Minio console not accessible behind nginx reverse proxy
I am trying to redirect a example.com/minio location to minio console, which is run behind a nginx proxy both run by a docker compose file. My problem is that, when I'm trying to reverse proxy the minio endpoint to a path, like /minio it does not work, but when I run the minio reverse proxy on root path in the nginx reverse proxy, it works. I seriously cannot findout what the problem might be.
This is my compose file:
services:
nginx:
container_name: nginx
image: nginx
restart: unless-stopped
ports:
- 80:80
- 443:443
volumes:
- ./nginx.conf:/etc/nginx/conf.d/default.conf
- ./log/nginx:/var/log/nginx/
minio:
image: minio/minio
container_name: minio
volumes:
- ./data/minio/:/data
command: server /data --address ':9000' --console-address ':9001'
environment:
MINIO_ROOT_USER: minio_admin
MINIO_ROOT_PASSWORD: minio_123456
ports:
- 9000
- 9001
restart: always
logging:
driver: "json-file"
options:
max-file: "10"
max-size: 20m
healthcheck:
test: ["CMD", "curl", "-f", "http://127.0.0.1:9000/minio/health/live"]
interval: 30s
timeout: 20s
retries: 3
My nginx configuration is like this:
server {
listen 80;
server_name example.com;
# To allow special characters in headers
ignore_invalid_headers off;
# Allow any size file to be uploaded.
# Set to a value such as 1000m; to restrict file size to a specific value
client_max_body_size 0;
# To disable buffering
proxy_buffering off;
access_log /var/log/nginx/service-access.log;
error_log /var/log/nginx/service-error.log debug;
location / {
return 200 "salam";
default_type text/plain;
}
location /minio {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;
proxy_connect_timeout 300;
# Default is HTTP/1, keepalive is only enabled in HTTP/1.1
proxy_http_version 1.1;
proxy_set_header Connection "";
chunked_transfer_encoding off;
proxy_pass http://minio:9001;
}
}
The picture I'm seeing of minio console at the domain is this:
And the response of curling the endpoint ($ curl -k http://example.com/minio):
<null>
<html lang="en">
<head>
<meta charset="utf-8" />
<base href="/" />
<meta content="width=device-width,initial-scale=1" name="viewport" />
<meta content="#081C42" media="(prefers-color-scheme: light)" name="theme-color" />
<meta content="#081C42" media="(prefers-color-scheme: dark)" name="theme-color" />
<meta content="MinIO Console" name="description" />
<link href="./styles/root-styles.css" rel="stylesheet" />
<link href="./apple-icon-180x180.png" rel="apple-touch-icon" sizes="180x180" />
<link href="./favicon-32x32.png" rel="icon" sizes="32x32" type="image/png" />
<link href="./favicon-96x96.png" rel="icon" sizes="96x96" type="image/png" />
<link href="./favicon-16x16.png" rel="icon" sizes="16x16" type="image/png" />
<link href="./manifest.json" rel="manifest" />
<link color="#3a4e54" href="./safari-pinned-tab.svg" rel="mask-icon" />
<title>MinIO Console</title>
<script defer="defer" src="./static/js/main.eec275cb.js"></script>
<link href="./static/css/main.90d417ae.css" rel="stylesheet">
</head>
<body>
<noscript>You need to enable JavaScript to run this app.</noscript>
<div id="root">
<div id="preload">
<img src="./images/background.svg" />
<img src="./images/background-wave-orig2.svg" />
</div>
<div id="loader-block">
<img src="./Loader.svg" />
</div>
</div>
</body>
</html>
%
Solution
I also struggled with this for a long time and was finally able to resolve it.
As far as I can tell, the key changes to make this work for me where:
- Manually specifying a
rewritedirective (instead of relying on the Nginx proxy_pass+URI behaviour which didn't seem to work for me). - Setting the
resolverdirective with short timeouts (so that rescheduling of services onto other nodes gets resolved). - Setting
$upstreamto prevent DNS caching.
I had to change your setup a little bit so that now the Minio S3 API is served behind minio.example.com while the UI Web Console is accessible at minio.example.com/console/.
