# MinIO Server Config Guide [![Slack](https://slack.min.io/slack?type=svg)](https://slack.min.io) [![Go Report Card](https://goreportcard.com/badge/minio/minio)](https://goreportcard.com/report/minio/minio) [![Docker Pulls](https://img.shields.io/docker/pulls/minio/minio.svg?maxAge=604800)](https://hub.docker.com/r/minio/minio/) ## Configuration Directory Till MinIO release `RELEASE.2018-08-02T23-11-36Z`, MinIO server configuration file (`config.json`) was stored in the configuration directory specified by `--config-dir` or defaulted to `${HOME}/.minio`. However from releases after `RELEASE.2018-08-18T03-49-57Z`, the configuration file (only), has been migrated to the storage backend (storage backend is the directory passed to MinIO server while starting the server). You can specify the location of your existing config using `--config-dir`, MinIO will migrate the `config.json` to your backend storage. Your current `config.json` will be renamed upon successful migration as `config.json.deprecated` in your current `--config-dir`. All your existing configurations are honored after this migration. Additionally `--config-dir` is now a legacy option which will is scheduled for removal in future, so please update your local startup, ansible scripts accordingly. ```sh minio server /data ``` ### Certificate Directory TLS certificates by default are stored under ``${HOME}/.minio/certs`` directory. You need to place certificates here to enable `HTTPS` based access. Read more about [How to secure access to MinIO server with TLS](https://docs.min.io/docs/how-to-secure-access-to-minio-server-with-tls). Following is the directory structure for MinIO server with TLS certificates. ```sh $ tree ~/.minio /home/user1/.minio ├── certs │   ├── CAs │   ├── private.key │   └── public.crt ``` You can provide a custom certs directory using `--certs-dir` command line option. ### Accessing configuration file All configuration changes can be made using [`mc admin config` get/set commands](https://github.com/minio/mc/blob/master/docs/minio-admin-complete-guide.md). Following sections provide brief explanation of fields and how to customize them. A complete example of `config.json` is available [here](https://raw.githubusercontent.com/minio/minio/master/docs/config/config.sample.json) #### Editing configuration file fields ##### Get current configuration for MinIO deployment ```sh $ mc admin config get myminio/ > /tmp/myconfig ``` ##### Set current configuration for MinIO deployment ```sh $ mc admin config set myminio < /tmp/myconfig ``` The `mc admin` config API will evolve soon to be able to configure specific fields using get/set commands. #### Version |Field|Type|Description| |:---|:---|:---| |``version``|_string_| `version` determines the configuration file format. Any older version will automatically be migrated to the latest version upon startup. [DO NOT EDIT THIS FIELD MANUALLY]| #### Credential |Field|Type|Description| |:---|:---|:---| |``credential``| | Auth credential for object storage and web access.| |``credential.accessKey`` | _string_ | Access key of minimum 3 characters in length. You may override this field with `MINIO_ACCESS_KEY` environment variable.| |``credential.secretKey`` | _string_ | Secret key of minimum 8 characters in length. You may override this field with `MINIO_SECRET_KEY` environment variable.| > NOTE: In distributed setup it is mandatory to use environment variables `MINIO_ACCESS_KEY` and `MINIO_SECRET_KEY` for credentials. Example: ```sh export MINIO_ACCESS_KEY=admin export MINIO_SECRET_KEY=password minio server /data ``` #### Region |Field|Type|Description| |:---|:---|:---| |``region``| _string_ | `region` describes the physical location of the server. By default it is blank. You may override this field with `MINIO_REGION` environment variable. If you are unsure leave it unset.| Example: ```sh export MINIO_REGION="my_region" minio server /data ``` #### Worm |Field|Type|Description| |:---|:---|:---| |``worm``| _string_ | Enable this to turn on Write-Once-Read-Many. By default it is set to `off`. You may override this field with ``MINIO_WORM`` environment variable.