-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy path.env.example
More file actions
178 lines (140 loc) · 6.91 KB
/
.env.example
File metadata and controls
178 lines (140 loc) · 6.91 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
# =============================================================================
# MinIO - Environment Configuration
# =============================================================================
# S3-compatible object storage with automated initialization.
# Documentation: https://min.io/docs/minio/linux/reference/minio-server/settings/
# =============================================================================
# =============================================================================
# Stack Configuration
# =============================================================================
# Container name prefix (used for container names, volumes, networks)
STACK_NAME=s3_example_domain_com
# Container timezone
# Default: Etc/UTC
TIME_ZONE=Etc/UTC
# =============================================================================
# Image Configuration
# =============================================================================
# -----------------------------------------------------------------------------
# Production Images (Pre-built from GHCR)
# -----------------------------------------------------------------------------
# Used in docker-compose-single.yml and docker-compose-single-traefik.yml
# MinIO server image
MINIO_IMAGE=ghcr.io/bauer-group/cs-minio/minio
MINIO_VERSION=latest
# Init container image (bucket/user initialization)
MINIO_INIT_IMAGE=ghcr.io/bauer-group/cs-minio/minio-init
MINIO_INIT_VERSION=latest
# Admin console image (web-based management UI)
CONSOLE_IMAGE=ghcr.io/bauer-group/cs-minio/minio-console
CONSOLE_VERSION=latest
# -----------------------------------------------------------------------------
# Build Images (Development / CI)
# -----------------------------------------------------------------------------
# Used for local Docker builds: docker compose build
# MinIO source repository and release tag
# Built from source: no pre-built image for security fix RELEASE.2025-10-15T17-29-55Z
BASE_MINIO_REPO=https://github.com/karlspace/MinIO.git
BASE_MINIO_VERSION=RELEASE.2025-10-15T17-29-55Z
# MinIO Client (mc) source repository and version
BASE_MC_REPO=https://github.com/karlspace/MinIO-CLI.git
BASE_MC_VERSION=master
# Admin console source repository and branch
BASE_CONSOLE_REPO=https://github.com/karlspace/MinIO-UI.git
BASE_CONSOLE_VERSION=feature/admin-console-v2
# =============================================================================
# MinIO Server Configuration
# =============================================================================
# Root credentials (REQUIRED - change these!)
# Generate password: openssl rand -hex 32
MINIO_ROOT_USER=admin
MINIO_ROOT_PASSWORD=CHANGE_ME_SECURE_PASSWORD
# Default region for bucket creation
# Common values: eu-central-1, eu-west-1, us-east-1
MINIO_REGION=eu-central-1
# =============================================================================
# Port Settings (docker-compose-single.yml)
# =============================================================================
# Direct port binding when NOT using Traefik reverse proxy.
# S3 API port
EXPOSED_API_PORT=9000
# Console port (admin console)
EXPOSED_CONSOLE_PORT=9001
# =============================================================================
# Traefik Configuration (docker-compose-single-traefik.yml)
# =============================================================================
# DNS must resolve to these hostnames before starting.
# S3 API endpoint hostname
# Path-style access: https://{S3_HOSTNAME}/{bucket}/{key}
S3_HOSTNAME=s3.example.domain.com
# Console hostname (admin console)
S3_CONSOLE_HOSTNAME=s3-console.example.domain.com
# External Traefik network name (must already exist)
PROXY_NETWORK=EDGEPROXY
# DNS-style bucket access (optional)
# Requires wildcard certificate or explicit SANs for each bucket.
# Uncomment and add bucket hostnames if needed:
# S3_BUCKET_SANS=bucket1.s3.example.domain.com,bucket2.s3.example.domain.com
# =============================================================================
# Console Configuration
# =============================================================================
# The admin console provides a full management UI (users, policies, buckets,
# monitoring). MinIO's built-in browser is disabled.
#
# Image: ghcr.io/karlspace/minio-ui/minio-admin-console:latest
# Console credentials (created by init container with full admin privileges)
# Generate password: openssl rand -hex 32
CONSOLE_USER=console-admin
CONSOLE_PASSWORD=CHANGE_ME_SECURE_CONSOLE_PASSWORD
# =============================================================================
# Init Container Configuration
# =============================================================================
# The init container runs two config files in order:
# 1. Built-in default (baked into image) - creates pAdministrators policy,
# gAdministrators group, and console user from CONSOLE_USER/PASSWORD
# 2. User config (mounted) - your custom buckets, policies, users, etc.
#
# Supported resources:
# - Buckets (versioning, object-lock/WORM, quotas, retention, anonymous policy)
# - IAM Policies (create/update S3 policy documents)
# - Users (create/update with group membership and direct policies)
# - Groups (policy attachments)
# - Service Accounts (dynamic server-generated credentials, output as JSON)
#
# Service account credentials are generated dynamically by MinIO and written
# to the minio-credentials volume at /data/credentials/*.json.
# Other containers can mount the same volume to read credentials.
#
# JSON values support ${ENV_VAR} syntax for environment variable resolution.
# See config/minio-init.example.json for a full demo configuration.
# Path to JSON configuration file (bind-mounted into init container)
# Default: empty config (only built-in default.json runs)
# Copy config/minio-init.example.json to get started with a full example.
MINIO_INIT_CONFIG=./config/minio-init.json
# Timeout in seconds to wait for MinIO server to become healthy
MINIO_WAIT_TIMEOUT=60
# Application user credentials (example - referenced in config/minio-init.example.json)
# Uncomment and set these if using the demo configuration:
# APP_USER=app-service
# APP_PASSWORD=CHANGE_ME_APP_PASSWORD
# BACKUP_USER=backup-agent
# BACKUP_PASSWORD=CHANGE_ME_BACKUP_PASSWORD
# =============================================================================
# Deployment
# =============================================================================
#
# Single Mode (direct port access):
# docker compose -f docker-compose-single.yml up -d
# S3 API: http://localhost:${EXPOSED_API_PORT}
# Console: http://localhost:${EXPOSED_CONSOLE_PORT}
#
# Single Mode + Traefik (HTTPS):
# docker compose -f docker-compose-single-traefik.yml up -d
# S3 API: https://${S3_HOSTNAME}
# Console: https://${S3_CONSOLE_HOSTNAME}
#
# Development Mode (local builds from src/):
# docker compose -f docker-compose-development.yml up -d --build
# S3 API: http://localhost:${EXPOSED_API_PORT}
# Console: http://localhost:${EXPOSED_CONSOLE_PORT}
#