I have edited your config files below:
docker-compose.yml:
services:
nginx:
container_name: nginx
image: nginx
restart: unless-stopped
ports:
- 80:80
- 443:443
volumes:
- ./nginx.conf:/etc/nginx/conf.d/default.conf
- ./log/nginx:/var/log/nginx/
minio:
image: minio/minio
container_name: minio
volumes:
- ./data/minio/:/data
command: server /data --address ':9000' --console-address ':9001'
environment:
MINIO_SERVER_URL: "http://minio.example.com/"
MINIO_BROWSER_REDIRECT_URL: "http://minio.example.com/console/"
MINIO_ROOT_USER: minio_admin
MINIO_ROOT_PASSWORD: minio_123456
ports:
- 9000
- 9001
restart: always
logging:
driver: "json-file"
options:
max-file: "10"
max-size: 20m
healthcheck:
test: ["CMD", "curl", "-f", "http://127.0.0.1:9000/minio/health/live"]
interval: 30s
timeout: 20s
retries: 3
nginx.conf:
server {
listen 80;
server_name minio.example.com;
# To allow special characters in headers
ignore_invalid_headers off;
# Allow any size file to be uploaded.
# Set to a value such as 1000m; to restrict file size to a specific value
client_max_body_size 0;
# To disable buffering
proxy_buffering off;
access_log /var/log/nginx/service-access.log;
error_log /var/log/nginx/service-error.log debug;
# Use Docker DNS
# You might not need this section but in case you need to resolve
# docker service names inside the container then this can be useful.
resolver 127.0.0.11 valid=10s;
resolver_timeout 5s;
# Apparently the following line might prevent caching of DNS lookups
# and force nginx to resolve the name on each request via the internal
# Docker DNS.
set $upstream "minio";
# Minio Console (UI)
location /console/ {
# This was really the key for me. Even though the Nginx docs say
# that with a URI part in the `proxy_pass` directive, the `/console/`
# URI should automatically be rewritten, this wasn't working for me.
rewrite ^/console/(.*)$ /$1 break;
proxy_pass http://$upstream:9001;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;
proxy_connect_timeout 300;
# To support websocket
# Default is HTTP/1, keepalive is only enabled in HTTP/1.1
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
chunked_transfer_encoding off;
}
# Proxy requests to the Minio API on port 9000
location / {
proxy_pass http://$upstream:9000;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;
proxy_connect_timeout 300;
# To support websocket
# Default is HTTP/1, keepalive is only enabled in HTTP/1.1
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
chunked_transfer_encoding off;
}
}
HTH!
- Unable to pull images no such host on Windows
- Check if clickhouse is healthy docker-compose
- Docker Compose, Rails and Webpacker not perserving node_modules
- Need to use docker-compose to build but but not run
- Docker Error: Jupyter Notebook container is not running after successful build
- error during connect: This error may indicate that the docker daemon is not running
- Google Jib throws UnknownManifestFormatException: Unknown mediaType: application/vnd.oci.image.index.v1+json when building the application
- AWS ECS exec /usr/local/bin/docker-entrypoint.sh: exec format error
- Docker: Running nano in docker container
- Error building nextjs app on docker but not locally
- Tekton error , how to fix: Error executing command: fork/exec /tekton/scripts/script-2-m6dkb
- php_network_getaddresses: getaddrinfo failed error in Docker's adminer
- "update-locale: Error: invalid locale settings" when using a Dockerfile
- JVM -XX:MaxRAMPercentage not being applied in container
- docker-compose up not recreate container
- How can I find a Docker image with a specific tag in Docker registry on the Docker command line?
- Pass environment variables from docker-compose to container at build stage
- denied: requested access to the resource is denied when pushing image to gitlab registry
- How to use a devcontainer in vscode.dev?
- Unable to connect to mongodb database on docker container with nestJs
- Gitlab doesn't loads new ssl cert and key
- How to diagnose "docker: invalid reference format" when calling "docker run"?
- Azure Container Instance does not respond with dns name on browser
- Auto-generate OpenFGA json model when saving .fga DSL file
- KASM Stand Alone Service inaccessble behind Nginx: Websocket error or invalid HTTP version
- how to run NiFi-toolkit docker image
- How to check if a Docker image with a specific tag exist on registry?
- Can we mount sub-directories of a named volume in docker?
- AWS InvalidSignatureException, Signature expired when running from docker container
- No such host CI, docker