What's the right way to configure Nginx for MinIO server running as a docker service

I am just trying to proxy pass from Nginx to Docker Minio service; however, with my current nginx config file, it's not working as expected and keeps loading when I browse any Minio buckets from the Minio console (web interface). Note that the minio server is working fine when it is browsed from local network. The current nginx config file for the minio docker service is as follows:

Nginx config file:

server {
    listen 80;
    listen [::]:80;
    server_name s3.mysite.com;

    location /.well-known/acme-challenge/ {
        root /var/www/certbot;
    }

    location / {
        return 301 https://$host$request_uri;
    }
}

server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_name s3.mysite.com;

    ssl_certificate /etc/letsencrypt/live/s3.mysite.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/s3.mysite.com/privkey.pem;

    # To allow special characters in headers
    ignore_invalid_headers off;
    # Allow any size file to be uploaded.
    # Set to a value such as 1000m; to restrict file size to a specific value
    client_max_body_size 0;
    # To disable buffering
    proxy_buffering off;

    # Proxy requests to the bucket "photos" to MinIO server running on port 9000
    location /blog/ {
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header Host $http_host;

        proxy_connect_timeout 300;
        # Default is HTTP/1, keepalive is only enabled in HTTP/1.1
        proxy_http_version 1.1;
        proxy_set_header Connection "";
        chunked_transfer_encoding off;

        proxy_pass http://minio:9000;
    }

    location / {
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header Host $http_host;

        proxy_connect_timeout 300;
        # Default is HTTP/1, keepalive is only enabled in HTTP/1.1
        proxy_http_version 1.1;
        proxy_set_header Connection "";
        chunked_transfer_encoding off;

        proxy_pass http://minio:9001;
    }
}

Docker compose file:

  minio:
    image: minio/minio
    ports:
        - "9000:9000"
        - "9001:9001"
    volumes:
      - ../s3-bucket:/data
    env_file:
      - config/.env.minio.prod
    command: server /data --console-address :9001

Error from the internet browser:

Firefox can’t establish a connection to the server at wss://s3.mysite.com/ws/objectManager. BrowserHandler.tsx:105:14
Error in websocket connection. Attempting reconnection... BrowserHandler.tsx:140:12
Websocket Disconnected. Attempting Reconnection... BrowserHandler.tsx:132:12
Websocket not available. BrowserHandler.tsx:126:14
Websocket not available.

I think there is something missing in the Nginx config file to reach both ports on Docker service. What I understand port 9001 is used for the console functionallity and port 9000 for data handling. But not sure how to proxy pass to both ports appropriately.

I had a similar requirement to you just a few days ago. Here's what I did

1. Create two A records on my DNS provider minioapi.mypage.com and minioweb.mypage.com for accessing the API and Web console

2. Use a custom nginx.conf file as suggested by the Minio team https://min.io/docs/minio/linux/integrations/setup-nginx-proxy-with-minio.html

3. Deploy both Minio and nginx as docker compose file

For reference, here's my nginx.conf file, which is later mounted into my nginx container

  user www-data;
  worker_processes auto;
  pid /run/nginx.pid;
  events {}
  
  http {
  
  include /etc/nginx/mime.types;
  server_tokens off;
  
  server {
  listen       443 ssl;
  listen  [::]:443 ssl;
  server_name  minioapi.mypage.com;
  ignore_invalid_headers off;
  client_max_body_size 0;
  proxy_buffering off;
  proxy_request_buffering off;
  ssl_certificate           /etc/nginx/ssl/archive/npm-4/fullchain1.pem;
  ssl_certificate_key       /etc/nginx/ssl/archive/npm-4/privkey1.pem;
  ssl_session_cache   shared:SSL:10m;
  ssl_session_timeout 1440m;
  ssl_session_tickets off;
  ssl_protocols TLSv1.2 TLSv1.3;
  ssl_prefer_server_ciphers off;
  ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA";
  
  access_log /dev/stdout;
  error_log /dev/stdout info;
  
  location / {
  proxy_set_header Host $http_host;
  proxy_set_header X-Real-IP $remote_addr;
  proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  proxy_set_header X-Forwarded-Proto $scheme;
  proxy_connect_timeout 300;
  proxy_http_version 1.1;
  proxy_set_header Connection "";
  chunked_transfer_encoding off;
  proxy_pass http://192.168.1.161:9000/;
  }
  }
  
  server {
  listen       443 ssl;
  listen  [::]:443 ssl;
  server_name minioweb.mypage.com;
  ignore_invalid_headers off;
  client_max_body_size 0;
  proxy_buffering off;
  proxy_request_buffering off;
  ssl_certificate           /etc/nginx/ssl/archive/npm-3/fullchain1.pem;
  ssl_certificate_key       /etc/nginx/ssl/archive/npm-3/privkey1.pem;
  ssl_session_cache   shared:SSL:10m;
  ssl_session_timeout 1440m;
  ssl_session_tickets off;
  ssl_protocols TLSv1.2 TLSv1.3;
  ssl_prefer_server_ciphers off;
  ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA";
  access_log /dev/stdout;
  error_log /dev/stdout info;
  location / {
  proxy_set_header Host $http_host;
  proxy_set_header X-Real-IP $remote_addr;
  proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  proxy_set_header X-Forwarded-Proto $scheme;
  proxy_set_header X-NginX-Proxy true;
  real_ip_header X-Real-IP;
  proxy_connect_timeout 300;
  proxy_http_version 1.1;
  proxy_set_header Upgrade $http_upgrade;
  proxy_set_header Connection "upgrade";
  chunked_transfer_encoding off;
  proxy_pass http://192.168.1.161:9090/; 
  }
  }
  
  server {
  listen 80 http2 default_server;
  return 301 https://$host$request_uri;
  }
  
  
  }

here's my docker compose :

---
version: '3.7'
services:
  minio:
    image: quay.io/minio/minio:RELEASE.2023-06-19T19-52-50Z
    container_name : minio
    ports:
      - 9000:9000
      - 9090:9090
      - 8021:8021
    environment:
      MINIO_ROOT_USER: rootuser
      MINIO_ROOT_PASSWORD: rootpassword
    healthcheck:
      test: ["CMD", "curl", "-f", "http://localhost:9000/minio/health/live"]
      interval: 30s
      timeout: 20s
      retries: 3
    volumes:
      - ${HOME}/minio/data:/data
    command: server /data --console-address ":9090"

  nginx-rp:
    container_name: nginx-reverse-proxy
    image: nginx:1.25.1
    volumes:
        - ./conf:/etc/nginx:ro    
    ports:
    - "80:80"
    - "443:443"    
    restart: unless-stopped

You've not configured your nginx proxy to implement websockets.

You need something like....

location /ws/ {
            proxy_pass http://minio:9001;
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection $connection_upgrade;
            proxy_set_header Host $host;
        }