New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Best practices for MinIO?
raindog308
Administrator, Veteran
in General
I love PikaPods and they've recently added the option to enable S3 backups (docs).
While I could plug it into B2, I also have plenty of idlers, so I was thinking of spinning up a MinIO instance.
I realize it uses https and requires credentials, so it's not like any one could just come by and download my buckets. But is that all there is to it? I've never used MinIO and I'm wondering if there is something more I need to do in terms of maintenance, security, etc. Is it one of those "install and it just works" or is there more I should be thinking of?
Comments
Encrypt data at rest. Use access control / service accounts to connect to services (similar concept to using application specific passwords).
Nice to see Pikapods enabling backups. Shame they won't support custom images but their reasoning makes sense. However, this also means that some of their competitors offer features they don't.
Forgot to tag @m4nu
not kind of maintenance but kind of Quality of Life.
I used to host minio once on Potato CPU storage vps with Syncthing Instance on the same vps and with only 1GB RAM. Worst Nightmare.
My recommendation is hosting minio on VPS with decent IO and CPU. plus running in Docker so you don't have to worrying about keeping up-to-date.
You mean pikapids?
jokes aside I am using garage and alist for my s3 usage currently as when I tried minio it was "heavy" for my simple backup and storage handler used on some of my websites.
I really need to do a better job of proofreading...
Or hire someone else to do that for you, maybe some AI like copilot or something self hosted? Btw, We aren't going to update the permalink?
When generating Access Keys, restrict to per bucket ('Restrict beyond user policy').
No - it's already gone out on social, etc.
minio is not LE friendly (inefficient io path, esp. many small files). Use seaweedfs s3 api, which supports async cloud tiering (any rclone backend) that can take advantage of cheap storage boxes.
You are christian. I've been looking for something like this for AGES.
Is there a Borg backup option? I imagine that would be better.
Is Garage appropriate for LE?
Not if you care about durability without extra unnecessary storage space cost, which requires erasure coding (EC) and/or cloud tiering. Otherwise, it's a very nice ivory tower exercise.
If you like the project, please consider backing the open source project if you have means.