diff --git a/MinIO Quota Enforcement Script - nginx_request_checker.py.-.md b/MinIO Quota Enforcement Script - nginx_request_checker.py.-.md new file mode 100644 index 0000000..9dd6023 --- /dev/null +++ b/MinIO Quota Enforcement Script - nginx_request_checker.py.-.md @@ -0,0 +1,108 @@ +# MinIO Quota Enforcement Proxy + +## Overview +This script acts as a middleware between Nginx and MinIO to enforce storage quotas per user. It checks Redis for quota status before proxying requests to MinIO. If a user has exceeded their quota, the script returns an S3-style XML error message. + +## Features +- **Quota Enforcement**: Blocks users who exceed their storage quota. +- **Configurable Settings**: Reads configurations from environment variables and `/etc/minio_quota.conf`. +- **Logging**: Always logs to stdout and optionally logs to a file if `LOG_FILE` is set. +- **Proxying**: Forwards valid requests to MinIO. + +## Configuration +The script prioritizes configuration values in this order: +1. **Environment Variables** +2. **Configuration File (`/etc/minio_quota.conf`)** +3. **Default Values** + +### Configurable Parameters +| Variable | Default Value | Description | +|-----------------|--------------|-------------| +| `REDIS_HOST` | `127.0.0.1` | Redis server hostname/IP | +| `REDIS_PORT` | `6379` | Redis server port | +| `REDIS_DB` | `2` | Redis database number | +| `MINIO_ENDPOINT` | `http://minio-server-vm.int.lhprojects.net` | MinIO server URL | +| `LOG_FILE` | None | Path to log file (logs only if set) | + +### Example Configuration File (`/etc/minio_quota.conf`) +``` +REDIS_HOST=192.168.1.100 +REDIS_PORT=6379 +REDIS_DB=2 +MINIO_ENDPOINT=http://minio.example.com +LOG_FILE=/var/log/minio_quota.log +``` + +## Installation & Usage +### Prerequisites +- Python 3.8+ +- `fastapi`, `redis`, `httpx`, and `uvicorn` + +Install dependencies: +```sh +pip install fastapi redis httpx uvicorn +``` + +### Running the Script +Run the script using `uvicorn`: +```sh +uvicorn nginx_request_checker:app --host 0.0.0.0 --port 8000 +``` + +To run in the background: +```sh +nohup uvicorn nginx_request_checker:app --host 0.0.0.0 --port 8000 > nginx_request_checker.log 2>&1 & +``` + +### Running as a Systemd Service +1. Create a systemd service file: +```sh +sudo nano /etc/systemd/system/minio_quota_checker.service +``` +2. Add the following: +```ini +[Unit] +Description=MinIO Quota Checker API +After=network.target + +[Service] +User=your_user +WorkingDirectory=/path/to/script +ExecStart=/usr/bin/uvicorn nginx_request_checker:app --host 0.0.0.0 --port 8000 +Restart=always + +[Install] +WantedBy=multi-user.target +``` +3. Enable and start the service: +```sh +sudo systemctl daemon-reload +sudo systemctl enable minio_quota_checker +sudo systemctl start minio_quota_checker +``` + +## API Behavior +The script intercepts all requests and performs the following: +1. Extracts the username from the request path. +2. Checks Redis for the key `quota_exceeded:`. +3. If quota is exceeded, it returns a `403 Forbidden` response with an XML error message. +4. Otherwise, it forwards the request to MinIO. + +### Example Error Response +```xml + + + QuotaExceeded + User has exceeded storage quota. + /test-bucket/object + request-id-12345 + +``` + +## Notes +- Ensure Redis is running and accessible by the script. +- Update Nginx to forward requests to this script instead of directly to MinIO. + +## License +MIT License +