dockernginxdocker-composeminio
Minio console not accessible behind nginx reverse proxy
I am trying to redirect a example.com/minio location to minio console, which is run behind a nginx proxy both run by a docker compose file. My problem is that, when I'm trying to reverse proxy the minio endpoint to a path, like /minio it does not work, but when I run the minio reverse proxy on root path in the nginx reverse proxy, it works. I seriously cannot findout what the problem might be.
This is my compose file:
services:
nginx:
container_name: nginx
image: nginx
restart: unless-stopped
ports:
- 80:80
- 443:443
volumes:
- ./nginx.conf:/etc/nginx/conf.d/default.conf
- ./log/nginx:/var/log/nginx/
minio:
image: minio/minio
container_name: minio
volumes:
- ./data/minio/:/data
command: server /data --address ':9000' --console-address ':9001'
environment:
MINIO_ROOT_USER: minio_admin
MINIO_ROOT_PASSWORD: minio_123456
ports:
- 9000
- 9001
restart: always
logging:
driver: "json-file"
options:
max-file: "10"
max-size: 20m
healthcheck:
test: ["CMD", "curl", "-f", "http://127.0.0.1:9000/minio/health/live"]
interval: 30s
timeout: 20s
retries: 3
My nginx configuration is like this:
server {
listen 80;
server_name example.com;
# To allow special characters in headers
ignore_invalid_headers off;
# Allow any size file to be uploaded.
# Set to a value such as 1000m; to restrict file size to a specific value
client_max_body_size 0;
# To disable buffering
proxy_buffering off;
access_log /var/log/nginx/service-access.log;
error_log /var/log/nginx/service-error.log debug;
location / {
return 200 "salam";
default_type text/plain;
}
location /minio {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;
proxy_connect_timeout 300;
# Default is HTTP/1, keepalive is only enabled in HTTP/1.1
proxy_http_version 1.1;
proxy_set_header Connection "";
chunked_transfer_encoding off;
proxy_pass http://minio:9001;
}
}
The picture I'm seeing of minio console at the domain is this:
And the response of curling the endpoint ($ curl -k http://example.com/minio):
<null>
<html lang="en">
<head>
<meta charset="utf-8" />
<base href="/" />
<meta content="width=device-width,initial-scale=1" name="viewport" />
<meta content="#081C42" media="(prefers-color-scheme: light)" name="theme-color" />
<meta content="#081C42" media="(prefers-color-scheme: dark)" name="theme-color" />
<meta content="MinIO Console" name="description" />
<link href="./styles/root-styles.css" rel="stylesheet" />
<link href="./apple-icon-180x180.png" rel="apple-touch-icon" sizes="180x180" />
<link href="./favicon-32x32.png" rel="icon" sizes="32x32" type="image/png" />
<link href="./favicon-96x96.png" rel="icon" sizes="96x96" type="image/png" />
<link href="./favicon-16x16.png" rel="icon" sizes="16x16" type="image/png" />
<link href="./manifest.json" rel="manifest" />
<link color="#3a4e54" href="./safari-pinned-tab.svg" rel="mask-icon" />
<title>MinIO Console</title>
<script defer="defer" src="./static/js/main.eec275cb.js"></script>
<link href="./static/css/main.90d417ae.css" rel="stylesheet">
</head>
<body>
<noscript>You need to enable JavaScript to run this app.</noscript>
<div id="root">
<div id="preload">
<img src="./images/background.svg" />
<img src="./images/background-wave-orig2.svg" />
</div>
<div id="loader-block">
<img src="./Loader.svg" />
</div>
</div>
</body>
</html>
%
Solution
I also struggled with this for a long time and was finally able to resolve it.
As far as I can tell, the key changes to make this work for me where:
- Manually specifying a
rewritedirective (instead of relying on the Nginx proxy_pass+URI behaviour which didn't seem to work for me). - Setting the
resolverdirective with short timeouts (so that rescheduling of services onto other nodes gets resolved). - Setting
$upstreamto prevent DNS caching.
I had to change your setup a little bit so that now the Minio S3 API is served behind minio.example.com while the UI Web Console is accessible at minio.example.com/console/.
