52e66839f1
Updates for MinIO Server RELEASE.2024-05-10T01-41-38Z
- Removes references to `MINIO_SERVER_URL` envvar.
- Updates KMS and KES related envvar settings to add KMS as an option.
- Also differentiates KMS and KES related envvar into three groups,
which are mutually exclusive.
Closes #1214
12 KiB
MinIO Console Settings
minio
Table of Contents
This page covers settings that manage access and behavior for the MinIO Console.
Browser Settings
The following settings control behavior for the embedded MinIO Console.
MinIO Console
Optional
Environment Variable
MINIO_BROWSER
Specify off to disable the embedded MinIO Console.
Configuration Setting
This setting does not have a configuration variable setting. Use the Environment Variable instead.
Animation
Optional
Environment Variable
MINIO_BROWSER_LOGIN_ANIMATION
MinIO Server RELEASE.2023-05-04T21-44-30Z
Specify off to disable the animated login screen for the
MinIO Console. Defaults to on.
Configuration Setting
This setting does not have a configuration variable setting. Use the Environment Variable instead.
Browser Redirect
Optional
Environment Variable
MINIO_BROWSER_REDIRECT
MinIO Server RELEASE.2023-09-16T01-01-47Z
Specify whether requests from a web browser automatically redirect to
the Console address. Defaults to true.
Configuration Setting
This setting does not have a configuration variable setting. Use the Environment Variable instead.
Browser Redirect URL
Optional
Environment Variable
MINIO_BROWSER_REDIRECT_URL
Specify the Fully Qualified Domain Name (FQDN) the MinIO Console listens for incoming connections on.
If you want to host the MinIO Console exclusively from a reverse-proxy service, you must specify the hostname managed by that service.
For example, consider a reverse proxy configured to route
https://example.net/minio/ to the MinIO Console. You must
set this environment variable to match that hostname for the Console to
both listen and respond to requests using that hostname.
If you omit this variable, the Console listens and responds to all IP addresses or hostnames associated to the host machine on which the MinIO Server runs.
Configuration Setting
This setting does not have a configuration variable setting. Use the Environment Variable instead.
Session Duration
Optional
Environment Variable
MINIO_BROWSER_SESSION_DURATION
MinIO Server RELEASE.2023-08-23T10-07-06Z
Specify the duration of a browser session for working with the MinIO Console.
MinIO supports the following units of time measurement:
s- seconds, "60s"m- minutes, "60m"h- hours, "24h"d- days, "7d"
Defaults to 12h.
Configuration Setting
This setting does not have a configuration variable setting. Use the Environment Variable instead.
Log Query URL
Optional
Environment Variable
MINIO_LOG_QUERY_URL
Specify the URL of a PostgreSQL service to which MinIO writes Audit logs <minio-logging-publish-audit-logs>.
The embedded MinIO Console provides a Log Search tool that allows
querying the PostgreSQL service for collected logs.
Configuration Setting
This setting does not have a configuration variable setting. Use the Environment Variable instead.
Content Security Policy
Optional
Configure MinIO Console to generate a Content-Security-Policy
header in HTTP responses. Defaults to
default-src 'self' 'unsafe-eval' 'unsafe-inline';
Environment Variable
MINIO_BROWSER_CONTENT_SECURITY_POLICY
set MINIO_BROWSER_CONTENT_SECURITY_POLICY="default-src 'self' 'unsafe-eval' 'unsafe-inline';"Configuration Setting
browser csp_policy
mc admin config set browser \
csp_policy="default-src 'self' 'unsafe-eval' 'unsafe-inline';" \
[ARGUMENT=VALUE ...]Strict Transport Security
Optional
Configure MinIO console to generate a Strict-Transport-Security header in HTTP responses.
To generate the header, you must set a duration
using either MINIO_BROWSER_HSTS_SECONDS or ~browser.hsts_seconds.
Other HSTS settings are optional.
