Compare commits
2 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
| b47d0c065c | |||
| 4e202ba7d5 |
20
.env.sample
20
.env.sample
@ -5,5 +5,25 @@ DOMAIN=minio.example.com
|
||||
#EXTRA_DOMAINS=', `www.minio.example.com`'
|
||||
LETS_ENCRYPT_ENV=production
|
||||
|
||||
COMPOSE_FILE=compose.yml
|
||||
|
||||
SECRET_SECRET_KEY_VERSION=v1 # length=20
|
||||
SECRET_ACCESS_KEY_VERSION=v1 # length=40
|
||||
|
||||
#######################
|
||||
##### OIDC CONFIG #####
|
||||
#######################
|
||||
|
||||
##### Required
|
||||
|
||||
#COMPOSE_FILE="$COMPOSE_FILE:compose.postgres.yml"
|
||||
#MINIO_IDENTITY_OPENID_CONFIG_URL=
|
||||
#MINIO_IDENTITY_OPENID_CLIENT_ID=
|
||||
#MINIO_IDENTITY_OPENID_CLIENT_SECRET=
|
||||
|
||||
##### Optional
|
||||
|
||||
#MINIO_IDENTITY_OPENID_CLAIM_NAME=
|
||||
#MINIO_IDENTITY_OPENID_CLAIM_PREFIX=
|
||||
#MINIO_IDENTITY_OPENID_SCOPES=
|
||||
#MINIO_IDENTITY_OPENID_COMMENT=
|
||||
20
compose.oidc.yml
Normal file
20
compose.oidc.yml
Normal file
@ -0,0 +1,20 @@
|
||||
version: "3.8"
|
||||
|
||||
services:
|
||||
app:
|
||||
secrets:
|
||||
- oidc_secret
|
||||
environment:
|
||||
- MINIO_IDENTITY_OPENID_CONFIG_URL
|
||||
- MINIO_IDENTITY_OPENID_CLIENT_ID
|
||||
- MINIO_IDENTITY_OPENID_CLIENT_SECRET
|
||||
- MINIO_IDENTITY_OPENID_CLAIM_NAME
|
||||
- MINIO_IDENTITY_OPENID_CLAIM_PREFIX
|
||||
- MINIO_IDENTITY_OPENID_SCOPES
|
||||
- MINIO_IDENTITY_OPENID_REDIRECT_URI
|
||||
- MINIO_IDENTITY_OPENID_COMMENT
|
||||
|
||||
secrets:
|
||||
oidc_secret:
|
||||
name: ${STACK_NAME}_oidc_secret_${SECRET_OIDC_SECRET_VERSION}
|
||||
external: true
|
||||
13
compose.yml
13
compose.yml
@ -3,7 +3,7 @@ version: "3.8"
|
||||
|
||||
services:
|
||||
app:
|
||||
image: minio/minio:RELEASE.2022-10-24T18-35-07Z
|
||||
image: minio/minio:RELEASE.2025-02-07T23-21-09Z
|
||||
volumes:
|
||||
- minio-data:/export
|
||||
networks:
|
||||
@ -34,12 +34,12 @@ services:
|
||||
#- "traefik.http.routers.${STACK_NAME}.middlewares=${STACK_NAME}-redirect"
|
||||
#- "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLForceHost=true"
|
||||
#- "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLHost=${DOMAIN}"
|
||||
- "coop-cloud.${STACK_NAME}.version=1.0.0+RELEASE.2022-10-24T18-35-07Z"
|
||||
- "coop-cloud.${STACK_NAME}.version=1.0.0+RELEASE.2025-02-07T23-21-09Z"
|
||||
healthcheck:
|
||||
test: ["CMD", "curl", "-f", "http://localhost:9000/minio/health/live"]
|
||||
interval: 30s
|
||||
timeout: 20s
|
||||
retries: 3
|
||||
test: [ "CMD", "mc", "ready", "local" ]
|
||||
interval: 5s
|
||||
timeout: 5s
|
||||
retries: 5
|
||||
|
||||
networks:
|
||||
proxy:
|
||||
@ -48,6 +48,7 @@ networks:
|
||||
volumes:
|
||||
minio-data:
|
||||
|
||||
|
||||
secrets:
|
||||
secret_key:
|
||||
external: true
|
||||
|
||||
33
entrypoint.sh.tml
Normal file
33
entrypoint.sh.tml
Normal file
@ -0,0 +1,33 @@
|
||||
#!/bin/sh
|
||||
|
||||
|
||||
if [ -f /run/secrets/oidc_secret ]; then
|
||||
export MINIO_IDENTITY_OPENID_CLIENT_SECRET=$(cat /run/secrets/oidc_secret)
|
||||
else
|
||||
echo "OIDC secret not found, skipping."
|
||||
fi
|
||||
|
||||
|
||||
# If command starts with an option, prepend minio.
|
||||
if [ "${1}" != "minio" ]; then
|
||||
if [ -n "${1}" ]; then
|
||||
set -- minio "$@"
|
||||
fi
|
||||
fi
|
||||
|
||||
docker_switch_user() {
|
||||
if [ -n "${MINIO_USERNAME}" ] && [ -n "${MINIO_GROUPNAME}" ]; then
|
||||
if [ -n "${MINIO_UID}" ] && [ -n "${MINIO_GID}" ]; then
|
||||
chroot --userspec=${MINIO_UID}:${MINIO_GID} / "$@"
|
||||
else
|
||||
echo "${MINIO_USERNAME}:x:1000:1000:${MINIO_USERNAME}:/:/sbin/nologin" >>/etc/passwd
|
||||
echo "${MINIO_GROUPNAME}:x:1000" >>/etc/group
|
||||
chroot --userspec=${MINIO_USERNAME}:${MINIO_GROUPNAME} / "$@"
|
||||
fi
|
||||
else
|
||||
exec "$@"
|
||||
fi
|
||||
}
|
||||
|
||||
## DEPRECATED and unsupported - switch to user if applicable.
|
||||
docker_switch_user "$@"
|
||||
Reference in New Issue
Block a user