mirror of
https://github.com/minio/minio.git
synced 2024-12-24 06:05:55 -05:00
fix: allow customizing console redirection (#12665)
MinIO might be running inside proxies, and console while being on another port might not be reachable on a specific port behind such proxies. For such scenarios customize the redirect URL such that console can be redirected to correct proxy endpoint instead. fixes #12661
This commit is contained in:
parent
c8cf4c5eb8
commit
da0fd5f056
@ -206,6 +206,13 @@ MinIO Server comes with an embedded web based object browser. Point your web bro
|
||||
|
||||
> NOTE: MinIO runs console on random port by default if you wish choose a specific port use `--console-address` to pick a specific interface and port.
|
||||
|
||||
### Things to consider
|
||||
MinIO redirects browser access requests to the configured server port (i.e. `127.0.0.1:9000`) to the configured Console port. MinIO uses the hostname or IP address specified in the request when building the redirect URI. The URL and port *must* be accessible by the client for the redirection to work
|
||||
|
||||
For deployments behind a load balancer, proxy, or ingress rule where the MinIO host IP address or port is not public, use the `MINIO_BROWSER_REDIRECT_URI` environment variable to specify the external hostname for the redirect. The LB/Proxy must have rules for directing traffic to the Console port specifically.
|
||||
|
||||
For example, consider a MinIO deployment behind a proxy `https://minio.example.net`, `https://console.minio.example.net` with rules for forwarding traffic on port :9000 and :9001 to MinIO and the MinIO Console respectively on the internal network. Set `MINIO_BROWSER_REDIRECT_URL` to `https://console.minio.example.net` to ensure the browser receives a valid reachable URL.
|
||||
|
||||
| Dashboard | Creating a bucket |
|
||||
| ------------- | ------------- |
|
||||
| ![Dashboard](https://github.com/minio/minio/blob/master/docs/screenshots/pic1.png?raw=true) | ![Dashboard](https://github.com/minio/minio/blob/master/docs/screenshots/pic2.png?raw=true) |
|
||||
|
@ -415,6 +415,22 @@ func handleCommonEnvVars() {
|
||||
if err != nil {
|
||||
logger.Fatal(config.ErrInvalidBrowserValue(err), "Invalid MINIO_BROWSER value in environment variable")
|
||||
}
|
||||
if globalBrowserEnabled {
|
||||
if redirectURL := env.Get(config.EnvMinIOBrowserRedirectURL, ""); redirectURL != "" {
|
||||
u, err := xnet.ParseHTTPURL(redirectURL)
|
||||
if err != nil {
|
||||
logger.Fatal(err, "Invalid MINIO_BROWSER_REDIRECT value in environment variable")
|
||||
}
|
||||
// Look for if URL has invalid values and return error.
|
||||
if !((u.Scheme == "http" || u.Scheme == "https") &&
|
||||
(u.Path == "/" || u.Path == "") && u.Opaque == "" &&
|
||||
!u.ForceQuery && u.RawQuery == "" && u.Fragment == "") {
|
||||
err := fmt.Errorf("URL contains unexpected resources, expected URL to be of http(s)://minio.example.com format: %v", u)
|
||||
logger.Fatal(err, "Invalid MINIO_BROWSER_REDIRECT value is environment variable")
|
||||
}
|
||||
globalBrowserRedirectURL = u
|
||||
}
|
||||
}
|
||||
|
||||
globalFSOSync, err = config.ParseBool(env.Get(config.EnvFSOSync, config.EnableOff))
|
||||
if err != nil {
|
||||
|
@ -21,13 +21,13 @@ import (
|
||||
"context"
|
||||
"net"
|
||||
"net/http"
|
||||
"net/url"
|
||||
"path"
|
||||
"strings"
|
||||
"sync/atomic"
|
||||
"time"
|
||||
|
||||
"github.com/minio/minio-go/v7/pkg/set"
|
||||
xnet "github.com/minio/pkg/net"
|
||||
|
||||
humanize "github.com/dustin/go-humanize"
|
||||
"github.com/minio/minio/internal/config/dns"
|
||||
@ -183,7 +183,7 @@ func shouldProxy() bool {
|
||||
// redirectable, this is purely internal function and
|
||||
// serves only limited purpose on redirect-handler for
|
||||
// browser requests.
|
||||
func getRedirectLocation(r *http.Request) *url.URL {
|
||||
func getRedirectLocation(r *http.Request) *xnet.URL {
|
||||
resource, err := getResource(r.URL.Path, r.Host, globalDomainNames)
|
||||
if err != nil {
|
||||
return nil
|
||||
@ -197,11 +197,14 @@ func getRedirectLocation(r *http.Request) *url.URL {
|
||||
} {
|
||||
bucket, _ := path2BucketObject(resource)
|
||||
if path.Clean(bucket) == prefix || resource == slashSeparator {
|
||||
if globalBrowserRedirectURL != nil {
|
||||
return globalBrowserRedirectURL
|
||||
}
|
||||
hostname, _, _ := net.SplitHostPort(r.Host)
|
||||
if hostname == "" {
|
||||
hostname = r.Host
|
||||
}
|
||||
return &url.URL{
|
||||
return &xnet.URL{
|
||||
Host: net.JoinHostPort(hostname, globalMinioConsolePort),
|
||||
Scheme: func() string {
|
||||
scheme := "http"
|
||||
|
@ -45,6 +45,7 @@ import (
|
||||
"github.com/minio/minio/internal/event"
|
||||
"github.com/minio/minio/internal/pubsub"
|
||||
"github.com/minio/pkg/certs"
|
||||
xnet "github.com/minio/pkg/net"
|
||||
)
|
||||
|
||||
// minio configuration related constants.
|
||||
@ -137,6 +138,10 @@ var (
|
||||
// This flag is set to 'true' by default
|
||||
globalBrowserEnabled = true
|
||||
|
||||
// Custom browser redirect URL, not set by default
|
||||
// and it is automatically deduced.
|
||||
globalBrowserRedirectURL *xnet.URL
|
||||
|
||||
// This flag is set to 'true' when MINIO_UPDATE env is set to 'off'. Default is false.
|
||||
globalInplaceUpdateDisabled = false
|
||||
|
||||
|
@ -37,7 +37,8 @@ const (
|
||||
EnvArgs = "MINIO_ARGS"
|
||||
EnvDNSWebhook = "MINIO_DNS_WEBHOOK_ENDPOINT"
|
||||
|
||||
EnvRootDiskThresholdSize = "MINIO_ROOTDISK_THRESHOLD_SIZE"
|
||||
EnvMinIOBrowserRedirectURL = "MINIO_BROWSER_REDIRECT_URL"
|
||||
EnvRootDiskThresholdSize = "MINIO_ROOTDISK_THRESHOLD_SIZE"
|
||||
|
||||
EnvUpdate = "MINIO_UPDATE"
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user