If you need to extend or correct something of the MinIO console integration, you have to take into account a set of peculiarities explained in Integration of the MinIO console into the platform
To set up the integration in a development environment, the fastest way is to do the following:
Boot a Rancher 2 locally:
docker run -d --restart=unless-stopped \ -p 8443:443 --privileged rancher/rancher:latest
Once booted, copy the kubect configuration to local in $HOME/.kube/config
Run the chart of the basic MinIO installation, which is at https://gitlab.devops.onesait.com/onesait/platform/engine/onesait-platform/deployment/onesaitplatform-operator
helm install onesaitplatform-minio-minimal-chart/ --namespace onesaitplatform --generate-name --version 3
With this, we will have MinIO running in our premises. As this Rancher does not have Ingress, we have to expose the services manually using the following commands, which expose both consoles (ports 9001 and 9002) as well as the MinIO server (port 9000).
kubectl port-forward service/minio-console 9001:9090 -n onesaitplatform --insecure-skip-tls-verify=true --address='0.0.0.0' kubectl port-forward service/minio-browser 9002:9090 -n onesaitplatform --insecure-skip-tls-verify=true --address='0.0.0.0' kubectl port-forward service/minio 9000:9000 -n onesaitplatform --insecure-skip-tls-verify=true --address='0.0.0.0'
The next thing is to have subdomains for the MinIO consoles in our premises (in the controlpanel, we can’t use the typical localhost:9001 and localhost:9002, but we need subdomains). To do this, we edit the etc/hosts file with the following mock domains to our own machine:
127.0.0.1 midominio.com 127.0.0.1 miniobrowser.midominio.com 127.0.0.1 minioadmin.midominio.com
Finally, due to the configuration of the MinIO consoles, to embed them in an IFrame, we have to do it via HTTPS – so, we need to generate 3 certificates and configure them in an NGINX, which will not give access to the control panel and to both consoles. To do this, we follow the instructions n this page https://www.humankode.com/ssl/create-a-selfsigned-certificate-for-nginx-in-5-minutes and generate three certificates for:
Next, we configure a containerized NGINX that redirects to the control panel and both MinIO consoles through a secure port.
We create a directory nginx_minio with two subdirectories:
nginx
certs
We copy the certificates from the previous step to certs.
In the nginx subdirectory, we copy a base nginx configuration (e.g. copied from a new nginx container).
In nginx_minio/nginx/nginx.conf we configure that the configurations of /etc/nginx/conf.d are included.
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log notice;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
# default_type application/octet-stream;
include /etc/nginx/mime.types;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
#gzip on;
include /etc/nginx/conf.d/*.conf;
}
We create in nginx_minio/nginx the directory conf.d where we create the configuration of redirections to the controlpanel and the minio consoles through three files:
controlpanel.conf:
server {
listen 80;
listen [::]:80;
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name midominio.com;
ssl_certificate /etc/ssl/certs/midominio.crt;
ssl_certificate_key /etc/ssl/certs/midominio.key;
ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
include /etc/nginx/mime.types;
location /controlpanel {
proxy_pass http://127.0.0.1:18000;
}
minio-console-browser.conf
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name miniobrowser.midominio.com;
include /etc/nginx/mime.types;
ssl_certificate /etc/ssl/certs/miniobrowser.midominio.crt;
ssl_certificate_key /etc/ssl/certs/miniobrowser.midominio.key;
ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
location / {
include /etc/nginx/mime.types;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;
proxy_hide_header X-XSS-Protection;
proxy_hide_header X-Frame-Options;
proxy_hide_header 'Access-Control-Allow-Origin';
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Credentials' 'true';
proxy_connect_timeout 300;
proxy_http_version 1.1;
proxy_set_header Connection "";
chunked_transfer_encoding off;
proxy_pass http://192.168.1:9002/; #Servicio donde escucha la consola de MinIO
}
minio-console-admin.conf
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name minioadmin.midominio.com;
include /etc/nginx/mime.types;
ssl_certificate /etc/ssl/certs/miniobrowser.midominio.crt;
ssl_certificate_key /etc/ssl/certs/miniobrowser.midominio.key;
ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
location / {
include /etc/nginx/mime.types;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;
proxy_hide_header X-XSS-Protection;
proxy_hide_header X-Frame-Options;
proxy_hide_header 'Access-Control-Allow-Origin';
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Credentials' 'true';
proxy_connect_timeout 300;
proxy_http_version 1.1;
proxy_set_header Connection "";
chunked_transfer_encoding off;
proxy_pass http://127.0.0.1:9001/; #Servicio donde escucha la consola de MinIO
}
}
We start the nginx:
sudo docker run -p 80:80 -p 443:443 -v /home/jfgpimpollo/develop/nginx_minio/nginx:/etc/nginx -v /home/jfgpimpollo/develop/nginx_minio/certs:/etc/ssl/certs nginx:latest
By starting the controlpanel from eclipse, we will have access to the integrated console with MinIO through https://mydomain.com/controlpanel. It is very likely that you have to configure in the console configuration in Endpoint modules, the MinIO routes.