Environment Variables
MINIO_BROWSER_HSTS_SECONDS
The max_age the configured policy remains in effect, in
seconds. Defaults to 0, disabled. You must
configure a non-zero duration to enable the
Strict-Transport-Security header.
set MINIO_BROWSER_HSTS_SECONDS=31536000MINIO_BROWSER_HSTS_INCLUDE_SUB_DOMAINS
Set to on to also apply the configured HSTS policy to
all MinIO Console subdomains. Defaults to off.
set MINIO_BROWSER_HSTS_INCLUDE_SUB_DOMAINS="on"MINIO_BROWSER_HSTS_PRELOAD
Set to on to direct the client browser to add the MinIO
Console domain to its HSTS preload list. Defaults to
off.
set MINIO_BROWSER_HSTS_INCLUDE_SUB_DOMAINS="on"Configuration Settings
The following configuration settings require a service restart to
take effect. To restart the service, use mc admin service restart.
browser hsts_seconds
The max_age the configured policy remains in effect, in
seconds. Defaults to 0, disabled. You must
configure a non-zero duration to enable the
Strict-Transport-Security header.
mc admin config set browser \
hsts_seconds="31536000" \
[ARGUMENT=VALUE ...]browser hsts_include_subdomains
Set to on to also apply the configured HSTS policy to
all MinIO Console subdomains. Defaults to off.
mc admin config set browser \
hsts_include_subdomains="on" \
hsts_seconds="31536000" \
[ARGUMENT=VALUE ...]browser hsts_preload
Set to on to direct the client browser to add the MinIO
Console domain to its HSTS preload list. Defaults to
off.
mc admin config set browser \
hsts_preload="on" \
hsts_seconds="31536000" \
[ARGUMENT=VALUE ...]Examples
The following examples show the rendered header for the given
configuration settings. The equivalent environment variables generate
the same result. All examples use a value of 31536000,
which is the number of seconds in a calendar year (365 days).
hsts_seconds
mc admin config set ALIAS browser hsts_seconds=31536000Strict-Transport-Security: max-age=31536000
hsts_include_subdomains
mc admin config set ALIAS browser hsts_seconds=31536000 hsts_include_subdomains=onStrict-Transport-Security: max-age=31536000; includeSubDomains
hsts_preload
mc admin config set ALIAS browser hsts_seconds=31536000 hsts_include_subdomains=on hsts_preload=onStrict-Transport-Security: max-age=31536000; includeSubDomains; preload
Referrer Policy
Optional
Configure MinIO Console to generate a Referrer-Policy header
in HTTP responses. Defaults to
strict-origin-when-cross-origin.
Environment Variable
MINIO_BROWSER_REFERRER_POLICY
set MINIO_BROWSER_REFERRER_POLICY="strict-origin-when-cross-origin"Configuration Setting
browser referrer_policy
mc admin config set browser \
referrer_policy="strict-origin-when-cross-origin" \
[ARGUMENT=VALUE ...]Prometheus Settings
The following settings manage how MinIO interacts with your Prometheus service.
Prometheus URL
Optional
Environment Variable
MINIO_PROMETHEUS_URL
Specify the URL for a Prometheus service configured to scrape MinIO metrics <minio-metrics-collect-using-prometheus>.
The MinIO Console populates the Dashboard with cluster metrics using the
minio-job Prometheus scraping job.
If you are using a standalone MinIO Console process, this variable
corresponds with CONSOLE_PROMETHEUS_URL.
Configuration Setting
This setting does not have a configuration variable setting. Use the Environment Variable instead.
Prometheus Job ID
Optional
Environment Variable
MINIO_PROMETHEUS_JOB_ID
Specify the custom Prometheus job ID used for scraping MinIO metrics <minio-metrics-collect-using-prometheus>.
MinIO defaults to minio-job.
If you are using a standalone MinIO Console process, this variable
corresponds with CONSOLE_PROMETHEUS_JOB_ID.
Configuration Setting
This setting does not have a configuration variable setting. Use the Environment Variable instead.
Prometheus Auth Token
Optional
Environment Variable
MINIO_PROMETHEUS_AUTH_TOKEN
Specify the basic auth token <guides/basic-auth/>
the Console should use to connect to a Prometheus service.
For example, a basic auth token you might use could resemble the following:
eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJwcm9tZXRoZXVzIiwic3ViIjoibWluaW8iLCJleHAiOjQ4NTAwMzg0MDJ9.GZCKR3d0FH2TCvNHSd39HaVfSuQVVV0s8glICBDmhT51V6CQ_hw8gTYlKHJmcpR8aHkqiJwCqcYJhaMmqwe00XYIf you are using a standalone MinIO Console process, this variable
corresponds with CONSOLE_PROMETHEUS_AUTH_TOKEN.
Configuration Setting
This setting does not have a configuration variable setting. Use the Environment Variable instead.