S3 file server powered by MinIO AIStor (free-tier license), deployed with Docker Compose behind an existing Traefik reverse proxy.
A single MinIO AIStor container exposes two ports. Both are served through Traefik on the same HTTPS :443 entrypoint and routed by hostname:
| Hostname | Container port | Purpose |
|---|---|---|
data.simovilab.org |
9000 | S3 API |
console.data.simovilab.org |
9001 | Console (web UI) |
Traefik terminates TLS; MinIO speaks plain HTTP inside the traefik-proxy network, so no certificates are mounted into the container.
- A running Traefik instance with:
- a Docker network named
traefik-proxy, - an HTTPS entrypoint named
websecure(:443), - a certificate resolver named
letsencrypt.
- a Docker network named
- DNS records for
data.simovilab.organdconsole.data.simovilab.orgpointing at the server. - A MinIO AIStor license saved as
minio.licensein this directory (free-tier license available from the MinIO pricing page).
- Create your local config from the template:
Set a strong
cp .env.example .env
MINIO_ROOT_PASSWORD(e.g.openssl rand -base64 24) and adjust the domains or Traefik names if your setup differs. - Make sure
minio.licenseis present in this directory. - Start the server:
docker compose up -d docker compose logs -f minio
- S3 API:
https://data.simovilab.org - Console:
https://console.data.simovilab.org
Connect with the AIStor client (mc):
mc alias set data https://data.simovilab.org "$MINIO_ROOT_USER" "$MINIO_ROOT_PASSWORD"
mc mb data/my-bucket
mc cp ./somefile data/my-bucket- TLS is handled entirely by Traefik. The
certsdirectory from the MinIO docs is not needed in this setup. - The Console is pinned to port
9001via--console-address;MINIO_BROWSER_REDIRECT_URLtells it its public URL so logins and redirects work behind the proxy. .envandminio.licenseare gitignored — keep them out of version control.- For production, pin a specific
RELEASE.*image tag in.envinstead of:latest.