services: minio: image: minio/minio:latest # add to renovate; https://github.com/renovatebot/renovate/issues/2438 container_name: minio restart: unless-stopped pull_policy: missing ports: # - '9000:9000' # S3 - '9001:9001' # WebUI networks: - traefik volumes: - data:/data # wird im "command" verwendet/gesetzt environment: MINIO_ROOT_USER: "{{ lookup('viczem.keepass.keepass', 'minio_admin_user', 'username') }}" MINIO_ROOT_PASSWORD: "{{ lookup('viczem.keepass.keepass', 'minio_admin_user', 'password') }}" command: server /data --console-address ":9001" healthcheck: # https://github.com/minio/minio/issues/18389 test: ["CMD", "mc", "ready", "local"] interval: 5s timeout: 5s retries: 5 labels: traefik.enable: true # s3 traefik.http.routers.minio-s3.service: minio-s3 traefik.http.routers.minio-s3.priority: "10" traefik.http.routers.minio-s3.rule: Host(`s3.mgrote.net`) traefik.http.routers.minio-s3.tls: true traefik.http.routers.minio-s3.tls.certresolver: resolver_letsencrypt traefik.http.routers.minio-s3.entrypoints: entry_https traefik.http.services.minio-s3.loadbalancer.server.port: 9000 # WebUI # traefik.http.routers.minio-ui.service: minio-ui # traefik.http.routers.minio-ui.priority: "20" # traefik.http.routers.minio-ui.rule: Host(`ui-s3.mgrote.net`) # traefik.http.routers.minio-ui.tls: true # traefik.http.routers.minio-ui.tls.certresolver: resolver_letsencrypt # traefik.http.routers.minio-ui.entrypoints: entry_https # traefik.http.services.minio-ui.loadbalancer.server.port: 9001 # traefik.http.routers.minio-ui.middlewares: minio-ui-ipallowlist # also entferne den Prefix danach wieder # traefik.http.middlewares.minio-ui-ipallowlist.ipallowlist.sourcerange: 192.168.2.0/24,10.25.25.0/24 # traefik.http.middlewares.minio-ui-ipallowlist.ipallowlist.ipstrategy.depth: 0 # https://doc.traefik.io/traefik/middlewares/http/ipallowlist/#ipstrategydepth ######## Networks ######## networks: traefik: external: true ######## Volumes ######## volumes: data: # Doku: https://wiki.mgrote.net/pages/_Technik/software/s3/minio/