{"id":1929,"date":"2025-11-16T19:26:37","date_gmt":"2025-11-16T16:26:37","guid":{"rendered":"https:\/\/www.dchost.com\/blog\/vps-uzerinde-minio-ile-s3%e2%80%91uyumlu-depolama-nasil-uretim%e2%80%91hazir-kurulur-erasure-coding-tls-ve-policyleri-tatli-tatli-anlatiyorum\/"},"modified":"2025-11-16T19:26:37","modified_gmt":"2025-11-16T16:26:37","slug":"vps-uzerinde-minio-ile-s3%e2%80%91uyumlu-depolama-nasil-uretim%e2%80%91hazir-kurulur-erasure-coding-tls-ve-policyleri-tatli-tatli-anlatiyorum","status":"publish","type":"post","link":"https:\/\/www.dchost.com\/blog\/vps-uzerinde-minio-ile-s3%e2%80%91uyumlu-depolama-nasil-uretim%e2%80%91hazir-kurulur-erasure-coding-tls-ve-policyleri-tatli-tatli-anlatiyorum\/","title":{"rendered":"VPS \u00dczerinde MinIO ile S3\u2011Uyumlu Depolama Nas\u0131l \u00dcretim\u2011Haz\u0131r Kurulur? Erasure Coding, TLS ve Policy\u2019leri Tatl\u0131 Tatl\u0131 Anlat\u0131yorum"},"content":{"rendered":"<div class=\"dchost-blog-content-wrapper\"><div id=\"toc_container\" class=\"toc_transparent no_bullets\"><p class=\"toc_title\">\u0130&ccedil;indekiler<\/p><ul class=\"toc_list\"><li><a href=\"#Kucuk_Bir_Dosya_Kaosu_ve_MinIOyu_Kesfetme_Ani\"><span class=\"toc_number toc_depth_1\">1<\/span> K\u00fc\u00e7\u00fck Bir Dosya Kaosu ve MinIO\u2019yu Ke\u015ffetme An\u0131<\/a><\/li><li><a href=\"#MinIOyu_Neden_Sevdim_S3Uyumluluk_ve_Kucuk_Adimlarla_Buyuk_Duzen\"><span class=\"toc_number toc_depth_1\">2<\/span> MinIO\u2019yu Neden Sevdim? S3\u2011Uyumluluk ve K\u00fc\u00e7\u00fck Ad\u0131mlarla B\u00fcy\u00fck D\u00fczen<\/a><\/li><li><a href=\"#Kucuk_Mimari_Tek_VPS_Birkac_Disk_ve_Gozunuze_Guven_Asilayan_Basitlik\"><span class=\"toc_number toc_depth_1\">3<\/span> K\u00fc\u00e7\u00fck Mimari: Tek VPS, Birka\u00e7 Disk ve G\u00f6z\u00fcn\u00fcze G\u00fcven A\u015f\u0131layan Basitlik<\/a><ul><li><a href=\"#Hedef_Resim\"><span class=\"toc_number toc_depth_2\">3.1<\/span> Hedef Resim<\/a><\/li><li><a href=\"#Diskleri_Hazirlama\"><span class=\"toc_number toc_depth_2\">3.2<\/span> Diskleri Haz\u0131rlama<\/a><\/li><li><a href=\"#MinIO_Kurulumu_ve_Kullanici\"><span class=\"toc_number toc_depth_2\">3.3<\/span> MinIO Kurulumu ve Kullan\u0131c\u0131<\/a><\/li><li><a href=\"#Erasure_Coding_ile_Sunucuyu_Baslatma\"><span class=\"toc_number toc_depth_2\">3.4<\/span> Erasure Coding ile Sunucuyu Ba\u015flatma<\/a><\/li><\/ul><\/li><li><a href=\"#TLS_ile_Guvenli_Uctan_Uca_Sertifika_Zincir_ve_Kucuk_Tuzaklar\"><span class=\"toc_number toc_depth_1\">4<\/span> TLS ile G\u00fcvenli U\u00e7tan Uca: Sertifika, Zincir ve K\u00fc\u00e7\u00fck Tuzaklar<\/a><ul><li><a href=\"#Dogrudan_MinIOda_TLS\"><span class=\"toc_number toc_depth_2\">4.1<\/span> Do\u011frudan MinIO\u2019da TLS<\/a><\/li><li><a href=\"#Isterseniz_Nginx_ile_443_Uzerinden\"><span class=\"toc_number toc_depth_2\">4.2<\/span> \u0130sterseniz Nginx ile 443 \u00dczerinden<\/a><\/li><\/ul><\/li><li><a href=\"#Erasure_Codingi_Icsellestirmek_Basit_Bir_Zihin_Haritasi\"><span class=\"toc_number toc_depth_1\">5<\/span> Erasure Coding\u2019i \u0130\u00e7selle\u015ftirmek: Basit Bir Zihin Haritas\u0131<\/a><\/li><li><a href=\"#Bucketlari_Duzenlemek_Policy_Erisim_Anahtarlari_ve_Gunluk_Hayat_Senaryolari\"><span class=\"toc_number toc_depth_1\">6<\/span> Bucket\u2019lar\u0131 D\u00fczenlemek: Policy, Eri\u015fim Anahtarlar\u0131 ve G\u00fcnl\u00fck Hayat Senaryolar\u0131<\/a><ul><li><a href=\"#Ilk_Baglanti_mc_ile_Alias_ve_Kova\"><span class=\"toc_number toc_depth_2\">6.1<\/span> \u0130lk Ba\u011flant\u0131: mc ile Alias ve Kova<\/a><\/li><li><a href=\"#Kisitli_Kullanici_ve_Anahtar\"><span class=\"toc_number toc_depth_2\">6.2<\/span> K\u0131s\u0131tl\u0131 Kullan\u0131c\u0131 ve Anahtar<\/a><\/li><li><a href=\"#Herkese_Okuma_Izni_Statik_Icerik_Yayini\"><span class=\"toc_number toc_depth_2\">6.3<\/span> Herkese Okuma \u0130zni (Statik \u0130\u00e7erik Yay\u0131n\u0131)<\/a><\/li><li><a href=\"#Versiyonlama_Yasam_Dongusu_ve_Otomatik_Temizlik\"><span class=\"toc_number toc_depth_2\">6.4<\/span> Versiyonlama, Ya\u015fam D\u00f6ng\u00fcs\u00fc ve Otomatik Temizlik<\/a><\/li><\/ul><\/li><li><a href=\"#UretimHazir_Dokunuslar_Guvenlik_Izleme_Guncellemeler_ve_Kucuk_Ritueller\"><span class=\"toc_number toc_depth_1\">7<\/span> \u00dcretim\u2011Haz\u0131r Dokunu\u015flar: G\u00fcvenlik, \u0130zleme, G\u00fcncellemeler ve K\u00fc\u00e7\u00fck Rit\u00fceller<\/a><ul><li><a href=\"#Guvenlik_Duvari_ve_Saldiri_Yuzeyi\"><span class=\"toc_number toc_depth_2\">7.1<\/span> G\u00fcvenlik Duvar\u0131 ve Sald\u0131r\u0131 Y\u00fczeyi<\/a><\/li><li><a href=\"#Guncelleme_ve_Loglar\"><span class=\"toc_number toc_depth_2\">7.2<\/span> G\u00fcncelleme ve Log\u2019lar<\/a><\/li><li><a href=\"#Izleme_ve_Alarm\"><span class=\"toc_number toc_depth_2\">7.3<\/span> \u0130zleme ve Alarm<\/a><\/li><li><a href=\"#Sunucu_Tarafi_Sifreleme_SSE_ve_Anahtar_Yonetimi\"><span class=\"toc_number toc_depth_2\">7.4<\/span> Sunucu Taraf\u0131 \u015eifreleme (SSE) ve Anahtar Y\u00f6netimi<\/a><\/li><li><a href=\"#Yedek_ve_Kurtarma_Pratigi\"><span class=\"toc_number toc_depth_2\">7.5<\/span> Yedek ve Kurtarma Prati\u011fi<\/a><\/li><\/ul><\/li><li><a href=\"#Uygulamadan_Baglanma_AWS_CLI_s3cmd_ve_SDKlar\"><span class=\"toc_number toc_depth_1\">8<\/span> Uygulamadan Ba\u011flanma: AWS CLI, s3cmd ve SDK\u2019lar<\/a><\/li><li><a href=\"#Sorun_Giderme_Ufak_Tefek_Tikanikliklari_Hizli_Acma\"><span class=\"toc_number toc_depth_1\">9<\/span> Sorun Giderme: Ufak Tefek T\u0131kan\u0131kl\u0131klar\u0131 H\u0131zl\u0131 A\u00e7ma<\/a><ul><li><a href=\"#Baglanamiyorum_Neden\"><span class=\"toc_number toc_depth_2\">9.1<\/span> Ba\u011flanam\u0131yorum, Neden?