2017-01-24 07:06:51 +01:00
|
|
|
#!/bin/bash
|
|
|
|
|
|
|
|
|
|
set -eu
|
|
|
|
|
|
2020-01-16 14:46:41 -08:00
|
|
|
mkdir -p /app/data/data /run/minio/config /run/minio/certs
|
2017-01-24 07:06:51 +01:00
|
|
|
|
2023-12-11 11:39:03 +01:00
|
|
|
# env vars take precedence over config.yaml (https://github.com/minio/minio/blob/master/docs/distributed/CONFIG.md#things-to-know)
|
2024-02-20 11:02:56 +01:00
|
|
|
if [[ ! -f /app/data/env.sh ]]; then
|
|
|
|
|
echo "=> First run"
|
|
|
|
|
cp /app/code/env.sh.template /app/data/env.sh
|
|
|
|
|
# minio does not show the password login by default when OIDC is setup (https://github.com/minio/minio/discussions/16928)
|
|
|
|
|
# we generate a dynamic password because users might forget to change the admin password (with the oidc login being so click friendly)
|
|
|
|
|
if [[ -n "${CLOUDRON_OIDC_ISSUER:-}" ]]; then
|
|
|
|
|
echo -e "export MINIO_ROOT_USER=minioadmin\nexport MINIO_ROOT_PASSWORD=$(pwgen -1s 20)\n\n" >> /app/data/env.sh
|
|
|
|
|
else
|
|
|
|
|
echo -e "export MINIO_ROOT_USER=minioadmin\nexport MINIO_ROOT_PASSWORD=minioadmin\n\n" >> /app/data/env.sh
|
|
|
|
|
fi
|
|
|
|
|
fi
|
|
|
|
|
|
2022-01-21 13:28:02 -08:00
|
|
|
source /app/data/env.sh
|
2019-01-22 15:29:43 -08:00
|
|
|
|
2022-01-21 13:11:25 -08:00
|
|
|
# https://docs.min.io/minio/baremetal/reference/minio-server/minio-server.html#envvar.MINIO_SERVER_URL
|
2022-07-24 09:50:50 +02:00
|
|
|
export MINIO_SERVER_URL="https://${API_SERVER_DOMAIN}"
|
2022-01-21 13:11:25 -08:00
|
|
|
export MINIO_BROWSER_REDIRECT_URL="https://${CLOUDRON_APP_DOMAIN}"
|
|
|
|
|
|
2021-07-11 22:56:59 +02:00
|
|
|
if [[ ! -d /app/data/mc_config ]]; then
|
|
|
|
|
mkdir -p /app/data/mc_config
|
|
|
|
|
/app/code/mc --config-dir /app/data/mc_config &> /dev/null || true
|
|
|
|
|
fi
|
|
|
|
|
|
2024-02-19 17:13:57 +04:00
|
|
|
if [[ -n "${CLOUDRON_OIDC_ISSUER:-}" ]]; then
|
2024-12-19 15:43:06 +04:00
|
|
|
export MINIO_IDENTITY_OPENID_DISPLAY_NAME="${CLOUDRON_OIDC_PROVIDER_NAME:-Cloudron}"
|
2024-02-19 17:13:57 +04:00
|
|
|
export MINIO_IDENTITY_OPENID_CONFIG_URL="${CLOUDRON_OIDC_DISCOVERY_URL}"
|
|
|
|
|
export MINIO_IDENTITY_OPENID_CLIENT_ID="${CLOUDRON_OIDC_CLIENT_ID}"
|
|
|
|
|
export MINIO_IDENTITY_OPENID_CLIENT_SECRET="${CLOUDRON_OIDC_CLIENT_SECRET}"
|
|
|
|
|
export MINIO_IDENTITY_OPENID_SCOPES="openid profile email"
|
|
|
|
|
if [[ -z "${MINIO_IDENTITY_OPENID_ROLE_POLICY:-}" ]]; then
|
|
|
|
|
export MINIO_IDENTITY_OPENID_ROLE_POLICY="readwrite"
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
export MINIO_IDENTITY_OPENID_COMMENT="Cloudron OIDC"
|
|
|
|
|
fi
|
|
|
|
|
|
2022-01-21 13:28:02 -08:00
|
|
|
# minio is used for backups at times and has a large number of files. optimize by checking if files are actually in correct chown state
|
|
|
|
|
echo "==> Changing ownership"
|
|
|
|
|
[[ $(stat --format '%U' /app/data/data) != "cloudron" ]] && chown -R cloudron:cloudron /app/data
|
2020-10-03 13:03:47 -07:00
|
|
|
|
2020-01-16 14:46:41 -08:00
|
|
|
echo "==> Starting minio"
|
2023-12-11 11:39:27 +01:00
|
|
|
exec /usr/local/bin/gosu cloudron:cloudron /app/code/minio --quiet ${CLOUDRON_MINIO_STARTUP_ARGS} --address :9000 --console-address :8000
|
2022-01-21 13:11:25 -08:00
|
|
|
|
