Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Config SSL on Docker #6820

Closed
MohMehrnia opened this issue Nov 15, 2018 · 14 comments
Closed

Config SSL on Docker #6820

MohMehrnia opened this issue Nov 15, 2018 · 14 comments
Labels
community working as intended

Comments

@MohMehrnia
Copy link

How do cofigure ssl on docker and run minio on docker with SSL
@kannappanr
Copy link
Contributor

kannappanr commented Nov 16, 2018
edited

@MohMehrnia Can you please try

    docker run -p 9000:9000 -e "MINIO_ACCESS_KEY=minio" -e "MINIO_SECRET_KEY=minio123" -v /mnt/config:/root/.minio minio/minio server /data

You will have to create a folder called certs under /mnt/config/ and have your private.key and public.crt files there.

@kannappanr kannappanr added this to the Next Release milestone Nov 16, 2018
@MohMehrnia
Copy link
Author

I test this command but can no used https, I create private and public on localhost with OpenSSL

@kannappanr
Copy link
Contributor

@MohMehrnia Not sure I follow you. Can you paste the error you see?

@MohMehrnia
Copy link
Author

MohMehrnia commented Nov 16, 2018
edited

When retrieve https address , browsers show message can not display and when check docker log show this message
API: SYSTEM()
Time: 05:20:48 UTC 11/16/2018
Error: malformed HTTP request from '172.17.0.2:9000'
remoteAddr=172.17.0.1:55976, localAddr=172.17.0.2:9000
1: cmd/http/listener.go:274:http.(*httpListener).start.func2()
Exiting on signal: TERMINATED

@kannappanr
Copy link
Contributor

kannappanr commented Nov 16, 2018
edited

Can you paste the message or a screenshot? and give us more details like, what IPaddress did you create the certificate for and what is the IPAddress displayed, when minio starts up? Version of minio in use. Is there any log on the server console?

@MohMehrnia
Copy link
Author

IP Address is 127.0.0.1 (Local host)
Minio Version (Latest minio Docker version)
IPAddress Display: http://127.0.0.1:9000
and Only This log When Call https in browsers
API: SYSTEM()
Time: 05:20:48 UTC 11/16/2018
Error: malformed HTTP request from '172.17.0.2:9000'
remoteAddr=172.17.0.1:55976, localAddr=172.17.0.2:9000
1: cmd/http/listener.go:274:http.(*httpListener).start.func2()
Exiting on signal: TERMINATED

(SSL Create With localhost not 127.0.0.1)

@kannappanr
Copy link
Contributor

@MohMehrnia So, you basically created certificate using OpenSSL for localhost? Can you please regenerate the certificate for IPAddress 172.17.0.2? This error will go away in that scenario.

@MohMehrnia
Copy link
Author

MohMehrnia commented Nov 16, 2018
edited

I created ssl for IPAddress 172.17.0.2 and error is exists
SSL Generate With Below Instruction:
https://docs.minio.io/docs/how-to-secure-access-to-minio-server-with-tls.html

Browsers Error:
An error occurred during a connection to 172.17.0.2:9000. SSL received a record that exceeded the maximum permissible length. Error code: SSL_ERROR_RX_RECORD_TOO_LONG

Endpoint: http://172.17.0.2:9000 http://127.0.0.1:9000

Browser Access:
http://172.17.0.2:9000 http://127.0.0.1:9000

Object API (Amazon S3 compatible):
Go: https://docs.minio.io/docs/golang-client-quickstart-guide
Java: https://docs.minio.io/docs/java-client-quickstart-guide
Python: https://docs.minio.io/docs/python-client-quickstart-guide
JavaScript: https://docs.minio.io/docs/javascript-client-quickstart-guide
.NET: https://docs.minio.io/docs/dotnet-client-quickstart-guide

API: SYSTEM()
Time: 07:35:15 UTC 11/16/2018
Error: malformed HTTP request from '172.17.0.2:9000'
remoteAddr=10.0.75.1:4611, localAddr=172.17.0.2:9000
1: cmd/http/listener.go:274:http.(*httpListener).start.func2()

certs.zip

@kannappanr
Copy link
Contributor

@MohMehrnia I tried the certificates that you gave after renaming them appropriately. Firefox complained about this certificate being self signed, which is correct. Other than that I did not see any issue. I did not get the error that you were getting.

can you please take a look at https://support.mozilla.org/en-US/questions/1222739 ?

One of the things you can try is to use a different browser or use the same browser in private mode and see if you still get the same error.

@MohMehrnia
Copy link
Author

"I tried the certificates that you gave after renaming"

Why need renaming and what's new name?
Renaming is necessary?

@kannappanr
Copy link
Contributor

kannappanr commented Nov 16, 2018
edited

The name of the certificate file should be public.crt and the private key should be private.key

@MohMehrnia
Copy link
Author

Ok, Thanks for helping, My Problem is resolved,
when i create certificate, i not renaming certificates and this my big mistake.
thanks,

@kannappanr
Copy link
Contributor

@MohMehrnia Thanks for getting back to us. Will go ahead and close this issue. Our docs is available at docs.minio.io Please feel free to reach out to us if you have more questions.

@lock
Copy link

lock bot commented Apr 19, 2020

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.

@lock lock bot locked as resolved and limited conversation to collaborators Apr 19, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
community working as intended
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@MohMehrnia @kannappanr