<\/a><\/li><li><a href=\"#Diskler_Kaybolmus_Gibi\"><span class=\"toc_number toc_depth_2\">9.2<\/span> Diskler Kaybolmu\u015f Gibi<\/a><\/li><li><a href=\"#Policy_Calisiyor_Gibi_Ama_Degil\"><span class=\"toc_number toc_depth_2\">9.3<\/span> Policy \u00c7al\u0131\u015f\u0131yor Gibi Ama De\u011fil<\/a><\/li><\/ul><\/li><li><a href=\"#Kucuk_Ipuclari_Gunluk_Hayatta_Ise_Yaran_Detaylar\"><span class=\"toc_number toc_depth_1\">10<\/span> K\u00fc\u00e7\u00fck \u0130pu\u00e7lar\u0131: G\u00fcnl\u00fck Hayatta \u0130\u015fe Yaran Detaylar<\/a><\/li><li><a href=\"#Kapanis_Bugun_Tek_VPS_Yarin_Kucuk_Bir_Depo_Ekibi\"><span class=\"toc_number toc_depth_1\">11<\/span> Kapan\u0131\u015f: Bug\u00fcn Tek VPS, Yar\u0131n K\u00fc\u00e7\u00fck Bir Depo Ekibi<\/a><\/li><\/ul><\/div>\n<h2 id=\"section-1\"><span id=\"Kucuk_Bir_Dosya_Kaosu_ve_MinIOyu_Kesfetme_Ani\">K\u00fc\u00e7\u00fck Bir Dosya Kaosu ve MinIO\u2019yu Ke\u015ffetme An\u0131<\/span><\/h2>\n<p>Hi\u00e7 ba\u015f\u0131n\u0131za geldi mi? K\u00fc\u00e7\u00fcc\u00fck ba\u015flayan bir proje yava\u015f yava\u015f b\u00fcy\u00fcr ve bir bakm\u0131\u015fs\u0131n\u0131z, dosyalar her yerde. Ekipten biri, \u201c\u015eu g\u00f6rselleri nereye koyuyorduk?\u201d diye sorar; biri staging\u2019e, biri canl\u0131 sunucuya atm\u0131\u015f, biri de yerel makinede unutmu\u015f. Benim o an\u0131m bir hafta sonu geldi. Basit bir medya y\u00fckleme ak\u0131\u015f\u0131 kurmu\u015ftum; \u00f6nce i\u015f g\u00f6rd\u00fc, sonra URL\u2019ler karma\u015faya d\u00f6n\u00fc\u015ft\u00fc, yedekler anla\u015f\u0131lmaz, g\u00fcvenlik yamal\u0131 boh\u00e7a gibi oldu. \u0130\u015fte tam o zaman \u201cS3\u2011uyumlu bir nesne depolama \u015fart,\u201d dedim ve kendimi MinIO d\u00fcnyas\u0131nda buldum.<\/p>\n<p>MinIO\u2019nun ho\u015fuma giden yan\u0131 yal\u0131nl\u0131\u011f\u0131 ve h\u0131zla \u00fcretim\u2011haz\u0131r bir d\u00fczene oturabilmesi. Bir <a href=\"https:\/\/www.dchost.com\/tr\/vps\">VPS<\/a> \u00fczerinde ba\u015flay\u0131p, S3 API konu\u015fan her ara\u00e7la uyumlu \u00e7al\u0131\u015fmas\u0131 i\u015fleri \u00e7ok kolayla\u015ft\u0131r\u0131yor. Bu yaz\u0131da, tek bir VPS \u00fczerinde MinIO\u2019yu erasure coding ile kuraca\u011f\u0131z, TLS ile u\u00e7tan uca \u015fifreleyece\u011fiz ve bucket policy\u2019leriyle eri\u015fim kurallar\u0131n\u0131 ince ince ayarlayaca\u011f\u0131z. Arada, g\u00fcnl\u00fck hayatta laz\u0131m olan ufak dokunu\u015flar, log ve izleme gibi detaylar da var. Mesela \u015f\u00f6yle d\u00fc\u015f\u00fcn\u00fcn: Yar\u0131n sabah ekip dosya y\u00fckleyebilsin, bir hafta sonra da \u201cke\u015fke\u201d demeyece\u011finiz kadar sa\u011flam bir kurulum olsun.<\/p>\n<h2 id=\"section-2\"><span id=\"MinIOyu_Neden_Sevdim_S3Uyumluluk_ve_Kucuk_Adimlarla_Buyuk_Duzen\">MinIO\u2019yu Neden Sevdim? S3\u2011Uyumluluk ve K\u00fc\u00e7\u00fck Ad\u0131mlarla B\u00fcy\u00fck D\u00fczen<\/span><\/h2>\n<p>MinIO benim i\u00e7in iki \u015feyi ayn\u0131 anda \u00e7\u00f6zd\u00fc: Birincisi, S3 API\u2019sine uyumluluk sayesinde mevcut ara\u00e7lar\u0131 neredeyse hi\u00e7 dokunmadan kullanabilmek. \u0130kincisi, basit ama g\u00fc\u00e7l\u00fc bir mimariyle yedek ve \u00f6l\u00e7ek i\u015fini k\u00fc\u00e7\u00fcmsememek. Yani, bug\u00fcn tek bir VPS ve birden fazla diskle ba\u015fl\u0131yorsun; yar\u0131n ayr\u0131 VPS\u2019lere ge\u00e7mek istersen kasmadan b\u00fcy\u00fcyorsun. Sanki k\u00fc\u00e7\u00fck bir depo kurup, ihtiya\u00e7 b\u00fcy\u00fcd\u00fck\u00e7e raf eklemek gibi.<\/p>\n<p>Erasure coding burada kilit. Tek bir diske yazmak yerine veriyi par\u00e7alara b\u00f6l\u00fcp birden fazla diske da\u011f\u0131t\u0131yor. Bir disk bozuldu\u011funda \u201ceyvah\u201d demeden yolu devam ettiriyorsun. Elbette tek VPS\u2019de diskin kendisine bir \u015fey olursa sorun b\u00fcy\u00fck, bunu saklamayal\u0131m. Yine de disk ar\u0131zas\u0131 gibi s\u0131k rastlanan dertlerde nefes ald\u0131r\u0131yor. TLS ile i\u015fi tamamlay\u0131nca, hem veri aktar\u0131m\u0131 hem de panel eri\u015fimi g\u00fcvenli hale geliyor. \u00dcst\u00fcne bir de bucket policy\u2019leri koyunca, kimin neyi ne \u015fekilde g\u00f6rece\u011fini net \u00e7izgilerle belirleyebiliyorsun. G\u00fczel taraf\u0131 \u015fu: B\u00fct\u00fcn bunlar karma\u015f\u0131k bir devre \u015femas\u0131na d\u00f6n\u00fc\u015fm\u00fcyor, ad\u0131m ad\u0131m kuruluyor.