If you need to extend or correct something of the MinIO console integration, you have to take into account a set of peculiarities explained in Integration of the MinIO console into the platform.
To set up the integration in a development environment, the fastest way is to do the following:
Boot a Rancher 2 locally:
Code Block docker run -d --restart=unless-stopped \ -p 8443:443 --privileged rancher/rancher:latestOnce booted, copy the kubect configuration to local in: $HOME/.kube/config
Run the chart of the basic MinIO installation, which is at https://gitlab.devops.onesait.com/onesait/platform/engine/onesait-platform/deployment/onesaitplatform-operator
| Code Block |
|---|
helm install onesaitplatform-minio-minimal-chart/ --namespace onesaitplatform --generate-name --version 3 |
With this, we you will have MinIO running in our your premises. As this Rancher does not have Ingress, we you have to expose the services manually using the following commands, which expose both consoles (ports 9001 and 9002) as well as the MinIO server (port 9000).
| Code Block |
|---|
kubectl port-forward service/minio-console 9001:9090 -n onesaitplatform --insecure-skip-tls-verify=true --address='0.0.0.0' kubectl port-forward service/minio-browser 9002:9090 -n onesaitplatform --insecure-skip-tls-verify=true --address='0.0.0.0' kubectl port-forward service/minio 9000:9000 -n onesaitplatform --insecure-skip-tls-verify=true --address='0.0.0.0' |
The next thing step is to have subdomains for the MinIO consoles in our your premises (in the controlpanel, we you can’t use the typical localhost:9001 and localhost:9002, but we you need subdomains). To do this, we edit the etc/hosts file with the following mock domains to our your own machine:
| Code Block |
|---|
127.0.0.1 midominio.com
127.0.0.1 miniobrowser.midominio.com
127.0.0.1 minioadmin.midominio.com
|
Finally, due to the configuration of the MinIO consoles, to embed them in an IFrame, we you have to do it via HTTPS – , so , we you need to generate 3 three certificates and configure them in an NGINX, which will not give access to the control panel and to both consoles. To do this, we follow the instructions n in this page https://www.humankode.com/ssl/create-a-selfsigned-certificate-for-nginx-in-5-minutes and generate three certificates for (example):
http://midominio.comhttp://
miniobrowser.midominio.com
http://minioadmin.midominio.com
Next, we configure a containerized NGINX that redirects to the control panel and both MinIO consoles through a secure port.
We create Create a directory nginx_minio with two subdirectories:
nginx
certs
We copy Copy the certificates from the previous step to certs.
In the nginx subdirectory, we copy a base nginx configuration (e.g. copied from a new nginx container).
In nginx_minio/nginx/nginx.conf we , configure that the configurations of /etc/nginx/conf.d are included.
| Code Block |
|---|
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log notice;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
# default_type application/octet-stream;
include /etc/nginx/mime.types;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
#gzip on;
include /etc/nginx/conf.d/*.conf;
} |
We create Create in nginx_minio/nginx the directory conf.d where we and create in it the configuration of redirections to the controlpanel and the minio MinIO consoles through three files:
...
| Code Block |
|---|
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name miniobrowser.midominio.com;
include /etc/nginx/mime.types;
ssl_certificate /etc/ssl/certs/miniobrowser.midominio.crt;
ssl_certificate_key /etc/ssl/certs/miniobrowser.midominio.key;
ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
location / {
include /etc/nginx/mime.types;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;
proxy_hide_header X-XSS-Protection;
proxy_hide_header X-Frame-Options;
proxy_hide_header 'Access-Control-Allow-Origin';
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Credentials' 'true';
proxy_connect_timeout 300;
proxy_http_version 1.1;
proxy_set_header Connection "";
chunked_transfer_encoding off;
proxy_pass http://192.168.1:9002/; #Servicio donde escucha la consola de MinIO
}
|
minio-console-admin.conf
| Code Block |
|---|
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name minioadmin.midominio.com;
include /etc/nginx/mime.types;
ssl_certificate /etc/ssl/certs/miniobrowser.midominio.crt;
ssl_certificate_key /etc/ssl/certs/miniobrowser.midominio.key;
ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
location / {
include /etc/nginx/mime.types;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;
proxy_hide_header X-XSS-Protection;
proxy_hide_header X-Frame-Options;
proxy_hide_header 'Access-Control-Allow-Origin';
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Credentials' 'true';
proxy_connect_timeout 300;
proxy_http_version 1.1;
proxy_set_header Connection "";
chunked_transfer_encoding off;
proxy_pass http://127.0.0.1:9001/; #Servicio donde escucha la consola de MinIO
}
} |
We start Start the nginx:
| Code Block |
|---|
sudo docker run -p 80:80 -p 443:443 -v /home/jfgpimpollo/develop/nginx_minio/nginx:/etc/nginx -v /home/jfgpimpollo/develop/nginx_minio/certs:/etc/ssl/certs nginx:latest |
By starting the controlpanel from eclipse, we you will have access to the integrated console with MinIO through https://mydomain.com/controlpanel. It is very likely that you have to configure in the console configuration in Endpoint modules, the MinIO routes.