minio/docs
1
0
Fork 0
mirror of https://github.com/minio/docs.git synced 2025-07-31 18:04:52 +03:00
Code Activity

Quickfix: Guidance on firewall + port access

Browse Source
This commit is contained in:
Ravind Kumar
2023-11-21 14:16:58 -05:00
parent ad24bc3f74
commit 0741f57013
2 changed files with 13 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
source/administration/minio-console.rst
View File

@ -109,6 +109,8 @@ the MinIO Console:
public internet. Specify an externally reachable hostname that resolves public internet. Specify an externally reachable hostname that resolves
to the MinIO Console. to the MinIO Console.
.. _minio-console-port-assignment:
Static vs Dynamic Port Assignment Static vs Dynamic Port Assignment
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
@ -124,21 +126,23 @@ You can select an explicit static port by passing the
each MinIO Server in the deployment. each MinIO Server in the deployment.
For example, the following command starts a distributed MinIO deployment using For example, the following command starts a distributed MinIO deployment using
a static port assignment of ``9001`` for the MinIO Console. This deployment a static port assignment of ``9090`` for the MinIO Console. This deployment
would respond to S3 API operations on the default MinIO server port ``:9000`` would respond to S3 API operations on the default MinIO server port ``:9000``
and browser access on the MinIO Console port ``:9001``. and browser access on the MinIO Console port ``:9090``.
.. code-block:: shell .. code-block:: shell
:class: copyable :class: copyable
minio server https://minio-{1...4}.example.net/mnt/drive-{1...4} \ minio server https://minio-{1...4}.example.net/mnt/drive-{1...4} \
--console-address ":9001" --console-address ":9090"
Deployments behind network routing components which require static ports for Deployments behind network routing components which require static ports for
routing rules may require setting a static MinIO Console port. For example, routing rules may require setting a static MinIO Console port. For example,
load balancers, reverse proxies, or Kubernetes ingress may by default block load balancers, reverse proxies, or Kubernetes ingress may by default block
or exhibit unexpected behavior with the the dynamic redirection behavior. or exhibit unexpected behavior with the the dynamic redirection behavior.
You must also ensure that the host system firewall grants access to the configured Console port.
.. _minio-console-play-login: .. _minio-console-play-login:
Logging In Logging In

6
source/operations/checklists/security.rst
View File

@ -28,6 +28,12 @@ Required Steps
* - :octicon:`circle` * - :octicon:`circle`
- (For Kubernetes deployments only) Configure the tenant(s) to use the selected 3rd party Identity Provider - (For Kubernetes deployments only) Configure the tenant(s) to use the selected 3rd party Identity Provider
* - :octicon:`circle`
- Grant firewall access for TCP traffic to the MinIO Server S3 API Listen Port (Default: ``9000``).
* - :octicon:`circle`
- Grant firewall access for TCP traffic to the :ref:`MinIO Server Console Listen Port <minio-console-port-assignment>` (Recommended Default: ``9090``).
:ref:`Encryption-at-Rest <minio-sse>` :ref:`Encryption-at-Rest <minio-sse>`
------------------------------------- -------------------------------------