<\/p>\n<h2 id=\"section-3\"><span id=\"Kucuk_Mimari_Tek_VPS_Birkac_Disk_ve_Gozunuze_Guven_Asilayan_Basitlik\">K\u00fc\u00e7\u00fck Mimari: Tek VPS, Birka\u00e7 Disk ve G\u00f6z\u00fcn\u00fcze G\u00fcven A\u015f\u0131layan Basitlik<\/span><\/h2>\n<h3><span id=\"Hedef_Resim\">Hedef Resim<\/span><\/h3>\n<p>Elimizde bir VPS var. \u00dczerine MinIO\u2019yu kuraca\u011f\u0131z. Birden fazla disk veya b\u00f6l\u00fcm kullanarak erasure coding\u2019i etkinle\u015ftirece\u011fiz. Varsay\u0131lan MinIO portlar\u0131n\u0131 (9000 API, 9001 konsol) kullanabilir ya da reverse proxy ile 443 \u00fczerinden sunabilirsiniz. Ben \u00f6nce do\u011frudan TLS ile ba\u015flay\u0131p, isteyenler i\u00e7in Nginx araya koyma alternatifini de anlataca\u011f\u0131m.<\/p>\n<p>Gereksinimler basit: 2 CPU ve 4 GB RAM ile ferah \u00e7al\u0131\u015f\u0131r, yo\u011fun i\u015flerde art\u0131r\u0131rs\u0131n\u0131z. Disk taraf\u0131nda ideal senaryo en az 4 ayr\u0131 volume veya mount. Ayn\u0131 sunucudaysan\u0131z bile her birini ayr\u0131 dizin olarak ba\u011flamak i\u015fleri d\u00fczenli tutar. DNS taraf\u0131nda bir alan ad\u0131n\u0131 MinIO\u2019ya y\u00f6nlendirmeniz i\u015finizi kolayla\u015ft\u0131r\u0131r. G\u00fcvenlik duvar\u0131 ve SSH eri\u015fimini de s\u0131k\u0131 tutmay\u0131 unutmay\u0131n; bu k\u0131s\u0131m, gece rahat uyutuyor.<\/p>\n<h3><span id=\"Diskleri_Hazirlama\">Diskleri Haz\u0131rlama<\/span><\/h3>\n<p>Bu ad\u0131m\u0131 sisteminizin durumuna g\u00f6re uyarlay\u0131n. E\u011fer \/mnt alt\u0131nda ba\u011flayaca\u011f\u0131n\u0131z diskler haz\u0131rsa, dizinleri olu\u015fturup izinleri verin. Basit bir \u00f6rnek:<\/p>\n<pre class=\"language-bash line-numbers\"><code class=\"language-bash\"># \u00d6rnek dizinler\nsudo mkdir -p \/mnt\/disk1\/minio \/mnt\/disk2\/minio \/mnt\/disk3\/minio \/mnt\/disk4\/minio\nsudo chown -R root:root \/mnt\/disk{1..4}\n# \u00dcretimde, ext4\/xfs ile mount se\u00e7eneklerini \/etc\/fstab'a ekleyin, noatime gibi ayarlarla I\/O'yu hafifletebilirsiniz.<\/code><\/pre>\n<p>Her diskin sa\u011fl\u0131k durumunu arada bir kontrol edin. Hata say\u0131lar\u0131 art\u0131yorsa, proaktif davranmak \u00e7ok i\u015fe yar\u0131yor. Yava\u015fl\u0131k \u00e7o\u011fu zaman diskte veya dosya sistemi ayarlar\u0131nda gizleniyor; k\u00fc\u00e7\u00fck iyile\u015ftirmeler b\u00fcy\u00fck fark yarat\u0131yor.<\/p>\n<h3><span id=\"MinIO_Kurulumu_ve_Kullanici\">MinIO Kurulumu ve Kullan\u0131c\u0131<\/span><\/h3>\n<p>MinIO\u2019yu tek bir kullan\u0131c\u0131yla \u00e7al\u0131\u015ft\u0131rmak hem d\u00fczen hem g\u00fcvenlik i\u00e7in iyi bir al\u0131\u015fkanl\u0131k. \u0130ki dosya, bir servis ve birka\u00e7 \u00e7evresel de\u011fi\u015fken ile i\u015f bitiyor.<\/p>\n<pre class=\"language-bash line-numbers\"><code class=\"language-bash\"># MinIO ikili dosyay\u0131 indir\nwget https:\/\/dl.min.io\/server\/minio\/release\/linux-amd64\/minio -O \/usr\/local\/bin\/minio\nchmod +x \/usr\/local\/bin\/minio\n\n# mc (MinIO Client) da laz\u0131m olacak\nwget https:\/\/dl.min.io\/client\/mc\/release\/linux-amd64\/mc -O \/usr\/local\/bin\/mc\nchmod +x \/usr\/local\/bin\/mc\n\n# Sistem kullan\u0131c\u0131s\u0131 olu\u015ftur\ngroupadd --system minio\nuseradd --system --home \/var\/lib\/minio --shell \/sbin\/nologin -g minio minio-user\nmkdir -p \/var\/lib\/minio \/etc\/minio\/certs\nchown -R minio-user:minio \/var\/lib\/minio \/etc\/minio<\/code><\/pre>\n<h3><span id=\"Erasure_Coding_ile_Sunucuyu_Baslatma\">Erasure Coding ile Sunucuyu Ba\u015flatma<\/span><\/h3>\n<p>Erasure coding i\u00e7in MinIO\u2019ya birden fazla path veriyoruz. Ayn\u0131 sunucuda d\u00f6rt veya daha fazla disk\/dizinle ba\u015flamak mant\u0131kl\u0131. A\u015fa\u011f\u0131daki service dosyas\u0131yla sistemi aya\u011fa kald\u0131r\u0131n.<\/p>\n<pre class=\"language-bash line-numbers\"><code class=\"language-bash\"># Environment dosyas\u0131\ncat &gt; \/etc\/default\/minio &lt;&lt;'EOF'\nMINIO_ROOT_USER=minioadmin\nMINIO_ROOT_PASSWORD=uzun-ve-gucu-sifre-burada\nMINIO_VOLUMES=&quot;\/mnt\/disk1\/minio \/mnt\/disk2\/minio \/mnt\/disk3\/minio \/mnt\/disk4\/minio&quot;\nMINIO_OPTS=&quot;--address :9000 --console-address :9001&quot;\nEOF\nchmod 600 \/etc\/default\/minio\nchown minio-user:minio \/etc\/default\/minio\n\n# systemd service\ncat &gt; \/etc\/systemd\/system\/minio.service &lt;&lt;'EOF'\n[Unit]\nDescription=MinIO Object Storage\nAfter=network-online.target\nWants=network-online.target\n\n[Service]\nUser=minio-user\nGroup=minio\nEnvironmentFile=\/etc\/default\/minio\nExecStart=\/usr\/local\/bin\/minio server $MINIO_OPTS $MINIO_VOLUMES\nRestart=always\nLimitNOFILE=65536\n\n[Install]\nWantedBy=multi-user.target\nEOF\n\nsystemctl daemon-reload\nsystemctl enable --now minio<\/code><\/pre>\n<p>Bu noktada MinIO \u00e7al\u0131\u015f\u0131yor olmal\u0131. Konsola 9001 portundan, API\u2019ye 9000\u2019den eri\u015febilirsiniz. \u0130lk giri\u015fte belirledi\u011finiz kullan\u0131c\u0131 ad\u0131 ve \u015fifre ile panele girip kova olu\u015fturmay\u0131 deneyin. E\u011fer firewall engelliyorsa, ufw veya iptables ile portlar\u0131 a\u00e7may\u0131 unutmay\u0131n.