dustin
/
configpolicy
1
1
Fork 0
Code Issues Releases Activity

r/minio-nginx: Reverse proxy for MinIO 

The *minio-nginx* role configures nginx to proxy for MinIO.  It uses the
"subdomain" pattern, as described in [Configure NGINX Proxy for MinIO
Server][0]; the S3 API and the console UI are accessible through
different domain names.

[0]: https://min.io/docs/minio/linux/integrations/setup-nginx-proxy-with-minio.html
frigate-exporter
Dustin 2024-08-31 19:04:21 -05:00
parent 7ec7cad26a
commit 3c907d0a16
5 changed files with 113 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
roles/minio-nginx/handlers/main.yml Normal file
View File

@ -0,0 +1,4 @@
- name: reload nginx
service:
name: nginx
state: reloaded

7
roles/minio-nginx/meta/main.yml Normal file
View File

@ -0,0 +1,7 @@
dependencies:
- role: minio
tags:
- minio
- role: nginx
tags:
- nginx

37
roles/minio-nginx/tasks/main.yml Normal file
View File

@ -0,0 +1,37 @@
- name: ensure nginx is configured to proxy for minio
template:
src: minio.nginx.conf.j2
dest: /etc/nginx/default.d/minio.conf
owner: root
group: root
mode: u=rw,go=r
notify:
- reload nginx
tags:
- config
- nginx-config
- minio-nginx
- minio-backend
- name: ensure nginx is configured to proxy for minio console
template:
src: minio-console.nginx.conf.j2
dest: /etc/nginx/conf.d/minio-console.conf
owner: root
group: root
mode: u=rw,go=r
notify:
- reload nginx
tags:
- config
- nginx-config
- minio-nginx
- minio-console
- name: ensure selinux allows nginx to proxy
seboolean:
name: httpd_can_network_connect
persistent: true
state: true
tags:
- selinux

45
roles/minio-nginx/templates/minio-console.nginx.conf.j2 Normal file
View File

@ -0,0 +1,45 @@
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name {{ minio_console_domain }};
root /usr/share/nginx/html;
ssl_certificate "{{ nginx_ssl_certificate }}";
ssl_certificate_key "{{ nginx_ssl_certificate_key }}";
{% if nginx_ssl_ca_certificate is defined %}
ssl_client_certificate "{{ nginx_ssl_ca_certificate }}";
{% endif %}
ssl_session_cache {{ nginx_ssl_session_cache }};
ssl_session_timeout {{ nginx_ssl_session_timeout }};
ssl_ciphers {{ nginx_ssl_ciphers|join(':') }};
ssl_prefer_server_ciphers on;
client_max_body_size 0;
proxy_buffering off;
proxy_request_buffering off;
chunked_transfer_encoding off;
proxy_connect_timeout 300;
location / {
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
real_ip_header X-Real-IP;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_pass http://127.0.0.1:{{ minio_console_port }};
}
error_page 404 /404.html;
location = /40x.html {}
error_page 500 502 503 504 /50x.html;
location = /50x.html {}
}

20
roles/minio-nginx/templates/minio.nginx.conf.j2 Normal file
View File

@ -0,0 +1,20 @@
client_max_body_size 0;
proxy_buffering off;
proxy_request_buffering off;
chunked_transfer_encoding off;
proxy_connect_timeout 300;
location / {
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
real_ip_header X-Real-IP;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_pass http://127.0.0.1:{{ minio_port }};
}