minio/docs
1
0
Fork 0
mirror of https://github.com/minio/docs.git synced 2025-08-09 13:02:53 +03:00
Code Activity

DOCS-910: Updating proxy and console configurations (#921)

Browse Source
This commit is contained in:
Ravind Kumar
2023-07-21 17:41:51 -04:00
committed by GitHub
parent 8801c834b2
commit 975cbeb5ff
2 changed files with 70 additions and 38 deletions
Download Patch File Download Diff File Expand all files Collapse all files

64
source/integrations/setup-nginx-proxy-with-minio.rst
View File

@@ -33,19 +33,27 @@ There are two models for proxying requests to the MinIO Server API and the MinIO
- Proxy requests to the root ``https://minio.example.net`` to the MinIO Server listening on ``https://minio.local:9000``. - Proxy requests to the root ``https://minio.example.net`` to the MinIO Server listening on ``https://minio.local:9000``.
- Proxy requests to the subpath ``https://minio.example.net/minio`` to the MinIO Console listening on ``https://minio.local:9001``. - Proxy requests to the subpath ``https://minio.example.net/minio/ui`` to the MinIO Console listening on ``https://minio.local:9090``.
The following location blocks provide a template for further customization in your unique environment: The following location blocks provide a template for further customization in your unique environment:
.. code-block:: nginx .. code-block:: nginx
:class: copyable :class: copyable
upstream minio { upstream minio_s3 {
least_conn; least_conn;
server minio-01.internal-domain.com; server minio-01.internal-domain.com:9000;
server minio-02.internal-domain.com; server minio-02.internal-domain.com:9000;
server minio-03.internal-domain.com; server minio-03.internal-domain.com:9000;
server minio-04.internal-domain.com; server minio-04.internal-domain.com:9000;
}
upstream minio_console {
least_conn;
server minio-01.internal-domain.com:9090;
server minio-02.internal-domain.com:9090;
server minio-03.internal-domain.com:9090;
server minio-04.internal-domain.com:9090;
} }
server { server {
@@ -74,10 +82,11 @@ There are two models for proxying requests to the MinIO Server API and the MinIO
proxy_set_header Connection ""; proxy_set_header Connection "";
chunked_transfer_encoding off; chunked_transfer_encoding off;
proxy_pass https://minio:9000/; # This uses the upstream directive definition to load balance proxy_pass https://minio_s3; # This uses the upstream directive definition to load balance
} }
location /minio { location /minio/ui {
rewrite ^/minio/ui/(.*) /$1 break;
proxy_set_header Host $http_host; proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
@@ -96,11 +105,16 @@ There are two models for proxying requests to the MinIO Server API and the MinIO
chunked_transfer_encoding off; chunked_transfer_encoding off;
proxy_pass https://minio:9001/; # This uses the upstream directive definition to load balance and assumes a static Console port of 9001 proxy_pass https://minio_console; # This uses the upstream directive definition to load balance
} }
} }
The S3 API signature calculation algorithm does *not* support proxy schemes where you host either the MinIO Server API or Console GUI on a subpath, such as ``example.net/s3/`` or ``example.net/console/``. The S3 API signature calculation algorithm does *not* support proxy schemes where you host the MinIO Server API such as ``example.net/s3/``.
You must also set the following environment variables for the MinIO deployment:
- Set :envvar:`MINIO_SERVER_URL` to the proxy host FQDN of the MinIO Server (``https://minio.example.net``)
- Set the :envvar:`MINIO_BROWSER_REDIRECT_URL` to the proxy host FQDN of the MinIO Console (``https://example.net/minio/ui``)
.. tab-item:: Subdomain .. tab-item:: Subdomain
@@ -110,19 +124,27 @@ There are two models for proxying requests to the MinIO Server API and the MinIO
- Proxy request to the subdomain ``minio.example.net`` to the MinIO Server listening on ``https://minio.local:9000`` - Proxy request to the subdomain ``minio.example.net`` to the MinIO Server listening on ``https://minio.local:9000``
- Proxy requests to the subdomain ``console.example.net`` to the MinIO Console listening on ``https://minio.local:9001`` - Proxy requests to the subdomain ``console.example.net`` to the MinIO Console listening on ``https://minio.local:9090``
The following location blocks provide a template for further customization in your unique environment: The following location blocks provide a template for further customization in your unique environment:
.. code-block:: nginx .. code-block:: nginx
:class: copyable :class: copyable
upstream minio { upstream minio_s3 {
least_conn; least_conn;
server minio-01.internal-domain.com; server minio-01.internal-domain.com:9000;
server minio-02.internal-domain.com; server minio-02.internal-domain.com:9000;
server minio-03.internal-domain.com; server minio-03.internal-domain.com:9000;
server minio-04.internal-domain.com; server minio-04.internal-domain.com:9000;
}
upstream minio_console {
least_conn;
server minio-01.internal-domain.com:9090;
server minio-02.internal-domain.com:9090;
server minio-03.internal-domain.com:9090;
server minio-04.internal-domain.com:9090;
} }
server { server {
@@ -151,7 +173,7 @@ There are two models for proxying requests to the MinIO Server API and the MinIO
proxy_set_header Connection ""; proxy_set_header Connection "";
chunked_transfer_encoding off; chunked_transfer_encoding off;
proxy_pass http://minio:9000/; # This uses the upstream directive definition to load balance proxy_pass http://minio_s3; # This uses the upstream directive definition to load balance
} }
} }
@@ -189,9 +211,13 @@ There are two models for proxying requests to the MinIO Server API and the MinIO
chunked_transfer_encoding off; chunked_transfer_encoding off;
proxy_pass http://minio:9001/; # This uses the upstream directive definition to load balance and assumes a static Console port of 9001 proxy_pass http://minio_console/; # This uses the upstream directive definition to load balance
} }
} }
The S3 API signature calculation algorithm does *not* support proxy schemes where you host either the MinIO Server API or Console GUI on a subpath, such as ``minio.example.net/s3/`` or ``console.example.net/gui``. The S3 API signature calculation algorithm does *not* support proxy schemes where you host the MinIO Server API on a subpath, such as ``minio.example.net/s3/``.
You must also set the following environment variables for the MinIO deployment:
- Set :envvar:`MINIO_SERVER_URL` to the proxy host FQDN of the MinIO Server (``https://minio.example.net``)
- Set the :envvar:`MINIO_BROWSER_REDIRECT_URL` to the proxy host FQDN of the MinIO Console (``https://console.example.net/``)