<\/p>\n<h2 id=\"section-4\"><span id=\"TLS_ile_Guvenli_Uctan_Uca_Sertifika_Zincir_ve_Kucuk_Tuzaklar\">TLS ile G\u00fcvenli U\u00e7tan Uca: Sertifika, Zincir ve K\u00fc\u00e7\u00fck Tuzaklar<\/span><\/h2>\n<p>Panelde ve API\u2019de TLS \u015fart. \u00dcretimde \u015fifresiz HTTP ile devam etmeyin. Haz\u0131r bir alan ad\u0131n\u0131z varsa Let\u2019s Encrypt ile sertifika almak en pratik yol. Hangi challenge\u2019\u0131n size uygun oldu\u011funu se\u00e7mek i\u00e7in <a href=\"https:\/\/www.dchost.com\/blog\/acme-challenge-turleri-derinlemesine-http%e2%80%9101-dns%e2%80%9101-ve-tls%e2%80%91alpn%e2%80%9101-ne-zaman-hangisi\/\">ACME Challenge t\u00fcrlerini ad\u0131m ad\u0131m anlatan \u015fu rehbere<\/a> g\u00f6z atman\u0131z i\u015finizi h\u0131zland\u0131r\u0131r.<\/p>\n<h3><span id=\"Dogrudan_MinIOda_TLS\">Do\u011frudan MinIO\u2019da TLS<\/span><\/h3>\n<p>MinIO, \/etc\/minio\/certs alt\u0131na koydu\u011funuz sertifikalar\u0131 otomatik kullan\u0131r. Sertifika ve \u00f6zel anahtar\u0131 do\u011fru adlarla yerle\u015ftirmek yeterli.<\/p>\n<pre class=\"language-bash line-numbers\"><code class=\"language-bash\"># \u00f6rnek: certbot ile elde etti\u011finizi varsayal\u0131m\n# fullchain.pem -&gt; public.crt, privkey.pem -&gt; private.key\ncp \/etc\/letsencrypt\/live\/storage.example.com\/fullchain.pem \/etc\/minio\/certs\/public.crt\ncp \/etc\/letsencrypt\/live\/storage.example.com\/privkey.pem \/etc\/minio\/certs\/private.key\nchown minio-user:minio \/etc\/minio\/certs\/public.crt \/etc\/minio\/certs\/private.key\nchmod 600 \/etc\/minio\/certs\/private.key\nsystemctl restart minio<\/code><\/pre>\n<p>Taray\u0131c\u0131da storage.example.com:9001\u2019e girdi\u011finizde kilidin kapand\u0131\u011f\u0131n\u0131 g\u00f6rmelisiniz. Zincir hatalar\u0131 olursa fullchain kullanmay\u0131 atlamay\u0131n. Sertifika yenilemeyi cron\u2019a veya systemd timer\u2019a ba\u011flay\u0131p, yenilendikten sonra MinIO\u2019yu nazik\u00e7e yeniden ba\u015flatmak yeterli.<\/p>\n<p>Basit ve net bir rehber ar\u0131yorsan\u0131z <a href=\"https:\/\/certbot.eff.org\/instructions\" rel=\"nofollow noopener\" target=\"_blank\">Certbot\u2019\u0131n y\u00f6nergeleri<\/a> k\u0131sa yoldan hedefe g\u00f6t\u00fcr\u00fcyor. DNS\u201101 gibi y\u00f6ntemler de bazen hayat kurtar\u0131yor; wildcard sertifikalarda \u00f6zellikle ho\u015fuma gidiyor.<\/p>\n<h3><span id=\"Isterseniz_Nginx_ile_443_Uzerinden\">\u0130sterseniz Nginx ile 443 \u00dczerinden<\/span><\/h3>\n<p>Bazen portlar\u0131 9000\u20119001 yerine 443 alt\u0131na toplamak istersiniz. Bu durumda Nginx, TLS terminasyonu yapar ve MinIO\u2019ya i\u00e7 a\u011fdan konu\u015fur. K\u00fc\u00e7\u00fck bir \u00f6rnek:<\/p>\n<pre class=\"language-nginx line-numbers\"><code class=\"language-nginx\">server {\n  listen 443 ssl http2;\n  server_name storage.example.com;\n\n  ssl_certificate \/etc\/letsencrypt\/live\/storage.example.com\/fullchain.pem;\n  ssl_certificate_key \/etc\/letsencrypt\/live\/storage.example.com\/privkey.pem;\n\n  client_max_body_size 100G;\n  location \/ {\n    proxy_set_header Host $host;\n    proxy_set_header X-Forwarded-Proto https;\n    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;\n    proxy_pass http:\/\/127.0.0.1:9000;\n  }\n}\n\nserver {\n  listen 443 ssl http2;\n  server_name console.example.com;\n\n  ssl_certificate \/etc\/letsencrypt\/live\/console.example.com\/fullchain.pem;\n  ssl_certificate_key \/etc\/letsencrypt\/live\/console.example.com\/privkey.pem;\n\n  location \/ {\n    proxy_set_header Host $host;\n    proxy_pass http:\/\/127.0.0.1:9001;\n  }\n}<\/code><\/pre>\n<p>\u0130ki ayr\u0131 host ad\u0131yla API ve konsolu ay\u0131rmak ho\u015f bir d\u00fczen getiriyor. G\u00fcvenlik duvar\u0131nda sadece 443 a\u00e7\u0131k, i\u00e7eride MinIO kendi portlar\u0131nda sakince \u00e7al\u0131\u015f\u0131yor. S\u0131k kar\u015f\u0131la\u015ft\u0131\u011f\u0131m hata, b\u00fcy\u00fck dosyalarda client_max_body_size\u2019\u0131n k\u00fc\u00e7\u00fck kalmas\u0131; dosya y\u00fcklemeleri sessizce patl\u0131yor. Yukar\u0131daki ayar bu konuda nefes ald\u0131r\u0131yor.<\/p>\n<h2 id=\"section-5\"><span id=\"Erasure_Codingi_Icsellestirmek_Basit_Bir_Zihin_Haritasi\">Erasure Coding\u2019i \u0130\u00e7selle\u015ftirmek: Basit Bir Zihin Haritas\u0131<\/span><\/h2>\n<p>Erasure coding\u2019i g\u00fcnl\u00fck hayattan bir \u00f6rnekle d\u00fc\u015f\u00fcnmek rahatlat\u0131c\u0131. Diyelim ki bir foto\u011fraf\u0131 tek bir kartta saklamak yerine, o foto\u011fraf\u0131 par\u00e7alara b\u00f6l\u00fcp d\u00f6rt karta da\u011f\u0131t\u0131yorsunuz. Kartlardan biri kaybolsa bile, kalan par\u00e7alar sayesinde foto\u011fraf\u0131 yeniden olu\u015fturabiliyorsunuz. MinIO da veriyi par\u00e7alara b\u00f6l\u00fcp parity bloklar ekleyerek ayn\u0131 mant\u0131kla \u00e7al\u0131\u015f\u0131yor. Bu sayede bir veya birka\u00e7 disk sorun \u00e7\u0131karsa veri ayakta kalabiliyor.