2.5 MinIO Object Store
Iceshrimp has some issues when the local file system is used to cache media files. Under iOS especially videos cannot be started. This problem seem to be solved in Iceshrimp.NET. I selected MinIO as object store. The subsequent sections describe the installation and how to configure Iceshrimp to make use of MinIO.
Install MinIO
To run MinIO as docker container you need to provide following docker-compose.yml file:
services:
minio:
command: 'server /data --console-address ":9001"'
image: quay.io/minio/minio:latest
restart: unless-stopped
volumes:
- './data:/data'
env_file: "./.env"
container_name: minio
ports:
- '127.0.0.1:9001:9001'
- '127.0.0.1:9000:9000'The administrator account and password is provided in the .env file which has following content:
MINIO_ROOT_USER=admin
MINIO_ROOT_PASSWORD=<SUPER_STRONG_ADMIN_PASSWORD>It is important to select a strong password for the admin user.
MinIO is providing its services on two ports:
- Port 9000: The S3 compatible file server.
- Port 9001: Console GUI on which you can configure MinIO
Caddy Setup
To make both services publicly available Caddy needs to be configured with an additional entry in its Caddyfile.
I assume you have created the domains s3.example.com and s3con.example.com that can be used for providing MinIO service on the internet.
Note
For a detailed documentation pleaser refer to the Caddy website.
Now you need to add following lines in the file /etc/caddy/Caddyfile:
s3.example.com {
reverse_proxy localhost:9000
}
s3con.example.com {
reverse_proxy localhost:9001
}With following commands Caddy will read the new configuration and you can check for the status:
cd /etc/caddy
sudo caddy reload
sudo service caddy statusCaddy will provide the MinIO GUI as website with the address https://s3con.example.com. The object store is accessible via https://s3.example.com. SSL certificates will be assigned and updated automatically.
Preparation to use MinIO with Iceshrimp
Iceshrimp User
Create a user, that Iceshrimp can use to access MinIO:
- Log into the https://s3con.example.com website with the admin credentials.
- From the menu select
Identity->Users. - Create a user
iceshrimpwith a strong password. - Enable
readwritepolicy for this user.
Iceshrimp Bucket
Create a bucket in which Iceshrimp can store its files:
- From the menu select
Buckets. - Click on
Create Bucket. - Provide a bucket name e.g.,
iceshrimp.
Define the Access Policy for the Iceshrimp Bucket
To allow read access for everyone, there needs to be defined a custom access policy for the Iceshrimp bucket:
- From the menu select
Buckets. - Click on the
iceshrimpbucket. - In the summary click on the pen at the
Access Policy. - Select
Customfrom the drop-down menu. - Fill
Write Policywith the following content and clickSet.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": [
"*"
]
},
"Action": [
"s3:GetObject"
],
"Resource": [
"arn:aws:s3:::iceshrimp/*"
]
}
]
}Set the Region of the Object Store
- From the menu select
Configuration. - Under
Regionset e.g.home-server. - Click on the
Savebutton.
Configure Iceshrimp to use MinIO as Object Store
Log into Iceshrimp as administrator and click on Control Panel.
Now select Object Storage under Settings.
Fill the fields with following content:
- Base URL: https://s3.example.com/iceshrimp
- Bucket: iceshrimp
- Prefix: ish
- Endpoint: s3.example.com
- Region: home-server
- Access Key: iceshrimp
- Secret Key: The password you provided for the user iceshrimp in MinIO.
- Enable the Use SSL switch.
- Enable the s3ForcePathStyle switch.
- At the end enable the “Use object storage” switch at the top.
- Don’t forget to clock on the checkmark in the upper right cornet to save the new configuration.
From now on, Iceshrimp will use the MinIO object storage to store the media cache. The file system storage is still used for the media which has been stored before. So do not just delete the old storage location.