实用软件

Garage单节点搭建教程(基于docker compose)

前言 因minio社区版v2.0.0更新摈弃掉了ui的一大堆功能,github中changelog描述为”Community version is going back to be an object browser only“。其次minio管理面板的license中将Intended Use描述

前言

因minio社区版v2.0.0更新摈弃掉了ui的一大堆功能,github中changelog描述为”Community version is going back to be an object browser only“。其次minio管理面板的license中将Intended Use描述为Test and Dev Use,且官方推荐做法是用户管理等操作使用mc命令,此处引用terrytw@reddit的一句话:”This feels like a redis moment for them. How much value do they think they can extract from the whole 5 additional users who switched to their paid version because of this?“

同时,官方的一些所作所为让我感觉minio对个人用户可能并不关心,具体如下:

此时,发现了开源的Garage,在此记录一下相关配置过程

配置过程

编辑docker-compose.yaml文件

networks:
    storage_net_internal:
      internal: true
      
services:  
  garage:
    image: dxflrs/garage:v1.1.0
    container_name: garage
    hostname: "garage"
    environment:
      TZ: Asia/Shanghai
    volumes:
      - ./garage/config/garage.toml:/etc/garage.toml
      - ./data:/var/lib/garage/data
      - ./garage/meta:/var/lib/garage/meta
    networks:
      - storage_net_internal
    restart: always

  garage-webui:
    image: khairul169/garage-webui:latest
    container_name: garage-webui
    restart: unless-stopped
    volumes:
      - ./garage/config/garage.toml:/etc/garage.toml:ro
    environment:
      API_BASE_URL: "http://garage:3903"
      S3_ENDPOINT_URL: "http://garage:3900"
    networks:
      - storage_net_internal

  nginx:
    image: nginx:latest
    container_name: nginx
    ports:
      - 80:80
      - 443:443
    volumes:
      - ./nginx/conf.d:/etc/nginx/conf.d:ro
      - ./nginx/log:/var/log/nginx
      - ./nginx/ssl:/etc/nginx/ssl
    depends_on:
      - garage
    networks:
      - storage_net_internal
      - default
    restart: always

创建garage.toml配置文件

注意:配置文件中的demo.com请按需修改

cat > ./garage/config/garage.toml <<EOF
metadata_dir = "/var/lib/garage/meta"
data_dir = "/var/lib/garage/data"
db_engine = "lmdb"

replication_mode = "none"

compression_level = 1

rpc_bind_addr = "0.0.0.0:3901"
rpc_public_addr = "127.0.0.1:3901"
rpc_secret = "$(openssl rand -hex 32)"

[s3_api]
s3_region = "garage"
api_bind_addr = "0.0.0.0:3900"
root_domain = "s3.demo.com"

[s3_web]
bind_addr = "0.0.0.0:3902"
root_domain = "s3.demo.com"
index = "index.html"

[admin]
api_bind_addr = "0.0.0.0:3903"
metrics_token = "$(openssl rand -hex 32)"
admin_token = "$(openssl rand -hex 32)"
EOF

编辑nginx配置文件

注意:配置文件中的demo.com请按需修改,并保存到./nginx/conf.d/<CONF FILE NAME>.conf 

server {
  listen 80;
  server_name s3.demo.com;

  location / {
      return 301 https://$host$request_uri;
  }
}

server {
  listen 443 ssl;
  server_name s3.demo.com;

  ssl_certificate /etc/nginx/ssl/demo.com/fullchain.pem;
  ssl_certificate_key /etc/nginx/ssl/demo.com/privkey.pem;

  ssl_protocols TLSv1.3 TLSv1.2 TLSv1.1 TLSv1; 
  ssl_ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:!aNULL:!eNULL:!EXPORT:!DSS:!DES:!RC4:!3DES:!MD5:!PSK:!KRB5:!SRP:!CAMELLIA:!SEED; 
  ssl_prefer_server_ciphers on; 
  ssl_session_cache shared:SSL:10m; 
  ssl_session_timeout 10m; 

  proxy_set_header X-Forwarded-Proto https; 
  proxy_set_header Host $host; 
  proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 
  proxy_set_header X-Forwarded-Host $server_name; 
  proxy_set_header X-Real-IP $remote_addr; 
  proxy_http_version 1.1; 
  proxy_set_header Upgrade $http_upgrade; 
  proxy_set_header Connection $http_connection; 

  location / {
      proxy_pass http://garage:3900;
  }
}

# webui不需要鉴权,建议不对外
server {
  listen 443 ssl;
  server_name s3-manage.demo.com;

  ssl_certificate /etc/nginx/ssl/demo.com/fullchain.pem;
  ssl_certificate_key /etc/nginx/ssl/demo.com/privkey.pem;

  ssl_protocols TLSv1.3 TLSv1.2 TLSv1.1 TLSv1; 
  ssl_ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:!aNULL:!eNULL:!EXPORT:!DSS:!DES:!RC4:!3DES:!MD5:!PSK:!KRB5:!SRP:!CAMELLIA:!SEED; 
  ssl_prefer_server_ciphers on; 
  ssl_session_cache shared:SSL:10m; 
  ssl_session_timeout 10m; 

  proxy_set_header X-Forwarded-Proto https; 
  proxy_set_header Host $host; 
  proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 
  proxy_set_header X-Forwarded-Host $server_name; 
  proxy_set_header X-Real-IP $remote_addr; 
  proxy_http_version 1.1; 
  proxy_set_header Upgrade $http_upgrade; 
  proxy_set_header Connection $http_connection; 

  location / {
      proxy_pass http://garage-webui:3909;
  }
}

启动Garage服务

docker compose up -d

创建集群布局

注:详见官方文档,单节点也需要创建

查看Garage节点id

docker compose exec -it garage /garage status

创建集群布局

docker compose exec -it garage /garage layout assign -z dc1 -c 600G <node_id>

应用集群布局

docker compose exec -it garage /garage layout apply --version 1

后记

至此,你的garage已经可以通过webui进行配置存储桶、密钥等,开始使用吧!

Comment