
use epoll; # 使用高性能事件模型
multi_accept on; # 同时接受多个连接
}
http {
include mime.types;
default_type application/octet-stream;
# 增强版日志格式
log_format detailed '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for" '
'rt=$request_time uct="$upstream_connect_time" '
'uht="$upstream_header_time" urt="$upstream_response_time" '
'cs=$upstream_cache_status';
access_log /var/log/nginx/access.log detailed buffer=32k flush=5s;
# 基础优化参数
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
server_tokens off; # 隐藏Nginx版本号
# 连接优化
reset_timedout_connection on;
client_body_timeout 12;
client_header_timeout 12;
# 文件上传可能需要更大的body大小限制
client_max_body_size 200M;
send_timeout 10;
# Gzip压缩配置
gzip on;
gzip_min_length 1k;
gzip_comp_level 4;
gzip_types text/plain text/css application/json application/javascript text/xml;
# 代理通用配置
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
server {
listen 80;
server_name www.xxx.com;
# 静态资源缓存控制
location ~* \.(js|css|png|jpg|jpeg|gif|ico|woff2)$ {
expires 30d;
access_log off;
add_header Cache-Control "public, no-transform";
}
# WebSocket支持
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
root /usr/share/nginx/html/gzw/dist;
location ^~ /minio {
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header REMOTE-HOST $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Accept-Encoding ""; # 禁用压缩
proxy_pass http://minio:19000/;
sub_filter 'http://www.xxx.com' './';
}
# 直接返回 "OK" 的路径
location = /minio-console/server/minio/agplv3-ack {
add_header Content-Type text/plain;
return 200 "OK!";
}
# 必须加^~转发到http://minio:19001/xx, 否则会访问http://minio:19001/minio-console/xx
location ^~ /minio-console/ {
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header REMOTE-HOST $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Accept-Encoding ""; # 禁用压缩
proxy_pass http://minio:19001/;
sub_filter_types *;
sub_filter 'https://dl.min.io/' './';
sub_filter '<base href="/"/>' '<base href="/minio-console/"/>'; # 重要
proxy_set_header Cookie $http_cookie;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_read_timeout 86400;
}
# 避免端点安全问题
if ($request_uri ~ "/actuator"){
return 403;
}
# 安全控制
location ~ /\.ht {
deny all;
access_log off;
log_not_found off;
}
}
}
浙公网安备 33010602011771号