--- title: S3ProxyをTLS対応してUbuntu上にインストールとサービス化するメモ summary: この記事では、UbuntuにS3Proxyをインストールし、ユーザー作成・ディレクトリ設定・キーストア作成・systemdサービス化までの手順を紹介します。 tags: ["S3Proxy", "S3", "Ubuntu", "Systemd"] categories: ["Middleware", "ObjectStorage", "S3Proxy"] date: 2026-01-05T02:52:48Z updated: 2026-01-11T01:03:31Z --- [S3Proxy](https://github.com/gaul/s3proxy)をUbuntuにインストールするメモ。 ### 専用ユーザーの作成 ```bash # Create dedicated s3proxy user (no home directory, no login) sudo useradd --system --no-create-home --shell /bin/false s3proxy # Or, if home directory is needed # sudo useradd --system --home /var/lib/s3proxy --shell /bin/false s3proxy ``` ### ディレクトリ構成の作成 ```bash # Create necessary directories sudo mkdir -p /opt/s3proxy sudo mkdir -p /var/lib/s3proxy/data sudo mkdir -p /etc/s3proxy sudo mkdir -p /var/log/s3proxy # Set ownership sudo chown -R s3proxy:s3proxy /var/lib/s3proxy sudo chown -R s3proxy:s3proxy /var/log/s3proxy sudo chown s3proxy:s3proxy /etc/s3proxy ``` ### s3proxyバイナリの配置 ```bash wget https://github.com/gaul/s3proxy/releases/download/s3proxy-2.9.0/s3proxy ``` ```bash # Deploy s3proxy binary (copy from current directory) sudo mv s3proxy /opt/s3proxy/ sudo chown s3proxy:s3proxy /opt/s3proxy/s3proxy sudo chmod 755 /opt/s3proxy/s3proxy ``` ### キーストアの作成 ```bash # Create keystore (self-signed certificate) sudo keytool -genkeypair -alias s3proxy -keyalg RSA -keysize 2048 \ -validity 3650 -keystore /etc/s3proxy/keystore.jks \ -storepass changeme -keypass changeme \ -dname "CN=s3proxy.maki.lol, OU=, O=, L=, ST=Tokyo, C=JP" # Set ownership and permissions sudo chown s3proxy:s3proxy /etc/s3proxy/keystore.jks sudo chmod 600 /etc/s3proxy/keystore.jks ``` CA証明書が必要な場合 ```bash sudo keytool -exportcert -keystore /etc/s3proxy/keystore.jks -alias s3proxy -rfc -storepass changeme > s3proxy.crt ``` ### 設定ファイルの作成 ```bash # Create configuration file sudo tee /etc/s3proxy/s3proxy.properties > /dev/null <<'EOF' s3proxy.authorization=aws-v4 s3proxy.identity=changeme s3proxy.credential=changeme s3proxy.secure-endpoint=https://0.0.0.0:8443 s3proxy.keystore-path=/etc/s3proxy/keystore.jks s3proxy.keystore-password=changeme jclouds.provider=filesystem-nio2 jclouds.filesystem.basedir=/var/lib/s3proxy/data jclouds.region=us-east-1 EOF # Set ownership and permissions sudo chown s3proxy:s3proxy /etc/s3proxy/s3proxy.properties sudo chmod 600 /etc/s3proxy/s3proxy.properties ``` ### systemdサービスファイルの作成 ```bash sudo tee /etc/systemd/system/s3proxy.service > /dev/null <<'EOF' [Unit] Description=S3 Proxy Service After=network-online.target Wants=network-online.target [Service] Type=simple User=s3proxy Group=s3proxy WorkingDirectory=/opt/s3proxy # Execution command ExecStart=/opt/s3proxy/s3proxy --properties /etc/s3proxy/s3proxy.properties # Logging configuration StandardOutput=append:/var/log/s3proxy/s3proxy.log StandardError=append:/var/log/s3proxy/s3proxy-error.log # Restart configuration Restart=on-failure RestartSec=10s # Security settings NoNewPrivileges=true PrivateTmp=true ProtectSystem=strict ProtectHome=true ReadWritePaths=/var/lib/s3proxy /var/log/s3proxy # Resource limits LimitNOFILE=65536 [Install] WantedBy=multi-user.target EOF ``` ### サービスの有効化と起動 ```bash # Reload systemd daemon sudo systemctl daemon-reload # Enable service (auto-start on boot) sudo systemctl enable s3proxy # Start service sudo systemctl start s3proxy # Check status sudo systemctl status s3proxy ``` ### 動作確認 ```bash # Check service status sudo systemctl status s3proxy # Check logs sudo tail -f /var/log/s3proxy/s3proxy.log # Check process ps aux | grep s3proxy # Check port sudo ss -tlnp | grep 8443 ``` AWS CLIで動作確認 ```bash aws --profile s3proxy configure set aws_access_key_id changeme aws --profile s3proxy configure set aws_secret_access_key changeme aws --profile s3proxy configure set region us-east-1 aws --profile s3proxy --endpoint-url=https://localhost:8443 --no-verify-ssl s3 mb s3://test-bucket aws --profile s3proxy --endpoint-url=https://localhost:8443 --no-verify-ssl s3 ls ```