记一次Docker部署Minio并通过Nginx Proxy Manager反向代理

部署Minio 博主是通过docker-compose部署Minio的,并且配置了自签证书,用于Minio Console和Minio API之间通信。 通过docker-compose部署Minio 博主是通过docker-compose部署的Minio,docker-compose的yaml文件

部署Minio

博主是通过docker-compose部署Minio的,并且配置了自签证书,用于Minio Console和Minio API之间通信。

通过docker-compose部署Minio

博主是通过docker-compose部署的Minio,docker-compose的yaml文件如下,可参考。

services:
  minio:
    image: 'minio/minio'
    restart: always
    ports:
      - '39001:9001'
      - '39000:9443'
    extra_hosts:
      - minio.example.com:127.0.0.1
      - minio-console.example.com:127.0.0.1
    volumes:
      - /minio/data:/mnt/data
      - /minio/config:/root/.minio
    environment:
      - MINIO_ROOT_USER=your-username
      - MINIO_ROOT_PASSWORD=your-password
      - MINIO_SERVER_URL=https://minio.example.com:9443
      - MINIO_BROWSER_REDIRECT_URL=https://minio-console.example.com:9443
    command: server /mnt/data --console-address ":9001" --address ":9443"

部署自签证书

由于MINIO_SERVER_URL这个环境变量博主指定使用了HTTPS协议,所以这里还需要部署自签证书。

自签证书签发

博主通过openssl签发自签证书,命令如下,可参考。

openssl genrsa -out private.key 2048
openssl req -new -x509 -days 3650 -key private.key -out public.crt -subj "/CN=minio.example.com"

部署自签发证书

将上一步生成的private.keypublic.crt复制到/minio/config/

cp /tmp/private.key /tmp/public.crt /minio/config/

部署Nginx Proxy Manager

博主是通过docker-compose部署的Nginx Proxy Manager,yaml文件如下,可参考。

services:
  app:
    image: 'jc21/nginx-proxy-manager:2.12.1'
    restart: always
    environment:
    - PUID=1000
    - PGID=1000
    - TZ=Asia/Shanghai
    ports:
      - '30021:80'
      - '30022:443'
      - '30020:81'
    volumes:
      - /nginx-proxy-manager/data:/data
      - /nginx-proxy-manager/certs:/etc/letsencrypt

通过Nginx Proxy Manager反向代理Minio Console

Details选项卡

Custom locations选项卡

对应的指令如下

proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-NginX-Proxy true;
real_ip_header X-Real-IP;
proxy_connect_timeout 300;
chunked_transfer_encoding off;
proxy_set_header authorization $http_authorization;
proxy_set_header Origin "";

Advanced选项卡

根据官方配置,这一部分是需要添加的。

ignore_invalid_headers off;
client_max_body_size 0;
proxy_buffering off;
proxy_request_buffering off;

通过Nginx Proxy Manager反向代理Minio API

这个部分至目前为止博主仍未成功配置。mc命令通过反向代理的域名访问API时,会返回如下提示。

mc: <ERROR> Unable to initialize new alias from the provided credentials. The request signature we calculated does not match the signature you provided. Check your key and signing method.

经过排查,目前定位到是博主使用了9443端口的问题,使用443端口就可以成功连接。但由于博主的公网IP无法使用443端口,所以目前还在尝试如何使用非标端口的HTTPS协议访问Minio。现在的配置如下,可参考。

同时,博主还在minio的github repo上提了一个issue

Details选项卡

Custom locations选项卡

配置文本如下。

# proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# proxy_set_header Origin "*";
# add_header 'Access-control-Allow-0rigin' '*';
# proxy_set_header Host "minio.example.cn:9443";
# proxy_set_header Host "minio.example.cn";
# proxy_set_header Host "127.0.0.1";
# proxy_set_header Host $http_host;
# proxy_set_header Host $host;
# proxy_set_header Host $host:$server_port;
# proxy_set_header X-Forwarded-Port $server_port;
real_ip_header X-Real-IP;
proxy_connect_timeout 300;
chunked_transfer_encoding off;
proxy_set_header Connection "";
proxy_http_version 1.1;
proxy_set_header X-Amz-Date $http_x_amz_date;
proxy_set_header Authorization $http_authorization;

Advanced选项卡

配置文本如下。

# set $host $http_host
ignore_invalid_headers off;
client_max_body_size 0;
proxy_buffering off;
proxy_request_buffering off;
# client_header_buffer_size 16k;
# large_client_header_buffers 4 16k;