I have edited your config files below:
docker-compose.yml:
services:
nginx:
container_name: nginx
image: nginx
restart: unless-stopped
ports:
- 80:80
- 443:443
volumes:
- ./nginx.conf:/etc/nginx/conf.d/default.conf
- ./log/nginx:/var/log/nginx/
minio:
image: minio/minio
container_name: minio
volumes:
- ./data/minio/:/data
command: server /data --address ':9000' --console-address ':9001'
environment:
MINIO_SERVER_URL: "http://minio.example.com/"
MINIO_BROWSER_REDIRECT_URL: "http://minio.example.com/console/"
MINIO_ROOT_USER: minio_admin
MINIO_ROOT_PASSWORD: minio_123456
ports:
- 9000
- 9001
restart: always
logging:
driver: "json-file"
options:
max-file: "10"
max-size: 20m
healthcheck:
test: ["CMD", "curl", "-f", "http://127.0.0.1:9000/minio/health/live"]
interval: 30s
timeout: 20s
retries: 3
nginx.conf:
server {
listen 80;
server_name minio.example.com;
# To allow special characters in headers
ignore_invalid_headers off;
# Allow any size file to be uploaded.
# Set to a value such as 1000m; to restrict file size to a specific value
client_max_body_size 0;
# To disable buffering
proxy_buffering off;
access_log /var/log/nginx/service-access.log;
error_log /var/log/nginx/service-error.log debug;
# Use Docker DNS
# You might not need this section but in case you need to resolve
# docker service names inside the container then this can be useful.
resolver 127.0.0.11 valid=10s;
resolver_timeout 5s;
# Apparently the following line might prevent caching of DNS lookups
# and force nginx to resolve the name on each request via the internal
# Docker DNS.
set $upstream "minio";
# Minio Console (UI)
location /console/ {
# This was really the key for me. Even though the Nginx docs say
# that with a URI part in the `proxy_pass` directive, the `/console/`
# URI should automatically be rewritten, this wasn't working for me.
rewrite ^/console/(.*)$ /$1 break;
proxy_pass http://$upstream:9001;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;
proxy_connect_timeout 300;
# To support websocket
# Default is HTTP/1, keepalive is only enabled in HTTP/1.1
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
chunked_transfer_encoding off;
}
# Proxy requests to the Minio API on port 9000
location / {
proxy_pass http://$upstream:9000;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;
proxy_connect_timeout 300;
# To support websocket
# Default is HTTP/1, keepalive is only enabled in HTTP/1.1
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
chunked_transfer_encoding off;
}
}
HTH!
- PHP docker pdo_mysql driver not found
- How add JAVA_OPTS variable to wildfly by kubernetes yaml file?
- How to locally backup the images of a local Docker-registry?
- How to run a one-off task on AWS ECS Fargate?
- Connect application to database when they are in separate docker containers
- Orderer container fails to run Hyperledger Fabric 2.0
- WebStorm Docker deamon connection error on Macbook M1
- Configure/Setting/Activate a Python Conda environment in Docker
- Problem connecting springboot to mysql with docker-compose
- unable to start 'Docker for windows' on Azure Win 10 VM
- Why won't Docker Desktop Start
- How does Docker handle different kernel versions?
- How to enable virtualization in Azure VM
- Whats the best approach to execute a bash script inside a Docker Container?
- Jenkins connect to the remote Docker Engine, build image failed
- Configuring AppSettings with ASP.Net Core on Azure Web App for Containers: Whither Colons?
- Recommended Docker Image Architecture
- Docker Image Pull Succeeds in GitLab Pipeline but Image Not Found on AWS Lightsail
- Get SHA's of multiarch docker image
- How to make docker container "see" hosts from outside
- Need help regarding an error in the Dockerized version of the application
- Permission Error Running Container in AWS CodeBuild
- How to kill interactive shell and process/jobs running on it?
- Why these other py files not showing?
- How do I get MSSQL service container working in Azure DevOps pipeline?
- Replica refuses to accept connections, albeit that primary works just fine
- Docker push - net/http: TLS handshake timeout
- Is Node using 100% CPU?
- How to copy files from host to Docker container?
- Docker Container can't connect to the Internet