Deploying MinIO with Ease: A Step-by-Step Guide Using a VPS and Cloudflare Tunnel #MinIO Series Part 2

Deploying MinIO in Linux using VPS, configure your port using Cloudflare Tunnel

5 min readApr 20, 2024

In this tutorial I’ll install and deploy MinIO in my Virtual Private Server (VPS), more specific in Linux (Ubuntu). MinIO also provide some topologies to use. They are Single-Node Single-Drive, Single-Node Multi-Drive, and Multi-Node Multi-Drive. I’ll use the Single-Node Single-Drive or standalone topology since I’ll just use it for my personal project.

We’ll use Cloudflare tunnel to connect the port from our IP into the subdomain. Cloudflare tunnel also provide lots of security advantages that’ll protect our web servers from direct attacks. The tunnel establishes a secure, encrypted connection between the original web server and the closest Cloudflare data center, all without exposing any public inbound ports.

Special thanks to Tassamu as a co-author of this article. Without his help I don’t think I could have written this article. Check out his writings here!

Prerequisites

Domain name: from a hosting provider (example.com)
a Virtual Private Server (VPS)
Cloudflare account

1) Download the MinIO server in your VPS

sudo wget https://dl.min.io/server/minio/release/linux-amd64/archive/minio_20240406052602.0.0_amd64.deb -O minio.deb
sudo dpkg -i minio.deb

2) Create the `systemd` service file

The .deb or .rpm packages install the systemd service file to /usr/lib/systemd/system/minio.service. The systemd service file is used to define and manage MinIO service as systemd unit. Systemd service file is a system and service manager for Linux operating system. Systemd unit file define how systemd manages service like starting, stopping, and monitoring. We won’t touch the systemd service file and leave it default.

cat /usr/lib/systemd/system/minio.service

Your systemd service file should look like this

[Unit]
Description=MinIO
Documentation=https://min.io/docs/minio/linux/index.html
Wants=network-online.target
After=network-online.target
AssertFileIsExecutable=/usr/local/bin/minio

[Service]
WorkingDirectory=/usr/local

User=minio-user
Group=minio-user
ProtectProc=invisible

EnvironmentFile=-/etc/default/minio
ExecStartPre=/bin/bash -c "if [ -z \"${MINIO_VOLUMES}\" ]; then echo \"Variable MINIO_VOLUMES not set in /etc/default/minio\"; exit 1; fi"
ExecStart=/usr/local/bin/minio server $MINIO_OPTS $MINIO_VOLUMES

# MinIO RELEASE.2023-05-04T21-44-30Z adds support for Type=notify (https://www.freedesktop.org/software/systemd/man/systemd.service.html#Type=)
# This may improve systemctl setups where other services use `After=minio.server`
# Uncomment the line to enable the functionality
# Type=notify

# Let systemd restart this service always
Restart=always

# Specifies the maximum file descriptor number that can be opened by this process
LimitNOFILE=65536

# Specifies the maximum number of threads this process can create
TasksMax=infinity

# Disable timeout logic and wait until process is stopped
TimeoutStopSec=infinity
SendSIGKILL=no

[Install]
WantedBy=multi-user.target

# Built for ${project.name}-${project.version} (${project.name})

The minio.service runs minio-user User and Group by default. We’ll create the User and Group using useradd and groupadd commands. We’ll also sets permissions to access the folder paths intended for use by MinIO using chown command. But before that we’ll create a new folder called data that’ll be use by MinIO using mkdir command.

sudo mkdir /data
sudo groupadd -r minio-user
sudo useradd -M -r -g minio-user minio-user
sudo chown minio-user:minio-user /data

If you want to user another User and Group you can set it in the systemd service file and add it.

3) Create the environment variable file

Create an environment variable file at /etc/default/minio

sudo vi /etc/default/minio

# MINIO_ROOT_USER and MINIO_ROOT_PASSWORD sets the root account for the MinIO server.
# This user has unrestricted permissions to perform S3 and administrative API operations on any resource in the deployment.
# Omit to use the default values 'minioadmin:minioadmin'.
# MinIO recommends setting non-default values as a best practice, regardless of environment

MINIO_ROOT_USER=myminioadmin
MINIO_ROOT_PASSWORD=minio-secret-key-change-me

# MINIO_VOLUMES sets the storage volume or path to use for the MinIO server.

MINIO_VOLUMES="/data"

# MINIO_OPTS sets any additional commandline options to pass to the MinIO server.
# For example, `--console-address :9001` sets the MinIO Console listen port
MINIO_OPTS="--console-address :9001"

# MINIO_SERVER_URL sets the hostname of the local machine for use with the MinIO Server
# MinIO assumes your network control plane can correctly resolve this hostname to the local machine

# Uncomment the following line and replace the value with the correct hostname for the local machine and port for the MinIO server (9000 by default).

#MINIO_SERVER_URL="http://minio.example.net:9000"

Change the minio root user and root password according to your needs.

4) Start the MinIO service

sudo systemctl start minio.service

Check the MinIO service is active

sudo systemctl status minio.service
journalctl -f -u minio.service

It should’ve look like this if there’s no error

5) Login into your Cloudflare account > zero trust

6) Click networks > tunnel > create tunnel

7) Select Cloudflare

8) Choose debian 64 bit and run the command in your VPS

It’s a free plan. You don’t have to worry.

9) Check your tunnel status

If it has been installed successfully, your tunnel status should be healthy or connected.

10) Click configure your tunnel > public hostname > add public hostname

11) Check your MinIO in the browser

Type your domain or the IP address with the port in the brower. Try to login into your account that you set in the environment variable. If there’s any problem when you try to login always check the log of the MinIO using this command