I'm using minio in Kubernetes and it works great. However, I can't seem to to change the domain and protocol for a pre-signed URL. Minio keeps giving me http://minio.test.svc:9000/delivery/ where as I want https://example.com/delivery. I've tried setting MINIO_DOMIN in the pod but it seems to have not effect; I think I'm misusing this var anyway.
How do I set the minio domain for pre-signed URLs?
Asked Answered
It all depends on how you create your Minio client instance. Specifying host and port as below will make Minio resolve your domain to IP address and use IP rather than the domain. Sample JavaScript code:
import { Client as MinioClient } from 'minio';
const client = new MinioClient(
endPoint: 'yourdomain.com',
port: 9000,
accessKey: process.env.MINIO_ACCESS_KEY,
secretKey: process.env.MINIO_SECRET_KEY,
useSSL: false
);
If you create your minio instance like above, your domain will be resolved to it's corresponding IP address, and thus minio will work with http://x.x.x.x:9000 as opposed to https://yourdomain.com
Also to note, if your client is configured as above, trying to use useSSL: true will throw SSL error as below
write EPROTO 140331355002752:error:1408F10B:SSL routines:ssl3_get_record:wrong
version number:../deps/openssl/openssl/ssl/record/ssl3_record.c:332
For minio to use your domain as https://yourdomain.com, you need to have a web server like nginx to proxy your requests to your minio server. Minio has documented how you can achieve this here. Add SSL to your domain as documented here then proceed to create your minio client as below:
import { Client as MinioClient } from 'minio';
const client = new MinioClient(
endPoint: 'yourdomain.com',
port: 443,
accessKey: process.env.MINIO_ACCESS_KEY,
secretKey: process.env.MINIO_SECRET_KEY,
useSSL: true
);
Note the change in port and useSSL parameters.
Minio will now use https://yourdomain.com in all cases. Signed urls will also be https.
I think OP is having the same issue as me which is that within the Kube cluster only
http://minio.test.svc:9000/delivery/ is reachable but https://example.com/delivery is not. I personally tried to use the hostNetwork and dnsPolicy kube configurations which didn't seem to work. It would be great if minio allowed you to sign host URLs not from where you connected it from –
Catchup @MathisHard were you able to find a solution to that? –
Syrup
@Syrup yeah I did. I use NGINX and kubernetes to change the HOST header coming into the cluster for minio. Note this means if you have another service in the same cluster as your minio instance, it will have to manage the public and private URLs to minio Here is the link to the solution I had #64815729 –
Catchup
I bashed my head on this problem for a couple of days and managed to resolve it with NGINX in my Kubernetes cluster.
NGINX controller Kubernetes: need to change Host header within ingress
You use the ingress annotations to change the Host header of all incoming traffic to your Minio ingress so that it will always be the same Host name.
© 2022 - 2024 — McMap. All rights reserved.
presignedGetObjectwhich returns a signed URL much like S3. – TwittpresignedGetObjectis aheadersobject whosehostproperty will be used to set the host for the presigned URL, so you could make that be "example.com"... – Gregarioushttps://minio.test.svc:9000instead ofhttp://minio.test.svc:9000that might make the protocol be what you want. If you try those two things, does it work? – Gregarious