Score:2

Server

configure minio in docker to use https

Felix D.

9/20/23, 12:13 PM

This is my docker-compose.yml:

version: '3.7'

services:
  minio:
    image: minio/minio
    command: server -C /etc/minio --address ":9000" --console-address ":9001" /data
    ports:
      - "9000:9000"
      - "9001:9001"
    environment:
      MINIO_ROOT_USER: minioadmin
      MINIO_ROOT_PASSWORD: minioadmin
    volumes:
      - minio:/data
      - /etc/minio:/root/.minio/
      - /etc/minio:/etc/minio/
      
volumes:
  minio:

ls -l /etc/minio/:

drwx------ 2 root root 4096 May 20 11:43 CAs
lrwxrwxrwx 1 root root   59 May 20 11:45 private.key -> /etc/letsencrypt/live/mydomain.com/privkey.pem
lrwxrwxrwx 1 root root   61 May 20 11:44 public.crt -> /etc/letsencrypt/live/mydomain.com/fullchain.pem

accessing via http works but https does not. I have no clue, what is wrong. Sadly the logs don't show anything and the docs are also not helping.

118

0 + 0

docker

docker-compose

minio

Score:4

Server

Gerald Schneider

9/20/23, 12:25 PM

The symlinks private.key and public.crt can't be resolved because the targets don't exist inside the container.

The easiest way would be to mount /etc/letsencrypt inside the container as well.

Keep in mind that you need to restart the container (or at least reload the minio process inside the container) after every certificate renewal.

0 + 0

Felix D.

9/20/23, 12:30 PM

great, that seems to have been the issue. now i gotta figure this out: `Unable to load the TLS configuration: Could not read PEM block from file /etc/minio/certs/public.crt`. any idea :( ?

Gerald Schneider

9/20/23, 12:30 PM

That would be a topic for a new question.

Gerald Schneider

9/20/23, 12:32 PM

My first guess would be a wrong path in the minio config (`/etc/minio/certs/public.crt` vs `/etc/minio/public.crt`)

Felix D.

9/20/23, 12:36 PM

figured it out. it did not like that i linked the `fullchain.pem` and rather expected `/etc/letsencrypt/live/mydomain.com/cert.pem`

Score:0

Server

Artak Khachatryan

6/4/24, 1:38 PM

docker_compose.yml


networks:
  app-tier:
    driver: bridge


services:
  minio:
    image: minio/minio
    ports:
      - "9000:9000"
      - "9001:9001"
    networks:
      - app-tier
    volumes:
      - /data/minio:/data
    environment:
      MINIO_ROOT_USER: minioadmin
      MINIO_ROOT_PASSWORD: minioadmin
    command: server --console-address ":9001" /data
  nginx:
    image: nginx:latest
    container_name: 'nginx'
    hostname: 'nginx'
    ports:
      - "8443:8443" 
      - "8444:8444" 
    environment:
      - "VIRTUAL_HOST=minio.example.com"
      - "VIRTUAL_PORT=8443"
    networks:
      - app-tier
    volumes:
      - ./conf/app.conf:/etc/nginx/conf.d/default.conf:ro"
      - '/etc/letsencrypt/live/:/etc/letsencrypt/live/'
      - '/etc/letsencrypt/archive/:/etc/letsencrypt/archive/'
volumes:
  minio_storage: {}

app.conf should be placed in conf folder

upstream minio {
  server minio:9001;
  keepalive 15;
}
upstream minio_api {
  server minio:9000;
  keepalive 15;
}
server {
  listen 8443 ssl;
  server_name minio.example.com;
  ssl_certificate /etc/letsencrypt/live/minio.example.com/fullchain.pem;
  ssl_certificate_key /etc/letsencrypt/live/minio.example.com/privkey.pem;
  resolver 8.8.8.8;
  location / {
    proxy_pass http://minio;
    proxy_redirect off;
    proxy_buffering off;
    proxy_http_version 1.1;
    proxy_set_header Connection "Keep-Alive";
    proxy_set_header Proxy-Connection "Keep-Alive";
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";

    chunked_transfer_encoding off;

    proxy_set_header Host $http_host;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;

  }
}
server {
  listen 8444 ssl;
  server_name minio.example.com;
  ssl_certificate /etc/letsencrypt/live/minio.example.com/fullchain.pem;
  ssl_certificate_key /etc/letsencrypt/live/minio.example.com/privkey.pem;
  resolver 8.8.8.8;
  location / {
    proxy_pass http://minio_api;
    proxy_redirect off;
    proxy_buffering off;
    proxy_http_version 1.1;
    proxy_set_header Connection "Keep-Alive";
    proxy_set_header Proxy-Connection "Keep-Alive";
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";

    chunked_transfer_encoding off;

    proxy_set_header Host $http_host;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;

  }

}

Check the permissions for /etc/letsencrypt folder because the containers are running under non privileged user

+ 0

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: configure minio in docker to use https

TH: กำหนดค่า minio ใน docker เพื่อใช้ https

RO: configurați minio în docker pentru a utiliza https

RU: настроить minio в докере для использования https

VI: định cấu hình minio trong docker để sử dụng https

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.