44
source/reference/minio-server/minio-server.rst
View File

@@ -277,12 +277,23 @@ Core Configuration
.. envvar:: MINIO_CONFIG_ENV_FILE .. envvar:: MINIO_CONFIG_ENV_FILE
Specifies the full path to the file the MinIO server process uses for loading environment variables. Specifies the full path to the file the MinIO server process uses for loading environment variables.
For ``systemd``-managed files, setting this value to the environment file allows MinIO to reload changes to that file on using :mc-cmd:`mc admin service restart` to restart the deployment.
.. envvar:: MINIO_ILM_EXPIRY_WORKERS .. envvar:: MINIO_ILM_EXPIRY_WORKERS
Specifies the number of workers to make available to expire objects configured with ILM rules for expiration. Specifies the number of workers to make available to expire objects configured with ILM rules for expiration.
When not set, MinIO defaults to using up to half of the available processing cores available. When not set, MinIO defaults to using up to half of the available processing cores available.
.. envvar:: MINIO_DOMAIN
Set to the Fully Qualified Domain Name (FQDN) MinIO accepts Bucket DNS (Virtual Host)-style requests on.
For example, setting ``MINIO_DOMAIN=minio.example.net`` directs MinIO to accept an incoming connection request the ``data`` bucket at ``data.minio.example.net``.
If this setting is omitted, the default is to only accept path-style requests. For example, ``minio.example.net/data``.
Root Credentials Root Credentials
~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~
@@ -432,32 +443,27 @@ MinIO Console:
*Optional* *Optional*
Specify the URL the MinIO Console provides as the redirect URL to the Specify the Fully Qualified Domain Name (FQDN) the MinIO Console listens for incoming connections on.
configured :ref:`external identity manager
<minio-authentication-and-identity-management>`.
This variable may be necessary for MinIO deployments behind a reverse
proxy, load balancer, or similar technology where the internal
hostname or IP structure is not reachable from the external network.
For example, consider a MinIO deployment behind a proxy where
``https://minio.example.net`` redirects to the MinIO deployment on port
``:9000`` and ``https://console.minio.example.net`` redirects to the
MinIO Console on port ``:9001``.
By default, the MinIO Console use its *internal* hostname as part of the If you want to host the MinIO Console exclusively from a reverse-proxy service, you must specify the hostname managed by that service.
request. Set this variable to ``https://console.minio.example.net`` to ensure
the external identity provider has a reachable URL to which to send the For example, consider a reverse proxy configured to route ``https://example.net/minio/`` to the MinIO Console.
authentication response. You must set this environment variable to match that hostname for the Console to both listen and respond to requests using that hostname.
If you omit this variable, the Console listens and responds to all IP addresses or hostnames associated to the host machine on which the MinIO Server runs.
.. envvar:: MINIO_SERVER_URL .. envvar:: MINIO_SERVER_URL
*Optional* *Optional*
Specify the Fully Qualified Domain Name (FQDN) the MinIO Console should use for connecting to the MinIO Server. Specify the Fully Qualified Domain Name (FQDN) the MinIO Console must use for connecting to the MinIO Server.
The Console also uses this value for setting the root hostname when generating presigned URLs.
This variable is typically only necessary when the MinIO Server TLS certificates do not contain an IP Subject Alternative Name (SAN) for the MinIO Server. This setting may be required if:
Since the Console uses the MinIO Server IP by default, the Console may fail to connect due to the TLS certificate not having the necessary IP listed as a SAN.
- The MinIO Server uses a TLS certificate that does not include the host local IP(s) in the certificate Subject Alternative Name (SAN) *or*
- The Console must use a specific hostname to connect or reference the MinIO Server, e.g. due to a reverse proxy or similar configuration.
Key Management Service and Encryption Key Management Service and Encryption
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~