MinIO is a high-performance object storage that can be used for serving static assets for your web application or any other kind of media assets.
It's very simple to install MinIO in a Caprover server, because it's available as a "One Click App".
Once installed, you can use the web interface (MinIO Browser) to simply create a new bucket.
Imagine that your web app needs to store some documents (for example a job offer) in the bucket, allowing people to download the document.
As explained in the MinIO Client Complete Guide, you can use the 'download' policy:
mc policy set download myminioserver/job-offers/ Access permission for ‘myminioserver/job-offers/’ is set to 'download'
Imagine that you upload a file called 'job-100-offer.pdf'. With the complete file path, you can download the document:
The problem is that also "directory listing" is enabled, which means that if you reach the root directory:
you'll get all the files availables in directory. If the requirement is that directory listing is denied, then you can use a custom policy. It seems difficult but it's actually very simple.
First, get the actual policy you set with the command above:
mc policy get-json myminioserver/job-offers > ~/Desktop/policy.json
This is the content of the policy.json file:
Then, looking at the first Action
"Action": ["s3:GetBucketLocation", "s3:ListBucket"],
simply remove the content "s3:ListBucket", save the file and update the policy with the command:
mc policy set-json ~/Desktop/policy.json myminioserver/job-offers
You're done. Only if you know the full path of the file, you'll be able to download it. If you try a directory listing, you'll get a AccessDenied error.