diff --git a/README.md b/README.md index 5530eefef..cb519e6b1 100644 --- a/README.md +++ b/README.md @@ -216,6 +216,11 @@ For deployments behind a load balancer, proxy, or ingress rule where the MinIO h For example, consider a MinIO deployment behind a proxy `https://minio.example.net`, `https://console.minio.example.net` with rules for forwarding traffic on port :9000 and :9001 to MinIO and the MinIO Console respectively on the internal network. Set `MINIO_BROWSER_REDIRECT_URL` to `https://console.minio.example.net` to ensure the browser receives a valid reachable URL. +Similarly, if your TLS certificates do not have the IP SAN for the MinIO server host, the MinIO Console may fail to validate the connection to the server. Use the `MINIO_SERVER_URL` environment variable and specify the proxy-accessible hostname of the MinIO server to allow the Console to use the MinIO server API using the TLS certificate. + +For example: `export MINIO_SERVER_URL="https://minio.example.net"` + + | Dashboard | Creating a bucket | | ------------- | ------------- | | ![Dashboard](https://github.com/minio/minio/blob/master/docs/screenshots/pic1.png?raw=true) | ![Dashboard](https://github.com/minio/minio/blob/master/docs/screenshots/pic2.png?raw=true) | diff --git a/cmd/common-main.go b/cmd/common-main.go index f38308211..09a827787 100644 --- a/cmd/common-main.go +++ b/cmd/common-main.go @@ -111,7 +111,10 @@ const consolePrefix = "CONSOLE_" func minioConfigToConsoleFeatures() { os.Setenv("CONSOLE_PBKDF_SALT", globalDeploymentID) os.Setenv("CONSOLE_PBKDF_PASSPHRASE", globalDeploymentID) - os.Setenv("CONSOLE_MINIO_SERVER", getAPIEndpoints()[0]) + if globalMinioEndpoint == "" { + logger.Fatal(errInvalidArgument, "Unable to start console service MinIO Endpoint is empty") + } + os.Setenv("CONSOLE_MINIO_SERVER", globalMinioEndpoint) if value := env.Get("MINIO_LOG_QUERY_URL", ""); value != "" { os.Setenv("CONSOLE_LOG_QUERY_URL", value) if value := env.Get("MINIO_LOG_QUERY_AUTH_TOKEN", ""); value != "" { @@ -409,6 +412,22 @@ func handleCommonEnvVars() { } } + if serverURL := env.Get(config.EnvMinIOServerURL, globalEndpoints.Localhost()); serverURL != "" { + u, err := xnet.ParseHTTPURL(serverURL) + if err != nil { + logger.Fatal(err, "Invalid MINIO_SERVER_URL value in environment variable") + } + // Look for if URL has invalid values and return error. + if !((u.Scheme == "http" || u.Scheme == "https") && + (u.Path == "/" || u.Path == "") && u.Opaque == "" && + !u.ForceQuery && u.RawQuery == "" && u.Fragment == "") { + err := fmt.Errorf("URL contains unexpected resources, expected URL to be of http(s)://minio.example.com format: %v", u) + logger.Fatal(err, "Invalid MINIO_SERVER_URL value is environment variable") + } + u.Path = "" // remove any path component such as `/` + globalMinioEndpoint = u.String() + } + globalFSOSync, err = config.ParseBool(env.Get(config.EnvFSOSync, config.EnableOff)) if err != nil { logger.Fatal(config.ErrInvalidFSOSyncValue(err), "Invalid MINIO_FS_OSYNC value in environment variable") diff --git a/cmd/endpoint.go b/cmd/endpoint.go index d49549162..9cc6262dc 100644 --- a/cmd/endpoint.go +++ b/cmd/endpoint.go @@ -245,7 +245,7 @@ func (l *EndpointServerPools) Add(zeps PoolEndpoints) error { func (l EndpointServerPools) Localhost() string { for _, ep := range l { for _, endpoint := range ep.Endpoints { - if endpoint.IsLocal { + if endpoint.IsLocal && endpoint.Host != "" { u := &url.URL{ Scheme: endpoint.Scheme, Host: endpoint.Host, @@ -254,7 +254,11 @@ func (l EndpointServerPools) Localhost() string { } } } - return "" + host := globalMinioHost + if host == "" { + host = sortIPs(localIP4.ToSlice())[0] + } + return fmt.Sprintf("%s://%s", getURLScheme(globalIsTLS), net.JoinHostPort(host, globalMinioPort)) } // LocalDisksPaths returns the disk paths of the local disks diff --git a/cmd/gateway-main.go b/cmd/gateway-main.go index 6e54c0860..1089a12ea 100644 --- a/cmd/gateway-main.go +++ b/cmd/gateway-main.go @@ -209,14 +209,6 @@ func StartGateway(ctx *cli.Context, gw Gateway) { // To avoid this error situation we check for port availability. logger.FatalIf(checkPortAvailability(globalMinioHost, globalMinioPort), "Unable to start the gateway") - globalMinioEndpoint = func() string { - host := globalMinioHost - if host == "" { - host = sortIPs(localIP4.ToSlice())[0] - } - return fmt.Sprintf("%s://%s", getURLScheme(globalIsTLS), net.JoinHostPort(host, globalMinioPort)) - }() - // Handle gateway specific env gatewayHandleEnvVars() diff --git a/cmd/server-main.go b/cmd/server-main.go index 0de6868e1..f56429d84 100644 --- a/cmd/server-main.go +++ b/cmd/server-main.go @@ -459,14 +459,6 @@ func serverMain(ctx *cli.Context) { // Initialize all sub-systems newAllSubsystems() - globalMinioEndpoint = func() string { - host := globalMinioHost - if host == "" { - host = sortIPs(localIP4.ToSlice())[0] - } - return fmt.Sprintf("%s://%s", getURLScheme(globalIsTLS), net.JoinHostPort(host, globalMinioPort)) - }() - // Is distributed setup, error out if no certificates are found for HTTPS endpoints. if globalIsDistErasure { if globalEndpoints.HTTPS() && !globalIsTLS { diff --git a/internal/config/constants.go b/internal/config/constants.go index a22cffb40..a58ec329e 100644 --- a/internal/config/constants.go +++ b/internal/config/constants.go @@ -37,6 +37,7 @@ const ( EnvArgs = "MINIO_ARGS" EnvDNSWebhook = "MINIO_DNS_WEBHOOK_ENDPOINT" + EnvMinIOServerURL = "MINIO_SERVER_URL" EnvMinIOBrowserRedirectURL = "MINIO_BROWSER_REDIRECT_URL" EnvRootDiskThresholdSize = "MINIO_ROOTDISK_THRESHOLD_SIZE"