MinIO console and control panel in local
- Onesait Platform
If you need to extend or correct something of the MinIO console integration, you have to take into account a set of peculiarities explained in Integration of the MinIO console into the platform.
Â
To set up the integration in a development environment, the fastest way is to do the following:
Boot a Rancher 2 locally:
docker run -d --restart=unless-stopped \ -p 8443:443 --privileged rancher/rancher:latestOnce booted, copy the kubect configuration to local in: $HOME/.kube/config
Run the chart of the basic MinIO installation, which is at https://gitlab.devops.onesait.com/onesait/platform/engine/onesait-platform/deployment/onesaitplatform-operator
helm install onesaitplatform-minio-minimal-chart/ --namespace onesaitplatform --generate-name --version 3With this, you will have MinIO running in your premises. As this Rancher does not have Ingress, you have to expose the services manually using the following commands, which expose both consoles (ports 9001 and 9002) as well as the MinIO server (port 9000).
kubectl port-forward service/minio-console 9001:9090 -n onesaitplatform --insecure-skip-tls-verify=true --address='0.0.0.0'
kubectl port-forward service/minio-browser 9002:9090 -n onesaitplatform --insecure-skip-tls-verify=true --address='0.0.0.0'
kubectl port-forward service/minio 9000:9000 -n onesaitplatform --insecure-skip-tls-verify=true --address='0.0.0.0'The next step is to have subdomains for the MinIO consoles in your premises (in the controlpanel, you can’t use the typical localhost:9001 and localhost:9002, but you need subdomains). To do this, edit the etc/hosts file with the following mock domains to your own machine:
127.0.0.1 midominio.com
127.0.0.1 miniobrowser.midominio.com
127.0.0.1 minioadmin.midominio.comFinally, due to the configuration of the MinIO consoles, to embed them in an IFrame, you have to do it via HTTPS, so you need to generate three certificates and configure them in an NGINX, which will give access to the control panel and to both consoles. To do this, follow the instructions in this page https://www.humankode.com/ssl/create-a-selfsigned-certificate-for-nginx-in-5-minutes and generate three certificates for (example):
midominio.com
miniobrowser.midominio.com
minioadmin.midominio.com
Next, configure a containerized NGINX that redirects to the control panel and both MinIO consoles through a secure port.
Create a directory nginx_minio with two subdirectories:
nginx
certs
Copy the certificates from the previous step to certs.
In the nginx subdirectory, copy a base nginx configuration (e.g. copied from a new nginx container).
In nginx_minio/nginx/nginx.conf , configure that the configurations of /etc/nginx/conf.d are included.
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log notice;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
# default_type application/octet-stream;
include /etc/nginx/mime.types;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
#gzip on;
include /etc/nginx/conf.d/*.conf;
}Create in nginx_minio/nginx the directory conf.d and create in it the configuration of redirections to the controlpanel and the MinIO consoles through three files:
controlpanel.conf:
server {
listen 80;
listen [::]:80;
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name midominio.com;
ssl_certificate /etc/ssl/certs/midominio.crt;
ssl_certificate_key /etc/ssl/certs/midominio.key;
ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
include /etc/nginx/mime.types;
location /controlpanel {
proxy_pass http://127.0.0.1:18000;
}
minio-console-browser.conf
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name miniobrowser.midominio.com;
include /etc/nginx/mime.types;
ssl_certificate /etc/ssl/certs/miniobrowser.midominio.crt;
ssl_certificate_key /etc/ssl/certs/miniobrowser.midominio.key;
ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
location / {
include /etc/nginx/mime.types;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;
proxy_hide_header X-XSS-Protection;
proxy_hide_header X-Frame-Options;
proxy_hide_header 'Access-Control-Allow-Origin';
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Credentials' 'true';
proxy_connect_timeout 300;
proxy_http_version 1.1;
proxy_set_header Connection "";
chunked_transfer_encoding off;
proxy_pass http://192.168.1:9002/; #Servicio donde escucha la consola de MinIO
}
minio-console-admin.conf
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name minioadmin.midominio.com;
include /etc/nginx/mime.types;
ssl_certificate /etc/ssl/certs/miniobrowser.midominio.crt;
ssl_certificate_key /etc/ssl/certs/miniobrowser.midominio.key;
ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
location / {
include /etc/nginx/mime.types;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;
proxy_hide_header X-XSS-Protection;
proxy_hide_header X-Frame-Options;
proxy_hide_header 'Access-Control-Allow-Origin';
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Credentials' 'true';
proxy_connect_timeout 300;
proxy_http_version 1.1;
proxy_set_header Connection "";
chunked_transfer_encoding off;
proxy_pass http://127.0.0.1:9001/; #Servicio donde escucha la consola de MinIO
}
}Start the nginx:
sudo docker run -p 80:80 -p 443:443 -v /home/jfgpimpollo/develop/nginx_minio/nginx:/etc/nginx -v /home/jfgpimpollo/develop/nginx_minio/certs:/etc/ssl/certs nginx:latestBy starting the controlpanel from eclipse, you will have access to the integrated console with MinIO through https://mydomain.com/controlpanel. It is likely that you have to configure in the console configuration in Endpoint modules, the MinIO routes.