参考资料

  1. MinIO 开启 TLS 访问 - MinIO 教程

  2. login as MINIO_ROOT_USER yields invalid login · Issue #19096 · minio/minio

  3. MinIO Signature Mismatch · minio/minio · Discussion #13768

  4. Configure NGINX Proxy for MinIO Server — MinIO Object Storage for Linux

  5. Install and Deploy MinIO — MinIO Object Storage for Container

  6. Nginx配置minio反向代理_minio nginx代理-CSDN博客

  7. 【异常解决】java程序连接MinIO报错The request signature we calculated does not match the signature you provided.-阿里云开发者社区

  8. minio/docs/orchestration/docker-compose/nginx.conf at master · minio/minio

  9. Can not authorized to the GUI · Issue #871 · minio/console

  10. Nginx反向代理minio踩坑记录 - 荒野游侠 - 博客园

  11. minio报错SignatureDoesNotMatch解决方案_minio signaturedoesnotmatch-CSDN博客

  12. nginx 反向代理 (websocket)后报 - 400 bad request - iSunXiaoXiao - 博客园

  13. nginx代理minio踩坑,报403不能访问,提示 SignatureDoesNotMatch This XML file does not appear to have any style inf_minio 403-CSDN博客

  14. nginx代理minio教程 避坑过的教程 避开SignatureDoesNotMatch_minio signaturedoesnotmatch-CSDN博客

  15. 401s/unauthorized login to localhost MinIO console · Issue #13965 · minio/minio · GitHub

  16. 500/invalid login to localhost MinIO console using default root user/pass · Issue #13966 · minio/minio · GitHub

  17. Error 403 when trying to preview a object · Issue #2344 · minio/console · GitHub

  18. Error 403 when trying to view buckets · Issue #2800 · minio/console · GitHub

  19. How to set different log levels for minio? · minio/minio · Discussion #14213 · GitHub

  20. MINIO_BROWSER_REDIRECT_URL Subpath not working · Issue #2774 · minio/console · GitHub

  21. Nginx 转发域名地址报 400 Bad Request

  22. No access to buckets and policies in console when using reverse proxy subpath · Issue #2775 · minio/console · GitHub

  23. Share URL Returns 403 · Issue #3331 · minio/console · GitHub

  24. WebSocket connection to 'wss://mini.test.com.br/ws/objectManager failed: · Issue #3080 · minio/console · GitHub

  25. [not our bug] The request signature we calculated does not match the signature you provided. Check your key and signing method. · Issue #7936 · minio/minio · GitHub

  26. cookbook/docs/zh_CN/setup-nginx-proxy-with-minio.md at master · eco-minio/cookbook · GitHub

  27. minio SignatureDoesNotMatch aws-sdk-s3 访问搭建 minio 内文件的时候报错: - 掘金

  28. 通过nginx二级目录反向代理访问minio管理界面 - 也曾少年 - 博客园

  29. cors - Minio 403 Forbidden HEAD request using saveas (FileSaver.js) - Stack Overflow

  30. minio nginx http/https配置代理 超详细线上完整版_minio 代理权限配置-CSDN博客

  31. nginx代理minio踩坑,报403不能访问,提示 SignatureDoesNotMatch This XML file does not appear to have any style inf_minio 403-CSDN博客

  32. How to fix nginx throws 400 bad request headers on any header testing tools? - Stack Overflow

  33. minio报错 403 Forbidden_minio 403-CSDN博客

  34. java - Minio with Nginx and presigned URL - Stack Overflow

  35. Nginx 反向代理 MinIO:解决 400 Bad Request_minio nginx代理-CSDN博客

  36. nginx代理minio踩坑,报403不能访问,提示 SignatureDoesNotMatch This XML file does not appear to have any style inf_minio 403-CSDN博客

  37. 解决nginx反向代理非80、8080端口出现HTTP 400错误的问题_nginx 非80端口 400-CSDN博客

  38. Nginx 反向代理报400错误解决方法!_nginx iis 400-CSDN博客

  39. Nginx 反向代理报400错误解决方法! - 码上快乐

  40. Minio最新版2023-02-27T18-10-45Z的使用配置踩坑记录 及 客户端client MC 的安装使用_minio 2022版和 minio 2023版本-大差异-CSDN博客

  41. 新版MinIO安装,附带问题处理和SSL设置(巨详细)_unit minio.service entered failed state.-CSDN博客

  42. 解决minIO 文件上传回显报 403 问题_minio 403-CSDN博客

  43. minio报错SignatureDoesNotMatch解决方案_minio signaturedoesnotmatch-CSDN博客

  44. minio安装与数据迁移_minio数据迁移-CSDN博客

LICENSED UNDER CC BY-NC-SA 4.0
Comment