Project

General

Profile

Bug #24594

Add SSL/TLS Support to S3

Added by serranf . over 1 year ago. Updated about 1 year ago.

Status:
Resolved
Priority:
Nice to have
Assignee:
John Hixson
Category:
OS
Target version:
Seen in:
Severity:
New
Reason for Closing:
Reason for Blocked:
Needs QA:
No
Needs Doc:
Yes
Needs Merging:
Yes
Needs Automation:
No
Support Suite Ticket:
n/a
Hardware Configuration:
ChangeLog Required:
No

Description

Upgraded to 11 stable train to get S3 / Minio in base (this is a great feature, thanks!); however, I'm not able to make much use of it as it seems to only be available over http.

My FreeNAS web ui is running over https but when I go to the Minio web UI via the UI button in the config I'm redirected out to an HTTP connection on 9000. Digging around I don't see an docs or config options for getting FreeNAS' Minio running over https as such I'm not sure if this is a bug (should pick up settings from admin interface), a feature request (haven't gotten to it yet), or a documentation request.

Associated revisions

Revision 6590b525 (diff)
Added by John Hixson over 1 year ago

Minio TL/SSL

Ticket: #24594

Revision a03cac4e (diff)
Added by John Hixson over 1 year ago

Move minio plugin functionality into etc plugin

Ticket: #24594

Revision dd5908dd (diff)
Added by John Hixson over 1 year ago

Forgot to add this in minio commit

Ticket: #24594

Revision 7e6665e5 (diff)
Added by John Hixson over 1 year ago

Bit by merge migration ... again

Ticket: #24594

Revision f3d194fc (diff)
Added by John Hixson over 1 year ago

Minio TL/SSL

Ticket: #24594

Revision 5799195e (diff)
Added by John Hixson over 1 year ago

Move minio plugin functionality into etc plugin

Ticket: #24594

Revision eb8bb1e4 (diff)
Added by John Hixson over 1 year ago

Forgot to add this in minio commit

Ticket: #24594

Revision 7a08ae51 (diff)
Added by John Hixson over 1 year ago

Bit by merge migration ... again

Ticket: #24594

Revision dfc09126 (diff)
Added by Dru Lavigne about 1 year ago

Mention encrypted S3.
Ticket: #24594

History

#1 Updated by Suraj Ravichandran over 1 year ago

  • Assignee changed from Suraj Ravichandran to Kris Moore
  • Priority changed from No priority to Nice to have
  • Target version set to 11.1

@Kris, I do not have any knowledge about minio. Could you please redirect it to the person who added it.

If they need help with just adding the cert foreignkey I can do that part, but the minio config part I have little clue.

#2 Avatar?id=14398&size=24x24 Updated by Kris Moore over 1 year ago

  • Assignee changed from Kris Moore to John Hixson

John, looks like we need https mode for minio now.

#3 Updated by John Hixson over 1 year ago

  • Category changed from 118 to OS
  • Status changed from Unscreened to Screened

It was only a matter of time ;-)

#4 Updated by Philon Terving over 1 year ago

Hi there,

I was also testing the S3 capabilities. My Mac clients (Transmit and Cyberduck) always want to connect to S3 via TLS. They don't even have the option to switch to HTTP. While nice for security reasons it does make the minio feature kind of useless.

Checking on the Minio docs, the solution is quite simple. Just put some certs in the right location: https://docs.minio.io/docs/how-to-secure-access-to-minio-server-with-tls.

So my workaround:
  1. ln -s /etc/certificates/my-freenas.crt /usr/local/etc/minio/certs/public.crt
  2. ln -s /etc/certificates/my-freenas.key /usr/local/etc/minio/certs/private.key

After a restart of the minio service it will automatically pick up the cert and switch to TLS mode. And I guess the typical GUI selection should be the better solution to fix this bug here.

#5 Updated by John Hixson over 1 year ago

#6 Updated by John Hixson over 1 year ago

  • Status changed from Screened to Needs Developer Review

#7 Updated by John Hixson over 1 year ago

  • Assignee changed from John Hixson to Release Council

#8 Updated by John Hixson over 1 year ago

  • Status changed from Needs Developer Review to Fix In Progress
  • Assignee changed from Release Council to John Hixson

Stealing back since I'm doing some work on it.

#9 Updated by John Hixson over 1 year ago

  • Status changed from Fix In Progress to Needs Developer Review
  • Assignee changed from John Hixson to Release Council

#10 Updated by Dru Lavigne over 1 year ago

  • Assignee changed from Release Council to William Grzybowski

William: is this something that you can review?

#11 Updated by William Grzybowski over 1 year ago

  • Assignee changed from William Grzybowski to Release Council

There is nothing to review here as far as I am concerned. It was committed directly to master, it is targeted to 11.1 and there is no PR.

#12 Updated by Dru Lavigne over 1 year ago

  • Status changed from Needs Developer Review to 47
  • Assignee changed from Release Council to John Hixson

#13 Updated by Dru Lavigne over 1 year ago

  • Subject changed from Minio / S3 SSL/TLS Configuration to Add SSL/TLS Support to S3

#14 Updated by Dru Lavigne about 1 year ago

  • Assignee changed from John Hixson to Bonnie Follweiler
  • Target version changed from 11.1 to 11.1-BETA1

#16 Updated by Bonnie Follweiler about 1 year ago

  • Status changed from 47 to Ready For Release
  • Needs QA changed from Yes to No
  • QA Status Test Passes FreeNAS added
  • QA Status deleted (Not Tested)

Test Passes in FreeNAS-11-MASTER-201710180506

#17 Updated by Dru Lavigne about 1 year ago

  • Assignee changed from Bonnie Follweiler to John Hixson

#18 Updated by Dru Lavigne about 1 year ago

  • Status changed from Ready For Release to Resolved

Also available in: Atom PDF