54ae364def
This PR introduces two new features - AWS STS compatible STS API named AssumeRoleWithClientGrants ``` POST /?Action=AssumeRoleWithClientGrants&Token=<jwt> ``` This API endpoint returns temporary access credentials, access tokens signature types supported by this API - RSA keys - ECDSA keys Fetches the required public key from the JWKS endpoints, provides them as rsa or ecdsa public keys. - External policy engine support, in this case OPA policy engine - Credentials are stored on disks |
||
---|---|---|
.. | ||
config.sample.json | ||
README.md |
Minio Server config.json
(v27) Guide
Minio server stored all its configuration data in ${HOME}/.minio/config.json
file by default.For all releases beyond minio.RELEASE.2017-08-05T00-00-53Z, the configuration data will be migrated to the Minio's backend directory. All configuration changes can be made using mc admin config
get/set commands. Following sections provide detailed explanation of each fields and how to customize them. A complete example of config.json
is available here
Configuration Directory
The default configuration directory is ${HOME}/.minio
. Till the release RELEASE.2018-08-02T23-11-36Z
, Minio server configuration file (config.json
) was stored in the configuration directory. However for releases beyond RELEASE.2018-08-18T03-49-57Z
, the configuration file (only), has been migrated to the backend storage directory.
You can override the default configuration directory using --config-dir
command-line option. Please note that this won't have an effect on the config.json
file as it is always stored on the backend storage, along with data. Minio server generates a new config.json
with auto-generated access credentials when its started for the first time.
minio server --config-dir /etc/minio /data
Certificate Directory
TLS certificates are stored under ${HOME}/.minio/certs
directory. You need to place certificates here to enable HTTPS
based access. Read more about How to secure access to Minio server with TLS.
Following is the directory structure for Minio server with TLS certificates.
$ tree ~/.minio
/home/user1/.minio
├── certs
│ ├── CAs
│ ├── private.key
│ └── public.crt
Configuration Fields
Editing Configuration Fields
For releases after minio.RELEASE.2017-08-05T00-00-53Z, configuration changes can be done using mc
Get current configuration for Minio deployment
$ mc admin config get myminio/ > /tmp/myconfig
Set current configuration for Minio deployment
$ mc admin config set myminio < /tmp/myconfig
The mc admin
config API will evolve soon to be able to configure specific fields using get/set commands.
Version
Field | Type | Description |
---|---|---|
version |
string | version determines the configuration file format. Any older version will be automatically be migrated to the latest version upon startup. [DO NOT EDIT THIS FIELD MANUALLY] |
Credential
Field | Type | Description |
---|---|---|
credential |
Auth credential for object storage and web access. | |
credential.accessKey |
string | Access key of minimum 3 characters in length. You may override this field with MINIO_ACCESS_KEY environment variable. |
credential.secretKey |
string | Secret key of minimum 8 characters in length. You may override this field with MINIO_SECRET_KEY environment variable. |
Example:
export MINIO_ACCESS_KEY=admin
export MINIO_SECRET_KEY=password
minio server /data
Region
Field | Type | Description |
---|---|---|
region |
string | region describes the physical location of the server. By default it is blank. You may override this field with MINIO_REGION environment variable. If you are unsure leave it unset. |
Example:
export MINIO_REGION="my_region"
minio server /data
Worm
Field | Type | Description |
---|---|---|
worm |
string | Enable this to turn on Write-Once-Read-Many. By default it is set to off . You may override this field with MINIO_WORM environment variable. |
Example:
export MINIO_WORM=on
minio server /data
Storage Class
Field | Type | Description |
---|---|---|
storageclass |
Set storage class for configurable data and parity, as per object basis. | |
storageclass.standard |
string | Value for standard storage class. It should be in the format EC:Parity , for example to set 4 disk parity for standard storage class objects, set this field to EC:4 . |
storageclass.rrs |
string | Value for reduced redundancy storage class. It should be in the format EC:Parity , for example to set 3 disk parity for reduced redundancy storage class objects, set this field to EC:3 . |
By default, parity for objects with standard storage class is set to N/2
, and parity for objects with reduced redundancy storage class objects is set to 2
. Read more about storage class support in Minio server here.
Cache
Field | Type | Description |
---|---|---|
drives |
[]string | List of mounted file system drives with atime support enabled |
exclude |
[]string | List of wildcard patterns for prefixes to exclude from cache |
expiry |
int | Days to cache expiry |
maxuse |
int | Percentage of disk available to cache |
Notify
Field | Type | Description |
---|---|---|
notify |
Notify enables bucket notification events for lambda computing via the following targets. | |
notify.amqp |
Configure to publish Minio events via AMQP target. | |
notify.nats |
Configure to publish Minio events via NATS target. | |
notify.elasticsearch |
Configure to publish Minio events via Elasticsearch target. | |
notify.redis |
Configure to publish Minio events via Redis target. | |
notify.postgresql |
Configure to publish Minio events via PostgreSQL target. | |
notify.kafka |
Configure to publish Minio events via Apache Kafka target. | |
notify.webhook |
Configure to publish Minio events via Webhooks target. | |
notify.mysql |
Configure to publish Minio events via MySql target. | |
notify.mqtt |
Configure to publish Minio events via MQTT target. |
Environment only settings
Browser
Enable or disable access to web UI. By default it is set to on
. You may override this field with MINIO_BROWSER
environment variable.
Example:
export MINIO_BROWSER=off
minio server /data
Domain
By default, Minio supports path-style requests which look like http://mydomain.com/bucket/object. MINIO_DOMAIN environmental variable is used to enable virtual-host-style requests. If the request Host
header matches with (.+).mydomain.com
then the mattched pattern $1
is used as bucket and the path is used as object. More information on path-style and virtual-host-style here
Example:
export MINIO_DOMAIN=mydomain.com
minio server /data