<\/p>\n<p>Tek VPS senaryosunda kazan\u0131m, disk ar\u0131zalar\u0131na kar\u015f\u0131 dayan\u0131kl\u0131l\u0131k. Donan\u0131m katman\u0131nda tek noktada olman\u0131n riskini tamamen \u00e7\u00f6zm\u00fcyor, bu a\u00e7\u0131k. Ama dosya bozulmalar\u0131 ve tek disk hatalar\u0131nda i\u015finizi kurtarabiliyor. E\u011fer ileride birden fazla VPS\u2019e ge\u00e7mek isterseniz, da\u011f\u0131t\u0131k mod MinIO ile ayn\u0131 modeli node\u2019lara yaymak m\u00fcmk\u00fcn. Konu derin; ayr\u0131nt\u0131s\u0131na girmek isteyenler i\u00e7in MinIO belgelerindeki <a href=\"https:\/\/min.io\/docs\/minio\/linux\/operations\/concepts\/erasure-coding.html\" rel=\"nofollow noopener\" target=\"_blank\">erasure coding \u00f6zeti<\/a> gayet anla\u015f\u0131l\u0131r.<\/p>\n<p>Performans taraf\u0131nda, k\u00fc\u00e7\u00fck dosyalarda gecikme bazen dikkat \u00e7eker, b\u00fcy\u00fck dosyalarda ak\u0131\u015f \u00e7o\u011funlukla tatl\u0131d\u0131r. Disklerinizin t\u00fcr\u00fc ve dosya sistemi ayarlar\u0131 etkiye sahiptir. Ben genelde noatime, uygun readahead ve sa\u011flam bir scheduler ile iyi sonu\u00e7 al\u0131yorum. \u0130htiya\u00e7 halinde e\u015fzamanl\u0131 y\u00fckleme say\u0131s\u0131n\u0131 uygulama katman\u0131nda ayarlamak da ciddi rahatlama sa\u011fl\u0131yor.<\/p>\n<h2 id=\"section-6\"><span id=\"Bucketlari_Duzenlemek_Policy_Erisim_Anahtarlari_ve_Gunluk_Hayat_Senaryolari\">Bucket\u2019lar\u0131 D\u00fczenlemek: Policy, Eri\u015fim Anahtarlar\u0131 ve G\u00fcnl\u00fck Hayat Senaryolar\u0131<\/span><\/h2>\n<h3><span id=\"Ilk_Baglanti_mc_ile_Alias_ve_Kova\">\u0130lk Ba\u011flant\u0131: mc ile Alias ve Kova<\/span><\/h3>\n<p>MinIO Client (mc) ara\u00e7 kutusunda ilk s\u0131ra. Sunucuyu tan\u0131tal\u0131m, bir kova olu\u015ftural\u0131m ve bir dosya y\u00fckleyelim.<\/p>\n<pre class=\"language-bash line-numbers\"><code class=\"language-bash\"># MinIO'ya alias verelim\nmc alias set myminio https:\/\/storage.example.com minioadmin uzun-ve-gucu-sifre-burada --api S3v4\n\n# Sunucu bilgisi\nmc admin info myminio\n\n# Kova olu\u015ftur\nmc mb myminio\/proje-medya\n\n# \u00d6rnek dosya g\u00f6nder\nmc cp .\/logo.png myminio\/proje-medya\/<\/code><\/pre>\n<p>Bu noktada temel ak\u0131\u015f\u0131n\u0131z \u00e7al\u0131\u015f\u0131yor olmal\u0131. Uygulaman\u0131zdan S3 SDK\u2019lar\u0131yla ba\u011flan\u0131rken eri\u015fim anahtarlar\u0131n\u0131 kullanacaks\u0131n\u0131z. \u00dcretimde root kullan\u0131c\u0131y\u0131 de\u011fil, k\u0131s\u0131tl\u0131 kullan\u0131c\u0131lar ve politikalarla \u00e7al\u0131\u015fmak her zaman daha iyi.<\/p>\n<h3><span id=\"Kisitli_Kullanici_ve_Anahtar\">K\u0131s\u0131tl\u0131 Kullan\u0131c\u0131 ve Anahtar<\/span><\/h3>\n<p>Bir servis sadece belirli bir kovaya yazs\u0131n, ba\u015fka hi\u00e7bir \u015feyi g\u00f6rmesin istiyorsan\u0131z, k\u00fc\u00e7\u00fck bir policy ile bunu dakikalar i\u00e7inde yapars\u0131n\u0131z.<\/p>\n<pre class=\"language-bash line-numbers\"><code class=\"language-bash\"># Kullan\u0131c\u0131 olu\u015ftur (access key ve secret \u00fcretir)\nmc admin user add myminio appuser S3rEt-S3cr3t-Key\n\n# Policy tan\u0131m\u0131 (sadece belirli kovaya tam eri\u015fim)\ncat &gt; write-proje-medya.json &lt;&lt;'EOF'\n{\n  &quot;Version&quot;: &quot;2012-10-17&quot;,\n  &quot;Statement&quot;: [\n    {\n      &quot;Effect&quot;: &quot;Allow&quot;,\n      &quot;Action&quot;: [\n        &quot;s3:ListBucket&quot;\n      ],\n      &quot;Resource&quot;: [&quot;arn:aws:s3:::proje-medya&quot;]\n    },\n    {\n      &quot;Effect&quot;: &quot;Allow&quot;,\n      &quot;Action&quot;: [\n        &quot;s3:GetObject&quot;,\n        &quot;s3:PutObject&quot;,\n        &quot;s3:DeleteObject&quot;\n      ],\n      &quot;Resource&quot;: [&quot;arn:aws:s3:::proje-medya\/*&quot;]\n    }\n  ]\n}\nEOF\n\n# Policy ekle ve kullan\u0131c\u0131ya ata\nmc admin policy add myminio write-proje-medya write-proje-medya.json\nmc admin policy set myminio write-proje-medya user=appuser<\/code><\/pre>\n<p>Policy s\u00f6z dizimi AWS S3 mant\u0131\u011f\u0131na yak\u0131n. Daha kapsaml\u0131 \u00f6rnekler i\u00e7in <a href=\"https:\/\/docs.aws.amazon.com\/AmazonS3\/latest\/userguide\/bucket-policies.html\" rel=\"nofollow noopener\" target=\"_blank\">resmi S3 politika \u00f6rnekleri<\/a> ufkunuzu geni\u015fletebilir. MinIO bu d\u00fcnyaya uyumlu oldu\u011fu i\u00e7in \u00f6\u011frenilenler \u00e7ift tarafl\u0131 i\u015fe yar\u0131yor.<\/p>\n<h3><span id=\"Herkese_Okuma_Izni_Statik_Icerik_Yayini\">Herkese Okuma \u0130zni (Statik \u0130\u00e7erik Yay\u0131n\u0131)<\/span><\/h3>\n<p>Bir \u00f6n y\u00fczde statik g\u00f6rselleri do\u011frudan MinIO\u2019dan sunmak istiyorsunuz, ama yazma yetkisi sadece uygulamada kals\u0131n. Bu dengeyi public read policy ile kurabiliriz. Klasik \u201cpublic\u2011read\u201d \u015fablonunu t\u00fcm kovaya de\u011fil, belirli bir yol \u00f6nekiyle s\u0131n\u0131rland\u0131rmak iyi bir al\u0131\u015fkanl\u0131k.