MinIO with Let’s Encrypt SSL on Debian 12 – Step-by-Step Configuration Rumi, August 1, 2025 Prerequisites Debian 12 server with root access Domain name pointing to your server’s public IP Basic familiarity with Linux command line Step 1: System Update and Dependencies sudo apt update && sudo apt upgrade -y sudo apt install -y wget curl gnupg2 software-properties-common Step 2: Install MinIO Download and install MinIO binary wget https://dl.min.io/server/minio/release/linux-amd64/minio -O /usr/local/bin/minio chmod +x /usr/local/bin/minio Create MinIO user and directories sudo useradd -r minio -s /bin/false sudo mkdir -p /opt/minio/{bin,etc,data} sudo mv /usr/local/bin/minio /opt/minio/bin/ Create environment file sudo tee /opt/minio/etc/minio.env > /dev/null <<EOF MINIO_ROOT_USER=admin MINIO_ROOT_PASSWORD=your-strong-password MINIO_VOLUMES="/opt/minio/data" MINIO_OPTS="--console-address :9001" EOF Create systemd service sudo tee /etc/systemd/system/minio.service > /dev/null <<EOF [Unit] Description=MinIO Documentation=https://min.io/docs/minio/linux/index.html Wants=network-online.target After=network-online.target AssertFileIsExecutable=/opt/minio/bin/minio [Service] WorkingDirectory=/opt/minio User=minio Group=minio EnvironmentFile=/opt/minio/etc/minio.env ExecStart=/opt/minio/bin/minio server \$MINIO_OPTS \$MINIO_VOLUMES Restart=always LimitNOFILE=65536 TimeoutStopSec=infinity SendSIGKILL=no [Install] WantedBy=multi-user.target EOF Set permissions and start MinIO sudo chown -R minio:minio /opt/minio sudo systemctl daemon-reload sudo systemctl enable --now minio sudo systemctl status minio Step 3: Install Nginx as Reverse Proxy Install Nginx sudo apt install -y nginx Configure Nginx for MinIO sudo tee /etc/nginx/sites-available/minio > /dev/null <<EOF server { listen 443 ssl; server_name s3-bmd-1.servermart.net; ssl_certificate /etc/letsencrypt/live/s3-bmd-1.servermart.net/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/s3-bmd-1.servermart.net/privkey.pem; include /etc/letsencrypt/options-ssl-nginx.conf; ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # Important proxy settings proxy_buffering off; proxy_request_buffering off; client_max_body_size 5000M; # Adjust based on your needs location / { proxy_pass http://localhost:9000; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; # Required for SSE-C encryption proxy_set_header X-Forwarded-Host $host:$server_port; proxy_set_header X-Forwarded-Port $server_port; # WebSocket support proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; # Timeout settings proxy_connect_timeout 300; proxy_send_timeout 300; proxy_read_timeout 300; send_timeout 300; } location /console/ { proxy_pass http://localhost:9001/; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_http_version 1.1; # WebSocket support for console proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; # Buffer settings proxy_buffering off; proxy_request_buffering off; } } server { if ($host = s3-bmd-1.servermart.net) { return 301 https://$host$request_uri; } listen 80; server_name s3-bmd-1.servermart.net; return 404; } Step 4: Install Certbot and Obtain SSL Certificate sudo apt install -y certbot python3-certbot-nginx Obtain SSL certificate sudo certbot --nginx -d minio.yourdomain.com Configure automatic renewal sudo certbot renew --dry-run Step 5: Enable the configuration sudo ln -s /etc/nginx/sites-available/minio /etc/nginx/sites-enabled/ sudo nginx -t sudo systemctl restart nginx Step 6: Restart MinIO sudo systemctl restart minio Step 7: Access MinIO Web Console Open your browser and go to: https://minio.yourdomain.com/console Login with the credentials you set in the minio.env file (admin/your-strong-password) Step 8: (Optional) Firewall Configuration If you have a firewall enabled, allow the necessary ports: sudo ufw allow 80/tcp sudo ufw allow 443/tcp sudo ufw enable Troubleshooting Check MinIO logs: journalctl -u minio -f Check Nginx logs: tail -f /var/log/nginx/error.log Verify MinIO is running: systemctl status minio Verify Nginx is running: systemctl status nginx Maintenance SSL certificates will auto-renew, but you can manually renew with: sudo certbot renew To update MinIO, download the new binary and replace /opt/minio/bin/minio, then restart the service tail -f /var/log/nginx/error.log If you’re still experiencing issues, you may need to adjust the timeout values further or investigate potential network-level limitations. Administrations Application Debian 12MinIO