| Example: ```sh export MINIO_WORM=on minio server /data ``` ### Storage Class |Field|Type|Description| |:---|:---|:---| |``storageclass``| | Set storage class for configurable data and parity, as per object basis.| |``storageclass.standard`` | _string_ | Value for standard storage class. It should be in the format `EC:Parity`, for example to set 4 disk parity for standard storage class objects, set this field to `EC:4`.| |``storageclass.rrs`` | _string_ | Value for reduced redundancy storage class. It should be in the format `EC:Parity`, for example to set 3 disk parity for reduced redundancy storage class objects, set this field to `EC:3`.| By default, parity for objects with standard storage class is set to `N/2`, and parity for objects with reduced redundancy storage class objects is set to `2`. Read more about storage class support in MinIO server [here](https://github.com/minio/minio/blob/master/docs/erasure/storage-class/README.md). ### Cache |Field|Type|Description| |:---|:---|:---| |``drives``| _[]string_ | List of mounted file system drives with [`atime`](http://kerolasa.github.io/filetimes.html) support enabled| |``exclude`` | _[]string_ | List of wildcard patterns for prefixes to exclude from cache | |``expiry`` | _int_ | Days to cache expiry | |``maxuse`` | _int_ | Percentage of disk available to cache | #### Notify |Field|Type|Description| |:---|:---|:---| |``notify``| |Notify enables bucket notification events for lambda computing via the following targets.| |``notify.amqp``| |[Configure to publish MinIO events via AMQP target.](https://docs.min.io/docs/minio-bucket-notification-guide#AMQP)| |``notify.nats``| |[Configure to publish MinIO events via NATS target.](https://docs.min.io/docs/minio-bucket-notification-guide#NATS)| |``notify.elasticsearch``| |[Configure to publish MinIO events via Elasticsearch target.](https://docs.min.io/docs/minio-bucket-notification-guide#Elasticsearch)| |``notify.redis``| |[Configure to publish MinIO events via Redis target.](https://docs.min.io/docs/minio-bucket-notification-guide#Redis)| |``notify.postgresql``| |[Configure to publish MinIO events via PostgreSQL target.](https://docs.min.io/docs/minio-bucket-notification-guide#PostgreSQL)| |``notify.kafka``| |[Configure to publish MinIO events via Apache Kafka target.](https://docs.min.io/docs/minio-bucket-notification-guide#apache-kafka)| |``notify.webhook``| |[Configure to publish MinIO events via Webhooks target.](https://docs.min.io/docs/minio-bucket-notification-guide#webhooks)| |``notify.mysql``| |[Configure to publish MinIO events via MySql target.](https://docs.min.io/docs/minio-bucket-notification-guide#MySQL)| |``notify.mqtt``| |[Configure to publish MinIO events via MQTT target.](https://docs.min.io/docs/minio-bucket-notification-guide#MQTT)| ## Environment only settings ### Browser Enable or disable access to web UI. By default it is set to `on`. You may override this field with `MINIO_BROWSER` environment variable. Example: ```sh export MINIO_BROWSER=off minio server /data ``` ### Domain By default, MinIO supports path-style requests that are of the format http://mydomain.com/bucket/object. `MINIO_DOMAIN` environment variable is used to enable virtual-host-style requests. If the request `Host` header matches with `(.+).mydomain.com` then the matched pattern `$1` is used as bucket and the path is used as object. More information on path-style and virtual-host-style [here](http://docs.aws.amazon.com/AmazonS3/latest/dev/RESTAPI.html) Example: ```sh export MINIO_DOMAIN=mydomain.com minio server /data ``` For advanced use cases `MINIO_DOMAIN` environment variable supports multiple-domains with comma separated values. ```sh export MINIO_DOMAIN=sub1.mydomain.com,sub2.mydomain.com minio server /data ``` ### HTTP Trace HTTP tracing can be enabled by using [`mc admin trace`](https://github.com/minio/mc/blob/master/docs/minio-admin-complete-guide.md#command-trace---display-minio-server-http-trace) command. Example: ```sh minio server /data ``` Default trace is succinct only to indicate the API operations being called and the HTTP response status. ```sh mc admin trace myminio 17:21:45.729309964 objectAPIHandlers.GetBucketLocation localhost:9000/vk-photos/?location= 200 OK 17:21:45.738167329 objectAPIHandlers.HeadBucket localhost:9000/vk-photos/ 200 OK 17:21:45.747676811 objectAPIHandlers.ListObjectsV1 localhost:9000/vk-photos/?delimiter=%2F&max-keys=1000&prefix= 200 OK ``` To trace entire HTTP request ```sh mc admin trace --verbose myminio 127.0.0.1 [REQUEST objectAPIHandlers.GetBucketLocation] [17:23:21.404025835] 127.0.0.1 GET /yyy/?location= 127.0.0.1 Host: localhost:9000 127.0.0.1 Content-Length: 0 127.0.0.1 User-Agent: MinIO (linux; amd64) minio-go/v6.0.29 mc/2019-06-15T10:29:41Z 127.0.0.1 X-Amz-Content-Sha256: UNSIGNED-PAYLOAD 127.0.0.1 X-Amz-Date: 20190619T172321Z 127.0.0.1 Authorization: AWS4-HMAC-SHA256 Credential=Q3AM3UQ867SPQQA43P2F/20190619/us-east-1/s3/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date, Signature=8e53d8574db3424aa00dd73637575512b250c923edcad3cbf58a727305205709 127.0.0.1 127.0.0.1 [RESPONSE] [17:23:21.404780651] 127.0.0.1 200 OK 127.0.0.1 X-Amz-Request-Id: 15A9A965FF7A7546 127.0.0.1 X-Minio-Deployment-Id: 41e39f4a-3b66-415b-9ddf-025d76a58668 127.0.0.1 X-Xss-Protection: 1; mode=block 127.0.0.1 Accept-Ranges: bytes 127.0.0.1 Server: MinIO/DEVELOPMENT.2019-06-18T17-17-02Z 127.0.0.1 Content-Type: application/xml 127.0.0.1 Vary: Origin 127.0.0.1 X-Amz-Bucket-Region: us-east-1 127.0.0.1 Content-Length: 137 127.0.0.1 Content-Security-Policy: block-all-mixed-content 127.0.0.1 us-east-1127.0.0.1 127.0.0.1 [REQUEST objectAPIHandlers.HeadBucket] [17:23:21.412985428] 127.0.0.1 HEAD /yyy/ 127.0.0.1 Host: localhost:9000 127.0.0.1 User-Agent: MinIO (linux; amd64) minio-go/v6.0.29 mc/2019-06-15T10:29:41Z 127.0.0.1 X-Amz-Content-Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 127.0.0.1 X-Amz-Date: 20190619T172321Z 127.0.0.1 Authorization: AWS4-HMAC-SHA256 Credential=Q3AM3UQ867SPQQA43P2F/20190619/us-east-1/s3/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date, Signature=e0a02a62d39994d0206586f01dd2ab3a4aea74e60da9ff4d427629f705c62c02 127.0.0.1 Content-Length: 0 127.0.0.1 127.0.0.1 [RESPONSE] [17:23:21.413457159] 127.0.0.1 200 OK 127.0.0.1 Vary: Origin 127.0.0.1 Accept-Ranges: bytes 127.0.0.1 Content-Length: 0 127.0.0.1 X-Amz-Bucket-Region: us-east-1 127.0.0.1 X-Amz-Request-Id: 15A9A9660005982D 127.0.0.1 X-Minio-Deployment-Id: 41e39f4a-3b66-415b-9ddf-025d76a58668 127.0.0.1 X-Xss-Protection: 1; mode=block 127.0.0.1 Content-Security-Policy: block-all-mixed-content 127.0.0.1 Server: MinIO/DEVELOPMENT.2019-06-18T17-17-02Z 127.0.0.1 127.0.0.1 [REQUEST objectAPIHandlers.ListObjectsV1] [17:23:21.423153668] 127.0.0.1 GET /yyy/?delimiter=%2F&max-keys=1000&prefix= 127.0.0.1 Host: localhost:9000 127.0.0.1 Content-Length: 0 127.0.0.1 User-Agent: MinIO (linux; amd64) minio-go/v6.0.29 mc/2019-06-15T10:29:41Z 127.0.0.1 X-Amz-Content-Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 127.0.0.1 X-Amz-Date: 20190619T172321Z 127.0.0.1 Authorization: AWS4-HMAC-SHA256 Credential=Q3AM3UQ867SPQQA43P2F/20190619/us-east-1/s3/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date, Signature=46ee3d2fc5085432b94bc3205076abd8166ffa3e35c639f84e9684c7c6a181c9 127.0.0.1 127.0.0.1 [RESPONSE] [17:23:21.424260967] 127.0.0.1 200 OK 127.0.0.1 Content-Security-Policy: block-all-mixed-content 127.0.0.1 Content-Type: application/xml 127.0.0.1 Server: MinIO/DEVELOPMENT.2019-06-18T17-17-02Z 127.0.0.1 X-Amz-Bucket-Region: us-east-1 127.0.0.1 X-Minio-Deployment-Id: 41e39f4a-3b66-415b-9ddf-025d76a58668 127.0.0.1 Accept-Ranges: bytes 127.0.0.1 Content-Length: 253 127.0.0.1 Vary: Origin 127.0.0.1 X-Amz-Request-Id: 15A9A966009F94A6 127.0.0.1 X-Xss-Protection: 1; mode=block 127.0.0.1 yyy1000/false ``` ## Explore Further * [MinIO Quickstart Guide](https://docs.min.io/docs/minio-quickstart-guide) * [Configure MinIO Server with TLS](https://docs.min.io/docs/how-to-secure-access-to-minio-server-with-tls)