<\/p>\n<pre class=\"language-bash line-numbers\"><code class=\"language-bash\"># \u00d6rne\u011fin sadece \/public\/ alt\u0131n\u0131 herkese a\u00e7\u0131k yapal\u0131m\ncat &gt; public-read-prefix.json &lt;&lt;'EOF'\n{\n  &quot;Version&quot;: &quot;2012-10-17&quot;,\n  &quot;Statement&quot;: [\n    {\n      &quot;Effect&quot;: &quot;Allow&quot;,\n      &quot;Principal&quot;: &quot;*&quot;,\n      &quot;Action&quot;: [&quot;s3:GetObject&quot;],\n      &quot;Resource&quot;: [&quot;arn:aws:s3:::proje-medya\/public\/*&quot;]\n    }\n  ]\n}\nEOF\n\nmc admin policy add myminio public-read-prefix public-read-prefix.json\nmc admin policy set myminio public-read-prefix bucket=proje-medya<\/code><\/pre>\n<p>Bu yakla\u015f\u0131m, ayn\u0131 kovada hem \u00f6zel hem de a\u00e7\u0131k i\u00e7erik bar\u0131nd\u0131rman\u0131za izin veriyor. CDN ile birlikte kulland\u0131\u011f\u0131n\u0131zda cache ve da\u011f\u0131t\u0131m daha da tatl\u0131 hale geliyor. Ayr\u0131ca imzal\u0131 URL\u2019ler ile s\u00fcreli payla\u015f\u0131mlar yapmak da m\u00fcmk\u00fcn; eri\u015fimi saniye baz\u0131nda s\u0131n\u0131rlamak ho\u015funuza gidecek.<\/p>\n<h3><span id=\"Versiyonlama_Yasam_Dongusu_ve_Otomatik_Temizlik\">Versiyonlama, Ya\u015fam D\u00f6ng\u00fcs\u00fc ve Otomatik Temizlik<\/span><\/h3>\n<p>Zamanla bir kovada ayn\u0131 dosyan\u0131n farkl\u0131 s\u00fcr\u00fcmleri artar ve depolamay\u0131 \u015fi\u015firir. Versiyonlama kimi projelerde hayat kurtar\u0131r, kimilerinde y\u00fck olur; karar\u0131n\u0131 proje verir. A\u00e7mak kolay:<\/p>\n<pre class=\"language-bash line-numbers\"><code class=\"language-bash\">mc version enable myminio\/proje-medya<\/code><\/pre>\n<p>Gereksiz nesneleri veya eski s\u00fcr\u00fcmleri otomatik silmek i\u00e7in ya\u015fam d\u00f6ng\u00fcs\u00fc (ILM) kurallar\u0131 ekleyebilirsiniz. \u00d6rnek bir kural:<\/p>\n<pre class=\"language-bash line-numbers\"><code class=\"language-bash\"># 30 g\u00fcnden eski s\u00fcr\u00fcmleri temizle\nmc ilm add --noncurrent-expire-days 30 myminio\/proje-medya<\/code><\/pre>\n<p>Bu k\u00fc\u00e7\u00fck temizlik rutini, depolama maliyetinizi kontrol etmenize yard\u0131m eder. Ayn\u0131 zamanda log\u2019lar ve ge\u00e7ici dosyalar i\u00e7in ayr\u0131 kova kullanmak da d\u00fczen getiriyor.<\/p>\n<h2 id=\"section-7\"><span id=\"UretimHazir_Dokunuslar_Guvenlik_Izleme_Guncellemeler_ve_Kucuk_Ritueller\">\u00dcretim\u2011Haz\u0131r Dokunu\u015flar: G\u00fcvenlik, \u0130zleme, G\u00fcncellemeler ve K\u00fc\u00e7\u00fck Rit\u00fceller<\/span><\/h2>\n<h3><span id=\"Guvenlik_Duvari_ve_Saldiri_Yuzeyi\">G\u00fcvenlik Duvar\u0131 ve Sald\u0131r\u0131 Y\u00fczeyi<\/span><\/h3>\n<p>\u015eifreler g\u00fc\u00e7l\u00fc olacak, SSH anahtarla, g\u00fcvenlik duvar\u0131nda sadece ihtiyac\u0131n\u0131z olan portlar a\u00e7\u0131k kalacak. Do\u011frudan MinIO sunuyorsan\u0131z 9000 ve 9001, reverse proxy ile gidiyorsan\u0131z sadece 443 a\u00e7\u0131k. Fail2ban gibi denetimler brute\u2011force giri\u015fimleri h\u0131zla sakinle\u015ftiriyor. TLS\u2019te modern \u015fifre tak\u0131mlar\u0131 ve HTTP\/2 ile pratik bir zemin yakalan\u0131yor.<\/p>\n<h3><span id=\"Guncelleme_ve_Loglar\">G\u00fcncelleme ve Log\u2019lar<\/span><\/h3>\n<p>MinIO binarisini g\u00fcncel tutmak \u00f6nemli. Yeni s\u00fcr\u00fcmlerde performans ve g\u00fcvenlik d\u00fczeltmeleri s\u0131k geliyor. G\u00fcncellerken k\u0131sa bir kesinti plan\u0131 yapmak, ar\u015fivdeki s\u00fcr\u00fcm\u00fc saklamak, rollback ihtimalini d\u00fc\u015f\u00fcnmek iyi bir refleks. Log\u2019lar\u0131 journald veya bir d\u0131\u015f log sisteminde toplay\u0131p uyar\u0131lar tan\u0131mlamak da rahatlat\u0131c\u0131. Log i\u00e7inde \u201cdisk not found\u201d veya TLS hatalar\u0131 g\u00f6r\u00fcrseniz, genelde ya mount\u2019ta ya da sertifika zincirinde bir \u015feyler ka\u00e7m\u0131\u015ft\u0131r.<\/p>\n<h3><span id=\"Izleme_ve_Alarm\">\u0130zleme ve Alarm<\/span><\/h3>\n<p>MinIO, Prometheus metrikleri sunuyor. Bu metrikleri toplay\u0131p disk doluluk oran\u0131, istek gecikmeleri ve hata oranlar\u0131n\u0131 izlemek kritik. Disk doluluklar\u0131 \u00f6zellikle h\u0131zl\u0131 artar; alarm e\u015fikleri makul seviyede olsun ki panik an\u0131 gelmeden haberiniz olsun. K\u00fc\u00e7\u00fck bir grafikte y\u00fckselen \u00e7izgiyi g\u00f6rmek bile bazen b\u00fcy\u00fck bir felaketin \u00f6n\u00fcne ge\u00e7er.<\/p>\n<h3><span id=\"Sunucu_Tarafi_Sifreleme_SSE_ve_Anahtar_Yonetimi\">Sunucu Taraf\u0131 \u015eifreleme (SSE) ve Anahtar Y\u00f6netimi<\/span><\/h3>\n<p>Uygulaman\u0131z\u0131n ihtiya\u00e7lar\u0131na g\u00f6re SSE\u2019yi a\u00e7abilirsiniz. KMS entegrasyonu kurdu\u011funuzda nesneler otomatik \u015fifrelenir ve anahtarlar merkezi y\u00f6netilir. KMS yoksa bile, MinIO\u2019nun kendi taraf\u0131nda otomatik \u015fifreleme se\u00e7enekleri i\u015finizi g\u00f6rebilir. Verinin dinlenirken \u015fifreli olmas\u0131, \u00e7al\u0131nma ya da yanl\u0131\u015fl\u0131kla s\u0131zd\u0131r\u0131lma senaryolar\u0131nda g\u00fc\u00e7l\u00fc bir ikinci kalkan sa\u011flar. Detay kurulumlar\u0131 ad\u0131m ad\u0131m yapmak ve \u00f6nce test kovalar\u0131nda denemek en sa\u011fl\u0131kl\u0131s\u0131.