If you need S3-compatible object storage on your own hardware, MinIO is the fastest way to get there. It stores backups, logs, images, videos, and machine learning datasets behind an API that any S3 client can talk to without code changes.
This guide covers deploying a single-node MinIO server on Rocky Linux 10 or AlmaLinux 10 with a systemd service, the MinIO client (mc), firewall rules, and SELinux configuration. The same steps apply to RHEL 10.
Prerequisites
- Rocky Linux 10 or AlmaLinux 10 with root or sudo access
- A dedicated disk or partition for MinIO data (recommended for production)
- Ports 9000 (API) and 9001 (Console) open in the firewall
Install MinIO Server
MinIO distributes a single static binary. Download the latest release for Linux amd64:
curl -sLO https://dl.min.io/server/minio/release/linux-amd64/minio
sudo chmod +x minio
sudo mv minio /usr/local/bin/Verify the binary is accessible and check the version:
minio --versionFix SELinux Context
Rocky Linux 10 runs SELinux in enforcing mode. A binary downloaded to /usr/local/bin/ gets labeled admin_home_t by default, which systemd cannot execute. Relabel it to bin_t:
sudo restorecon -v /usr/local/bin/minioIf restorecon does not change the label, set it explicitly:
sudo chcon -t bin_t /usr/local/bin/minioVerify the label is correct:
ls -Z /usr/local/bin/minioThe label should show bin_t:
unconfined_u:object_r:bin_t:s0 /usr/local/bin/minioWithout this step, MinIO fails to start with status=203/EXEC and “Permission denied” in the journal. This catches most people on Rocky Linux and AlmaLinux.
Create MinIO User and Data Directory
Create a dedicated system user for running MinIO and the data directory where objects will be stored:
sudo useradd -r -s /sbin/nologin minio-user
sudo mkdir -p /data/minio
sudo chown minio-user:minio-user /data/minioFor production, mount a dedicated XFS-formatted disk at /data/minio. XFS is recommended by MinIO for its performance characteristics with large files.
Configure MinIO
Create the MinIO environment file that the systemd service reads:
sudo vi /etc/default/minioAdd the following configuration. Change the root user and password to something strong for production:
MINIO_VOLUMES=/data/minio
MINIO_OPTS=--console-address :9001
MINIO_ROOT_USER=minioadmin
MINIO_ROOT_PASSWORD=YourStr0ngP@sswordThe key settings:
MINIO_VOLUMES– path where MinIO stores object dataMINIO_OPTS– the--console-address :9001flag pins the web console to port 9001 (otherwise it picks a random port)MINIO_ROOT_USERandMINIO_ROOT_PASSWORD– the admin credentials for both the API and web console
Create systemd Service
Create a systemd unit file for MinIO:
sudo vi /etc/systemd/system/minio.serviceAdd the following service definition:
[Unit]
Description=MinIO Object Storage
After=network-online.target
Wants=network-online.target
[Service]
User=minio-user
Group=minio-user
EnvironmentFile=/etc/default/minio
ExecStart=/usr/local/bin/minio server $MINIO_VOLUMES $MINIO_OPTS
Restart=always
RestartSec=5
LimitNOFILE=65536
[Install]
WantedBy=multi-user.targetThe LimitNOFILE=65536 raises the file descriptor limit, which MinIO needs when handling many concurrent connections.
Reload systemd, then start and enable MinIO:
sudo systemctl daemon-reload
sudo systemctl enable --now minioVerify MinIO is running:
sudo systemctl status minioCheck that both ports are listening:
ss -tlnp | grep -E '9000|9001'You should see MinIO listening on ports 9000 (API) and 9001 (console).
Test the health endpoint:
curl -s http://localhost:9000/minio/health/liveConfigure Firewall
Open the MinIO API and console ports in firewalld:
sudo firewall-cmd --permanent --add-port=9000/tcp
sudo firewall-cmd --permanent --add-port=9001/tcp
sudo firewall-cmd --reloadVerify the rules:
sudo firewall-cmd --list-portsAccess the MinIO Console
Open your browser and navigate to http://your-server-ip:9001. Log in with the root user and password you set in /etc/default/minio.
From the console you can create buckets, upload files, manage users and policies, and monitor server health. The console is a full-featured web UI that covers most day-to-day operations.
Install and Configure the MinIO Client (mc)
The MinIO client (mc) is a command-line tool for managing MinIO and S3-compatible storage. Download and install it:
curl -sLO https://dl.min.io/client/mc/release/linux-amd64/mc
sudo chmod +x mc
sudo chcon -t bin_t mc
sudo mv mc /usr/local/bin/Configure an alias pointing to your MinIO server:
mc alias set myminio http://localhost:9000 minioadmin YourStr0ngP@sswordCreate a bucket:
mc mb myminio/backupsUpload a file:
mc cp /etc/hostname myminio/backups/List bucket contents:
mc ls myminio/backups/View server info:
mc admin info myminioMinIO Ports Reference
| Port | Protocol | Purpose |
|---|---|---|
| 9000 | TCP | S3-compatible API (client connections, SDKs, AWS CLI) |
| 9001 | TCP | Web console (browser-based management UI) |
Troubleshooting
MinIO fails with status=203/EXEC “Permission denied”
This is an SELinux issue. The binary downloaded via curl gets the wrong SELinux label. Fix it with chcon -t bin_t /usr/local/bin/minio and restart the service.
MinIO starts but console is unreachable
Verify --console-address :9001 is in the MINIO_OPTS environment variable. Without it, MinIO assigns a random high port for the console. Also check firewalld has port 9001 open.
Disk performance warning in logs
MinIO logs warnings if disk I/O is slow. For production, use dedicated SSD or NVMe drives formatted with XFS. Avoid placing MinIO data on the root filesystem or shared storage.
Conclusion
MinIO is running on your Rocky Linux 10 / AlmaLinux 10 server with both the S3 API and web console accessible. For production deployments, put an Nginx reverse proxy in front for SSL termination, set up monitoring with Zabbix to track disk usage and server health, and consider a multi-node distributed setup for redundancy. Refer to the official MinIO documentation for distributed deployment, erasure coding, and identity management configuration.
