diff --git a/docker-compose/minio/docker-compose.yml.j2 b/docker-compose/minio/docker-compose.yml.j2
new file mode 100644
index 00000000..703edbdc
--- /dev/null
+++ b/docker-compose/minio/docker-compose.yml.j2
@@ -0,0 +1,53 @@
+services:
+  minio:
+    image: minio/minio:latest # add to renovate; https://github.com/renovatebot/renovate/issues/2438
+    container_name: minio
+    restart: unless-stopped
+    pull_policy: missing
+    ports:
+      # - '9000:9000' # S3
+      - '9001:9001' # WebUI
+    networks:
+      - traefik
+    volumes:
+      - data:/data # wird im "command" verwendet/gesetzt
+    environment:
+      MINIO_ROOT_USER: "{{ lookup('viczem.keepass.keepass', 'minio_admin_user', 'username') }}"
+      MINIO_ROOT_PASSWORD: "{{ lookup('viczem.keepass.keepass', 'minio_admin_user', 'password') }}"
+    command: server /data --console-address ":9001"
+    healthcheck: # https://github.com/minio/minio/issues/18389
+      test: ["CMD", "mc", "ready", "local"]
+      interval: 5s
+      timeout: 5s
+      retries: 5
+    labels:
+      traefik.enable: true
+      # s3
+      traefik.http.routers.minio-s3.service: minio-s3
+      traefik.http.routers.minio-s3.priority: "10"
+      traefik.http.routers.minio-s3.rule: Host(`s3.mgrote.net`)
+      traefik.http.routers.minio-s3.tls: true
+      traefik.http.routers.minio-s3.tls.certresolver: resolver_letsencrypt
+      traefik.http.routers.minio-s3.entrypoints: entry_https
+      traefik.http.services.minio-s3.loadbalancer.server.port: 9000
+      # WebUI
+      # traefik.http.routers.minio-ui.service: minio-ui
+      # traefik.http.routers.minio-ui.priority: "20"
+      # traefik.http.routers.minio-ui.rule: Host(`ui-s3.mgrote.net`)
+      # traefik.http.routers.minio-ui.tls: true
+      # traefik.http.routers.minio-ui.tls.certresolver: resolver_letsencrypt
+      # traefik.http.routers.minio-ui.entrypoints: entry_https
+      # traefik.http.services.minio-ui.loadbalancer.server.port: 9001
+      # traefik.http.routers.minio-ui.middlewares: minio-ui-ipallowlist # also entferne den Prefix danach wieder
+      # traefik.http.middlewares.minio-ui-ipallowlist.ipallowlist.sourcerange: 192.168.2.0/24,10.25.25.0/24
+      # traefik.http.middlewares.minio-ui-ipallowlist.ipallowlist.ipstrategy.depth: 0 # https://doc.traefik.io/traefik/middlewares/http/ipallowlist/#ipstrategydepth
+
+######## Networks ########
+networks:
+  traefik:
+    external: true
+######## Volumes ########
+volumes:
+  data:
+
+# Doku: https://wiki.mgrote.net/pages/_Technik/software/s3/minio/
diff --git a/docker-compose/traefik/docker-compose.yml.j2 b/docker-compose/traefik/docker-compose.yml.j2
index e7d3643f..c7fa3b9b 100644
--- a/docker-compose/traefik/docker-compose.yml.j2
+++ b/docker-compose/traefik/docker-compose.yml.j2
@@ -50,8 +50,8 @@ services:
       - traefik
     healthcheck:
       test: ["CMD", "wget", "--quiet", "--spider", "--tries=1", "http://127.0.0.1:3000/login"]
-      interval: 30s
-      timeout: 10s
+      interval: 10s
+      timeout: 5s
       retries: 3
 
 ######## Networks ########
diff --git a/group_vars/blocky.yml b/group_vars/blocky.yml
index d330f2cf..585779dc 100644
--- a/group_vars/blocky.yml
+++ b/group_vars/blocky.yml
@@ -88,6 +88,8 @@ blocky_custom_lookups: # optional
     ip: 192.168.2.47
   - name: munin.mgrote.net
     ip: 192.168.2.40
+  - name: s3.mgrote.net
+    ip: 192.168.2.43
 
 ### mgrote_munin_node
 # kann git.mgrote.net nicht auflösen, deshalb hiermit IP
diff --git a/group_vars/munin.yml b/group_vars/munin.yml
index 29f4e06f..d3d4a5d2 100644
--- a/group_vars/munin.yml
+++ b/group_vars/munin.yml
@@ -104,7 +104,7 @@ munin_node_plugins:
     src: https://git.mgrote.net/mirrors/munin-contrib/raw/branch/master/plugins/http/http_response
     config: |
       [http_response]
-      env.sites https://git.mgrote.net http://ldap.mgrote.net:17170 https://docker10.mgrote.net:8443 https://registry.mgrote.net/ui/ http://munin.mgrote.net http://192.168.5.1 http://192.168.3.1 http://192.168.3.108:8080 http://192.168.3.204 http://docker10.mgrote.net:6483 https://miniflux.mgrote.net/ https://nextcloud.mgrote.net https://audio.mgrote.net/mg http://wiki.mgrote.net
+      env.sites https://git.mgrote.net http://ldap.mgrote.net:17170 https://docker10.mgrote.net:8443 https://registry.mgrote.net/ui/ http://munin.mgrote.net http://192.168.5.1 http://192.168.3.1 http://192.168.3.108:8080 http://192.168.3.204 http://docker10.mgrote.net:6483 https://miniflux.mgrote.net/ https://nextcloud.mgrote.net https://audio.mgrote.net/mg http://wiki.mgrote.net https://s3.mgrote.net
       env.max_time 20
       env.short_label true
       env.follow_redirect true
diff --git a/host_vars/docker10.mgrote.net.yml b/host_vars/docker10.mgrote.net.yml
index de6b330c..8f7f3cfb 100644
--- a/host_vars/docker10.mgrote.net.yml
+++ b/host_vars/docker10.mgrote.net.yml
@@ -64,6 +64,8 @@ compose_files:
     state: present
   - name: act-runner
     state: present
+  - name: minio
+    state: present
 
 ### oefenweb.ufw
 ufw_rules:
diff --git a/keepass_db.kdbx b/keepass_db.kdbx
index 5aeab26a..692beae4 100644
Binary files a/keepass_db.kdbx and b/keepass_db.kdbx differ