<\/p>\n<h3><span id=\"Yedek_ve_Kurtarma_Pratigi\">Yedek ve Kurtarma Prati\u011fi<\/span><\/h3>\n<p>Erasure coding varken bile, yanl\u0131\u015fl\u0131kla silinen veriye kar\u015f\u0131 yedek ba\u015fka bir \u015fey. \u0130\u015fin s\u0131rr\u0131 basit: Yedek plan\u0131 yaz\u0131l\u0131 olsun, otomatik \u00e7al\u0131\u015fs\u0131n, d\u00f6n\u00fc\u015f testini d\u00fczenli yap\u0131n. En basitinden, kritik kovalar\u0131 belirli aral\u0131klarla farkl\u0131 bir depoya senkronize etmek bile gece uykusunu tatland\u0131r\u0131r. \u0130\u00e7eride versiyonlama a\u00e7\u0131ksa, kurtarma senaryolar\u0131n\u0131z daha rahat ilerler; yine de \u201cgeri d\u00f6n\u00fc\u015f\u201d ad\u0131mlar\u0131n\u0131 en az bir kere provadan ge\u00e7irin.<\/p>\n<h2 id=\"section-8\"><span id=\"Uygulamadan_Baglanma_AWS_CLI_s3cmd_ve_SDKlar\">Uygulamadan Ba\u011flanma: AWS CLI, s3cmd ve SDK\u2019lar<\/span><\/h2>\n<p>S3\u2011uyumlu oldu\u011fu i\u00e7in AWS CLI ve s3cmd ile ba\u011flanmak \u00e7ocuk oyunca\u011f\u0131. Region\u2019\u0131 kafan\u0131za g\u00f6re belirleyebilirsiniz, \u00f6nemli olan endpoint\u2019i do\u011fru vermek.<\/p>\n<pre class=\"language-bash line-numbers\"><code class=\"language-bash\"># AWS CLI \u00f6rne\u011fi\naws configure set aws_access_key_id appuser\naws configure set aws_secret_access_key S3rEt-S3cr3t-Key\naws configure set default.region us-east-1\n\n# Listeleme (endpoint'i ayr\u0131ca veriyoruz)\naws --endpoint-url https:\/\/storage.example.com s3 ls s3:\/\/proje-medya\/\n\n# Y\u00fckleme\naws --endpoint-url https:\/\/storage.example.com s3 cp .\/banner.jpg s3:\/\/proje-medya\/public\/<\/code><\/pre>\n<p>s3cmd taraf\u0131nda da benzer:<\/p>\n<pre class=\"language-bash line-numbers\"><code class=\"language-bash\">s3cmd --configure\n# access key\/secret girin, Signature v4, HTTPS ve custom host\/endpoint ayarlay\u0131n\n# ard\u0131ndan:\ns3cmd --host=storage.example.com --host-bucket= storage.example.com ls s3:\/\/proje-medya\/\n<\/code><\/pre>\n<p>SDK kullanan uygulamalarda path\u2011style veya virtual\u2011host tarz\u0131 adreslemeye dikkat edin. DNS\u2019i virtual\u2011host i\u00e7in d\u00fczenlemek gerekir; aksi halde path\u2011style ile sorunsuz y\u00fcr\u00fcr. B\u00fcy\u00fck dosyalarda \u00e7ok par\u00e7al\u0131 y\u00fckleme (multipart upload) performans\u0131 belirgin art\u0131r\u0131r.<\/p>\n<h2 id=\"section-9\"><span id=\"Sorun_Giderme_Ufak_Tefek_Tikanikliklari_Hizli_Acma\">Sorun Giderme: Ufak Tefek T\u0131kan\u0131kl\u0131klar\u0131 H\u0131zl\u0131 A\u00e7ma<\/span><\/h2>\n<h3><span id=\"Baglanamiyorum_Neden\">Ba\u011flanam\u0131yorum, Neden?<\/span><\/h3>\n<p>\u00d6nce DNS\u2019in do\u011fru \u00e7\u00f6z\u00fcld\u00fc\u011f\u00fcn\u00fc, firewall\u2019\u0131n portlar\u0131 a\u00e7\u0131k tuttu\u011funu, TLS sertifikan\u0131z\u0131n sa\u011flam oldu\u011funu kontrol edin. Zaman senkronizasyonu bozuksa imzal\u0131 URL\u2019ler ve TLS \u00e7ok garip hatalar verebilir; NTP ile zaman\u0131 d\u00fczeltin. Reverse proxy varsa, b\u00fcy\u00fck dosyalarda proxy ayarlar\u0131n\u0131n y\u00fcklemeyi kesmedi\u011finden emin olun.<\/p>\n<h3><span id=\"Diskler_Kaybolmus_Gibi\">Diskler Kaybolmu\u015f Gibi<\/span><\/h3>\n<p>Mount ettiniz ama yeniden ba\u015flatmada ba\u011flanmad\u0131ysa, \/etc\/fstab sat\u0131r\u0131 eksik ya da s\u0131raya girmemi\u015f olabilir. MinIO, volume\u2019lar\u0131 bulamazsa aya\u011fa kalkmaz veya erasure set eksik kal\u0131r. Bu y\u00fczden boot s\u0131ras\u0131n\u0131 ve ba\u011f\u0131ml\u0131l\u0131klar\u0131 netle\u015ftirin. systemd ba\u011f\u0131ml\u0131l\u0131klar\u0131nda local-fs.target sonras\u0131n\u0131 bekletmek bazen i\u015fleri toparlar.<\/p>\n<h3><span id=\"Policy_Calisiyor_Gibi_Ama_Degil\">Policy \u00c7al\u0131\u015f\u0131yor Gibi Ama De\u011fil<\/span><\/h3>\n<p>Policy\u2019de ARN yolunu yanl\u0131\u015f yazmak \u00e7ok kolay. \u201carn:aws:s3:::kova\/*\u201d ve sadece \u201carn:aws:s3:::kova\u201d fark\u0131n\u0131 ka\u00e7\u0131rmay\u0131n. \u0130lki nesneler, ikincisi kovan\u0131n kendisi i\u00e7in. Ayr\u0131ca policy ekledikten sonra kullan\u0131c\u0131ya atamay\u0131 unutmak s\u0131k rastlan\u0131r; iki ad\u0131m\u0131n da tamamland\u0131\u011f\u0131ndan emin olun.<\/p>\n<h2 id=\"section-10\"><span id=\"Kucuk_Ipuclari_Gunluk_Hayatta_Ise_Yaran_Detaylar\">K\u00fc\u00e7\u00fck \u0130pu\u00e7lar\u0131: G\u00fcnl\u00fck Hayatta \u0130\u015fe Yaran Detaylar<\/span><\/h2>\n<p>MinIO\u2019nun web konsolu sorun an\u0131nda \u00e7ok yard\u0131mc\u0131 olur. Kovalar\u0131, kullan\u0131c\u0131lar\u0131 ve policy\u2019leri g\u00f6zle g\u00f6r\u00fcp d\u00fczenlemek, terminalde hatal\u0131 bir bo\u015flu\u011fu aramaktan iyidir. \u00dcretimde yine de otomasyonu \u00f6ne al\u0131n; \u201cmc\u201d komutlar\u0131yla altyap\u0131y\u0131 kod gibi y\u00f6netmek s\u00fcrprizleri azalt\u0131r. Kova adlar\u0131n\u0131, klas\u00f6r \u00f6neklerini ve eri\u015fim modelini en ba\u015fta birlikte d\u00fc\u015f\u00fcnmek de b\u00fcy\u00fcy\u00fcnce h\u0131z kazand\u0131r\u0131r.<\/p>\n<p>E\u011fer TLS sertifikalar\u0131n\u0131 otomatik yeniliyorsan\u0131z, yenileme sonras\u0131 MinIO\u2019yu zarif\u00e7e yeniden ba\u015flatmak i\u00e7in k\u00fc\u00e7\u00fck bir systemd timer olu\u015fturabilirsiniz. B\u00f6ylece \u201cniye sertifika hala eski?