Set CONSOLE_MINIO_SERVER to 127.0.0.1 by default (#15887)

This commit is contained in:
Anis Elleuch 2022-10-21 22:42:28 +01:00 committed by GitHub
parent f6b2e89109
commit 58d776daa0
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 43 additions and 24 deletions

View File

@ -175,7 +175,9 @@ func minioConfigToConsoleFeatures() {
if globalMinioEndpoint != "" { if globalMinioEndpoint != "" {
os.Setenv("CONSOLE_MINIO_SERVER", globalMinioEndpoint) os.Setenv("CONSOLE_MINIO_SERVER", globalMinioEndpoint)
} else { } else {
os.Setenv("CONSOLE_MINIO_SERVER", getAPIEndpoints()[0]) // Explicitly set 127.0.0.1 so Console will automatically bypass TLS verification to the local S3 API.
// This will save users from providing a certificate with IP or FQDN SAN that points to the local host.
os.Setenv("CONSOLE_MINIO_SERVER", fmt.Sprintf("%s://127.0.0.1:%s", getURLScheme(globalIsTLS), globalMinioPort))
} }
if value := env.Get("MINIO_LOG_QUERY_URL", ""); value != "" { if value := env.Get("MINIO_LOG_QUERY_URL", ""); value != "" {
os.Setenv("CONSOLE_LOG_QUERY_URL", value) os.Setenv("CONSOLE_LOG_QUERY_URL", value)

View File

@ -249,7 +249,7 @@ func StartGateway(ctx *cli.Context, gw Gateway) {
getCert = globalTLSCerts.GetCertificate getCert = globalTLSCerts.GetCertificate
} }
httpServer := xhttp.NewServer([]string{globalMinioAddr}). httpServer := xhttp.NewServer(getServerListenAddrs()).
UseHandler(setCriticalErrorHandler(corsHandler(router))). UseHandler(setCriticalErrorHandler(corsHandler(router))).
UseTLSConfig(newTLSConfig(getCert)). UseTLSConfig(newTLSConfig(getCert)).
UseShutdownTimeout(ctx.Duration("shutdown-timeout")). UseShutdownTimeout(ctx.Duration("shutdown-timeout")).

View File

@ -44,9 +44,8 @@ func mustSplitHostPort(hostPort string) (host, port string) {
return xh.Name, xh.Port.String() return xh.Name, xh.Port.String()
} }
// mustGetLocalIP4 returns IPv4 addresses of localhost. It panics on error. // mustGetLocalIPs returns IPs of local interface
func mustGetLocalIP4() (ipList set.StringSet) { func mustGetLocalIPs() (ipList []net.IP) {
ipList = set.NewStringSet()
ifs, err := net.Interfaces() ifs, err := net.Interfaces()
logger.FatalIf(err, "Unable to get IP addresses of this host") logger.FatalIf(err, "Unable to get IP addresses of this host")
@ -68,36 +67,33 @@ func mustGetLocalIP4() (ipList set.StringSet) {
ip = v.IP ip = v.IP
} }
if ip.To4() != nil { ipList = append(ipList, ip)
ipList.Add(ip.String())
}
} }
} }
return ipList return ipList
} }
// mustGetLocalIP4 returns IPv4 addresses of localhost. It panics on error.
func mustGetLocalIP4() (ipList set.StringSet) {
ipList = set.NewStringSet()
for _, ip := range mustGetLocalIPs() {
if ip.To4() != nil {
ipList.Add(ip.String())
}
}
return
}
// mustGetLocalIP6 returns IPv6 addresses of localhost. It panics on error. // mustGetLocalIP6 returns IPv6 addresses of localhost. It panics on error.
func mustGetLocalIP6() (ipList set.StringSet) { func mustGetLocalIP6() (ipList set.StringSet) {
ipList = set.NewStringSet() ipList = set.NewStringSet()
addrs, err := net.InterfaceAddrs() for _, ip := range mustGetLocalIPs() {
logger.FatalIf(err, "Unable to get IP addresses of this host")
for _, addr := range addrs {
var ip net.IP
switch v := addr.(type) {
case *net.IPNet:
ip = v.IP
case *net.IPAddr:
ip = v.IP
}
if ip.To4() == nil { if ip.To4() == nil {
ipList.Add(ip.String()) ipList.Add(ip.String())
} }
} }
return
return ipList
} }
// getHostIP returns IP address of given host. // getHostIP returns IP address of given host.

View File

@ -25,6 +25,7 @@ import (
"io" "io"
"log" "log"
"math/rand" "math/rand"
"net"
"os" "os"
"os/signal" "os/signal"
"runtime" "runtime"
@ -36,6 +37,7 @@ import (
"github.com/minio/cli" "github.com/minio/cli"
"github.com/minio/minio-go/v7" "github.com/minio/minio-go/v7"
"github.com/minio/minio-go/v7/pkg/credentials" "github.com/minio/minio-go/v7/pkg/credentials"
"github.com/minio/minio-go/v7/pkg/set"
"github.com/minio/minio/internal/auth" "github.com/minio/minio/internal/auth"
"github.com/minio/minio/internal/bucket/bandwidth" "github.com/minio/minio/internal/bucket/bandwidth"
"github.com/minio/minio/internal/color" "github.com/minio/minio/internal/color"
@ -418,6 +420,24 @@ func initConfigSubsystem(ctx context.Context, newObject ObjectLayer) error {
return nil return nil
} }
// Return the list of address that MinIO server needs to listen on:
// - Returning 127.0.0.1 is necessary so Console will be able to send
// requests to the local S3 API.
// - The returned List needs to be deduplicated as well.
func getServerListenAddrs() []string {
// Use a string set to avoid duplication
addrs := set.NewStringSet()
// Listen on local interface to receive requests from Console
for _, ip := range mustGetLocalIPs() {
if ip != nil && ip.IsLoopback() {
addrs.Add(net.JoinHostPort(ip.String(), globalMinioPort))
}
}
// Add the interface specified by the user
addrs.Add(globalMinioAddr)
return addrs.ToSlice()
}
// serverMain handler called for 'minio server' command. // serverMain handler called for 'minio server' command.
func serverMain(ctx *cli.Context) { func serverMain(ctx *cli.Context) {
signal.Notify(globalOSSignalCh, os.Interrupt, syscall.SIGTERM, syscall.SIGQUIT) signal.Notify(globalOSSignalCh, os.Interrupt, syscall.SIGTERM, syscall.SIGQUIT)
@ -500,7 +520,7 @@ func serverMain(ctx *cli.Context) {
getCert = globalTLSCerts.GetCertificate getCert = globalTLSCerts.GetCertificate
} }
httpServer := xhttp.NewServer([]string{globalMinioAddr}). httpServer := xhttp.NewServer(getServerListenAddrs()).
UseHandler(setCriticalErrorHandler(corsHandler(handler))). UseHandler(setCriticalErrorHandler(corsHandler(handler))).
UseTLSConfig(newTLSConfig(getCert)). UseTLSConfig(newTLSConfig(getCert)).
UseShutdownTimeout(ctx.Duration("shutdown-timeout")). UseShutdownTimeout(ctx.Duration("shutdown-timeout")).

View File

@ -75,7 +75,8 @@ func handleSignals() {
for { for {
select { select {
case <-globalHTTPServerErrorCh: case err := <-globalHTTPServerErrorCh:
logger.LogIf(context.Background(), err)
exit(stopProcess()) exit(stopProcess())
case osSignal := <-globalOSSignalCh: case osSignal := <-globalOSSignalCh:
if !globalIsGateway { if !globalIsGateway {