MinIO
S3-compatible object storage at s3.448.global. Where files, backups, container artifacts, video uploads, and probably plenty of "we'll deal with it later" data lives.
| Field |
Value |
| Public URL |
https://s3.448.global |
| Admin URL |
https://s3.448.global/console [CONFIRM] (default MinIO console path) |
| Audience |
other apps + automated systems |
| Criticality |
critical (depends on what's stored) |
| Maturity |
[INFO NEEDED] |
| Owner |
[INFO NEEDED] |
| Last reviewed |
2026-05-05 |
1. At a glance
MinIO is a self-hosted version of Amazon S3 — a place to store files in "buckets" that other apps can read and write to. Common uses: backups, video uploads, large file attachments, container layers. Anything stored here that isn't backed up somewhere else is at risk if MinIO is lost.
2. Business purpose
- Object storage backend for other apps (PE Tube, GitLab artifacts, application file uploads, backups).
- Cheaper than cloud S3 if storage volumes are large and bandwidth stays internal.
3. Audience
Other applications + admins.
4. Hosting & cloud infrastructure
Infrastructure map
| Item |
Value |
Notes |
| Public hostname |
s3.448.global |
also typically a console subdomain like console.s3.448.global |
| Public IP(s) |
[INFO NEEDED] |
|
| Private/internal IP |
[INFO NEEDED] |
|
| Open ports |
443 (S3 API), 9001 (console) [CONFIRM] |
|
| TLS cert |
[INFO NEEDED] |
|
| Reverse proxy |
[INFO NEEDED] |
|
| Container image / version |
minio/minio:[INFO NEEDED] |
|
| Host server name |
[INFO NEEDED] |
|
| Cluster topology |
[INFO NEEDED] |
single-node erasure-set vs distributed across nodes |
| Total raw capacity |
[INFO NEEDED] |
|
| Used capacity |
[INFO NEEDED] |
|
| Underlying disk type |
[INFO NEEDED] |
local SSD / SAN / etc. |
Credentials in Vault
| Secret type |
Vault path / link |
Last rotated |
| MinIO root user / password |
[INFO NEEDED] |
|
| Per-app access keys (one per consuming app) |
[INFO NEEDED] |
|
| TLS private key |
[INFO NEEDED] |
|
5. Technology behind it
- Type: off-the-shelf
- Product: MinIO (open-source, S3-compatible)
- Stack: single Go binary; runs in Docker
6. Data it handles
| Data class |
Present? |
Notes |
| Backups of other systems |
[CONFIRM] |
very likely — meaning loss of MinIO can mean loss of fallback for every other app |
| User-uploaded files |
[CONFIRM] |
|
| Video assets (PE Tube?) |
[CONFIRM] |
|
| GitLab artifacts / container images |
[INFO NEEDED] |
|
| Logs / archives |
[INFO NEEDED] |
|
Note: if MinIO holds backups for other apps, then MinIO failing is a double-failure — an outage and loss of the fallback for downstream apps. Backups for MinIO must therefore go to a different destination (cloud S3, external SFTP, off-site).
7. External dependencies
- DNS, TLS issuance.
- The disks underneath it.
8. Authentication & access
- End-user login: MinIO console accepts the root user + IAM-style policies.
- API auth: access key + secret per consumer.
- MFA on console?
[INFO NEEDED]
- OIDC integration with Authentik?
[INFO NEEDED] — supported, recommended.
9. Maturity assessment
| Dimension |
Status |
Evidence |
| Backups (of MinIO itself) |
[INFO NEEDED] |
mc mirror to external S3? Velero? cold storage? |
| Restore tested |
[INFO NEEDED] |
|
| Monitoring |
[INFO NEEDED] |
disk usage trends, healing events, request latency |
| Alerting |
[INFO NEEDED] |
disk full → service halts |
| Redundancy |
[INFO NEEDED] |
erasure-coded across multiple disks/nodes? single disk = no redundancy |
| Versioning enabled per bucket |
[INFO NEEDED] |
protects against accidental delete |
| Object lock for backups |
[INFO NEEDED] |
protects against ransomware delete |
| Bucket-level encryption |
[INFO NEEDED] |
|
10. Known risks & vulnerabilities
[CONFIRM] Single-node MinIO is not durable — only erasure-coded distributed deployments survive disk failures.[INFO NEEDED] No off-MinIO backup — if everything is just in MinIO, there is no recovery from MinIO loss.[INFO NEEDED] Public S3 endpoint — s3.448.global exposed to the internet means brute-force surface against access keys.[INFO NEEDED] Bucket policies overly permissive — public-read buckets are a common data leak.[INFO NEEDED] No object versioning / no object lock — a single delete or ransomware attack erases data permanently.[INFO NEEDED] Disk-full = service-down — common operational footgun.
11. Impact if it goes down
- Apps that read/write MinIO at runtime stall (PE Tube, file uploads in apps).
- Backup jobs from other apps fail silently if not monitored.
- If data is lost (not just unavailable): catastrophic for whichever apps relied on it.
12. Owner & on-call
- Primary owner:
[INFO NEEDED]
13. References & links
- S3 endpoint: https://s3.448.global
- Console:
[CONFIRM]
- Vendor docs: https://min.io/docs
- Apps that consume it:
[INFO NEEDED] — list every app whose backups or uploads go here
- Domain: see domains.md