Question 83273 in Docker Question posted in
The official documentation can be found here.

MinIO docker SSL login connection refused

We are using docker compose to setup MinIO service, now we are adding the SSL security.

Login screen displays without problem on https://my.domain:9001 but it fails on login attempt.

When env variable MINIO_SERVER_URL is left out, the error says Post "https://SOME_IP_ADDRESS:9000/": x509: cannot validate certificate for SOME_IP_ADDRESS because it doesn't contain any IP SANs.

When MINIO_SERVER_URL=https://my.domain:9000 or MINIO_SERVER_URL=https://my.domain:9001 the error becomes Post "https://my.domain:9000/": dial tcp SERVER_IP_ADDRESS:9000: connect: connection refused.

Before implementing SSL it worked on SERVER_IP_ADDRESS:9001 which becomes unavailable after setting cert volumes in docker-compose.yml

From browser network dev tools the response number is 500 with message "invalid login" regardless credentials being correct or not.

MinIO buckets are accessible from other services.

version: "3.9"
services:
  minio:
    image: minio/minio:latest
    command: server --console-address ":9001" /data
    container_name: minio
    ports:
      - "9000:9000"
      - "9001:9001"
    environment:
      - MINIO_ROOT_USER=${ADMIN_USERNAME}
      - MINIO_ROOT_PASSWORD=${ADMIN_PASSWORD}
      - MINIO_SERVER_URL=https://my.domain:9000
    volumes:
      - ./data_docker/raw:/data
      - ${PATH_CERT_FILE}:/root/.minio/certs/public.crt:ro
      - ${PATH_CERT_PRIVATE_KEY}:/root/.minio/certs/private.key:ro
    healthcheck:
      test: ["CMD", "curl", "-f", "https://localhost:9000/minio/health/live"]
      interval: 30s
      timeout: 20s
      retries: 3
    restart: always

Any tips how to solve this error?

Tags:

2

Answers


  1. Chosen as BEST ANSWER
    0

    This was solved by adding hostname: to specify domain

    version: "3.9"

services:
  minio:
    image: minio/minio:latest
    command: server --console-address ":9001" /data
    container_name: minio
    ports:
      - "9000:9000"
      - "9001:9001"
    environment:
      - MINIO_ROOT_USER=${ADMIN_USERNAME}
      - MINIO_ROOT_PASSWORD=${ADMIN_PASSWORD}
# Specify the URL hostname the MinIO Console should use for connecting to the MinIO Server.
      - MINIO_SERVER_URL=https://my.domain:9000
# The hostname a container uses for itself. Defaults to the container’s ID if not specified.
    hostname: my.domain
    volumes:
      - ./data_docker/raw:/data
# https://docs.min.io/docs/how-to-secure-access-to-minio-server-with-tls.html
# https://stackoverflow.com/a/69320949/5990202
      - ${PATH_CERT_FILE}:/root/.minio/certs/public.crt:ro
      - ${PATH_CERT_PRIVATE_KEY}:/root/.minio/certs/private.key:ro
    healthcheck:
      test: ["CMD", "curl", "-f", "https://my.domain:9000/minio/health/live"]
      interval: 30s
      timeout: 20s
      retries: 3
    restart: always

  2. 0

    I believe your best bet is to set hosts since minio itself doesn’t know about "my.domain" which is required to access minio over ssl.

    This can be done with adding following to docker-compose

      minio:
    ...
    extra_hosts:
      - "my.domain:127.0.0.1"
    ...
    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search