\u201d diye d\u00fc\u015f\u00fcnmezsiniz. Yeri gelmi\u015fken, ACME ak\u0131\u015flar\u0131 i\u00e7in do\u011fru challenge t\u00fcr\u00fcn\u00fc se\u00e7mek bazen fark yarat\u0131r; biz yukar\u0131da payla\u015ft\u0131\u011f\u0131m rehberi bu y\u00fczden seviyoruz.<\/p>\n<p>Son olarak, d\u00f6k\u00fcmantasyon okumay\u0131 ihmal etmeyin; k\u0131sa bir g\u00f6z atma bile saatlerce u\u011fra\u015f\u0131lan bir hatay\u0131 be\u015f dakikada \u00e7\u00f6zd\u00fcr\u00fcyor. \u00d6zellikle erasure coding mant\u0131\u011f\u0131n\u0131 bir kere kafada oturttunuz mu, gerisi su gibi ak\u0131yor.<\/p>\n<h2 id=\"section-11\"><span id=\"Kapanis_Bugun_Tek_VPS_Yarin_Kucuk_Bir_Depo_Ekibi\">Kapan\u0131\u015f: Bug\u00fcn Tek VPS, Yar\u0131n K\u00fc\u00e7\u00fck Bir Depo Ekibi<\/span><\/h2>\n<p>Toparlayal\u0131m. Tek bir VPS \u00fczerinde MinIO ile S3\u2011uyumlu depolama kurmak d\u00fc\u015f\u00fcnd\u00fc\u011f\u00fcn\u00fcz kadar karma\u015f\u0131k de\u011fil. Erasure coding ile disklere da\u011f\u0131t\u0131p, TLS ile t\u00fcneli g\u00fcvene al\u0131yorsunuz. Bucket policy\u2019leriyle kimin ne yapt\u0131\u011f\u0131n\u0131 belirlerken, versiyonlama ve ya\u015fam d\u00f6ng\u00fcs\u00fc kurallar\u0131yla da depolaman\u0131z\u0131 temiz tutuyorsunuz. K\u00fc\u00e7\u00fck dokunu\u015flar, mesela reverse proxy veya imzal\u0131 URL\u2019ler, g\u00fcnl\u00fck hayatta \u00e7ok i\u015fe yar\u0131yor.<\/p>\n<p>Pratik bir tavsiye: \u00d6nce k\u00fc\u00e7\u00fck bir kova \u00fczerinde u\u00e7tan uca senaryo kurun. Uygulamadan y\u00fckleyin, CDN\u2019den sunun, policy ile k\u0131s\u0131tlay\u0131n, ya\u015fam d\u00f6ng\u00fcs\u00fcn\u00fc test edin. Sonra bunu \u015fablonla\u015ft\u0131r\u0131p ger\u00e7ek projeye uygulay\u0131n. G\u00fcncelleme, log, izleme ve yedek rit\u00fcellerini ba\u015ftan kurarsan\u0131z, gelecekteki her ta\u015f\u0131nma ve b\u00fcy\u00fcme daha rahat ge\u00e7er. Umar\u0131m bu yaz\u0131 elinizi rahatlatt\u0131; bir sonraki kahvenizde MinIO panelinde gezip \u201cTamam ya, bu i\u015f bizim,\u201d dersiniz.<\/p>\n<p>Bu arada, TLS sertifikas\u0131 al\u0131rken challenge se\u00e7imine tak\u0131l\u0131rsan\u0131z, ba\u015fta payla\u015ft\u0131\u011f\u0131m rehbere tekrar g\u00f6z at\u0131n; k\u00fc\u00e7\u00fck tercihler b\u00fcy\u00fck fark yarat\u0131yor. D\u0131\u015f kaynak olarak da erasure coding\u2019i anlatan <a href=\"https:\/\/min.io\/docs\/minio\/linux\/operations\/concepts\/erasure-coding.html\" rel=\"nofollow noopener\" target=\"_blank\">MinIO belgesi<\/a> ve politika \u00f6rnekleri i\u00e7in <a href=\"https:\/\/docs.aws.amazon.com\/AmazonS3\/latest\/userguide\/bucket-policies.html\" rel=\"nofollow noopener\" target=\"_blank\">S3 k\u0131lavuzu<\/a> kenarda dursun; h\u0131zl\u0131ca d\u00f6n\u00fcp bak\u0131nca zaman kazand\u0131r\u0131yor. Sertifika yenilemede de <a href=\"https:\/\/certbot.eff.org\/instructions\" rel=\"nofollow noopener\" target=\"_blank\">Certbot\u2019\u0131n talimatlar\u0131<\/a> i\u015finizi kolayla\u015ft\u0131r\u0131r. Bir dahaki yaz\u0131da g\u00f6r\u00fc\u015fmek \u00fczere.<\/p>\n<\/div>","protected":false},"excerpt":{"rendered":"<p>\u0130&ccedil;indekiler1 K\u00fc\u00e7\u00fck Bir Dosya Kaosu ve MinIO\u2019yu Ke\u015ffetme An\u01312 MinIO\u2019yu Neden Sevdim? S3\u2011Uyumluluk ve K\u00fc\u00e7\u00fck Ad\u0131mlarla B\u00fcy\u00fck D\u00fczen3 K\u00fc\u00e7\u00fck Mimari: Tek VPS, Birka\u00e7 Disk ve G\u00f6z\u00fcn\u00fcze G\u00fcven A\u015f\u0131layan Basitlik3.1 Hedef Resim3.2 Diskleri Haz\u0131rlama3.3 MinIO Kurulumu ve Kullan\u0131c\u01313.4 Erasure Coding ile Sunucuyu Ba\u015flatma4 TLS ile G\u00fcvenli U\u00e7tan Uca: Sertifika, Zincir ve K\u00fc\u00e7\u00fck Tuzaklar4.1 Do\u011frudan MinIO\u2019da TLS4.2 [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":1930,"comment_status":"","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[26],"tags":[],"class_list":["post-1929","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-teknoloji"],"_links":{"self":[{"href":"https:\/\/www.dchost.com\/blog\/wp-json\/wp\/v2\/posts\/1929","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.dchost.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.dchost.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.dchost.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.dchost.com\/blog\/wp-json\/wp\/v2\/comments?post=1929"}],"version-history":[{"count":0,"href":"https:\/\/www.dchost.com\/blog\/wp-json\/wp\/v2\/posts\/1929\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.dchost.com\/blog\/wp-json\/wp\/v2\/media\/1930"}],"wp:attachment":[{"href":"https:\/\/www.dchost.com\/blog\/wp-json\/wp\/v2\/media?parent=1929"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.dchost.com\/blog\/wp-json\/wp\/v2\/categories?post=1929"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.dchost.com\/blog\/wp-json\/wp\/v2\/tags?post=1929"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}