[not our bug] Python connection to minio on docker server in localhost

[adr-arroyo]

I am trying to generate a minio server with docker on my local machine (ubuntu 18.04), and then I would like to connect from a Python client to store some files. My code is:

self.minioClient = Minio("172.17.0.1:9000", access_key='myakey', secret_key='myskey')
self.minioClient.make_bucket("mybuckettest", location="eu-west-1")

Expected Behavior

Creates a bucket on minio.

Current Behavior

Returns error:

W0830 13:02:23.824983 140423135254336 connectionpool.py:665] Retrying (Retry(total=0, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError(SSLError(1, '[SSL: WRONG_VERSION_NUMBER] wrong version number (_ssl.c:852)'),)': /mybuckettest/
Traceback (most recent call last):
  File "/home/adrian/.local/lib/python3.6/site-packages/urllib3/connectionpool.py", line 603, in urlopen
    chunked=chunked)
  File "/home/adrian/.local/lib/python3.6/site-packages/urllib3/connectionpool.py", line 344, in _make_request
    self._validate_conn(conn)
  File "/home/adrian/.local/lib/python3.6/site-packages/urllib3/connectionpool.py", line 843, in _validate_conn
    conn.connect()
  File "/home/adrian/.local/lib/python3.6/site-packages/urllib3/connection.py", line 370, in connect
    ssl_context=context)
  File "/home/adrian/.local/lib/python3.6/site-packages/urllib3/util/ssl_.py", line 368, in ssl_wrap_socket
    return context.wrap_socket(sock)
  File "/usr/lib/python3.6/ssl.py", line 407, in wrap_socket
    _context=self, _session=session)
  File "/usr/lib/python3.6/ssl.py", line 817, in __init__
    self.do_handshake()
  File "/usr/lib/python3.6/ssl.py", line 1077, in do_handshake
    self._sslobj.do_handshake()
  File "/usr/lib/python3.6/ssl.py", line 689, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL: WRONG_VERSION_NUMBER] wrong version number (_ssl.c:852)

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/home/adrian/.vscode/extensions/ms-python.python-2019.8.30787/pythonFiles/ptvsd_launcher.py", line 43, in <module>
    main(ptvsdArgs)
  File "/home/adrian/.vscode/extensions/ms-python.python-2019.8.30787/pythonFiles/lib/python/ptvsd/__main__.py", line 432, in main
    run()
  File "/home/adrian/.vscode/extensions/ms-python.python-2019.8.30787/pythonFiles/lib/python/ptvsd/__main__.py", line 316, in run_file
    runpy.run_path(target, run_name='__main__')
  File "/usr/lib/python3.6/runpy.py", line 263, in run_path
    pkg_name=pkg_name, script_name=fname)
  File "/usr/lib/python3.6/runpy.py", line 96, in _run_module_code
    mod_name, mod_spec, pkg_name, script_name)
  File "/usr/lib/python3.6/runpy.py", line 85, in _run_code
    exec(code, run_globals)
  File "/home/adrian/proyectos/trainer-estimation-generic/src/main.py", line 113, in <module>
    activation=pred.activation, ft_range=pred.ft_range, train=False)
  File "/home/adrian/proyectos/trainer-estimation-generic/src/trainer.py", line 82, in __init__
    self.minioClient.make_bucket("mybuckettest", location="eu-west-1")
  File "/home/adrian/.local/lib/python3.6/site-packages/minio/api.py", line 339, in make_bucket
    headers=headers)
  File "/home/adrian/.local/lib/python3.6/site-packages/urllib3/poolmanager.py", line 326, in urlopen
    response = conn.urlopen(method, u.request_uri, **kw)
  File "/home/adrian/.local/lib/python3.6/site-packages/urllib3/connectionpool.py", line 670, in urlopen
    **response_kw)
  File "/home/adrian/.local/lib/python3.6/site-packages/urllib3/connectionpool.py", line 670, in urlopen
    **response_kw)
  File "/home/adrian/.local/lib/python3.6/site-packages/urllib3/connectionpool.py", line 670, in urlopen
    **response_kw)
  [Previous line repeated 2 more times]
  File "/home/adrian/.local/lib/python3.6/site-packages/urllib3/connectionpool.py", line 641, in urlopen
    _stacktrace=sys.exc_info()[2])
  File "/home/adrian/.local/lib/python3.6/site-packages/urllib3/util/retry.py", line 399, in increment
    raise MaxRetryError(_pool, url, error or ResponseError(cause))
urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='172.17.0.1', port=9000): Max retries exceeded with url: /mybuckettest/ (Caused by SSLError(SSLError(1, '[SSL: WRONG_VERSION_NUMBER] wrong version number (_ssl.c:852)'),))

Steps to Reproduce (for bugs)

1. Follow https://docs.min.io/docs/how-to-secure-access-to-minio-server-with-tls.html to generate public.crt & private.key with :
   Create a file named openssl.conf with the content:

[req]
distinguished_name = req_distinguished_name
x509_extensions = v3_req
prompt = no

[req_distinguished_name]
C = US
ST = VA
L = Somewhere
O = MyOrg
OU = MyOU
CN = MyServerName

[v3_req]
subjectAltName = @alt_names

[alt_names]
IP.1 = 172.17.0.1
IP.2 = 172.17.0.2

Generate files with:

openssl req -x509 -nodes -days 730 -newkey rsa:2048 -keyout private.key -out public.crt -config openssl.conf

2. Copy files to /mnt/config

3. Run minio container:

docker run -p 9000:9000 --name minio_test5   -e "MINIO_ACCESS_KEY=myakey"   -e "MINIO_SECRET_KEY=myskey" -v /mnt/config:/root/.minio minio/minio server ./data

4. Run python code.

Your Environment

• Version used (minio version): latest (pip install minio)
• Operating System and version (uname -a): Ubuntu 18.04

[nitisht]

have you set secure=True in python client @adr-arroyo

[kannappanr]

@nitisht I think the default value is True

[ghost]

@nitisht @kannappanr quick related question we got a similar error to this on our of our gateways over the weekend (running the latest version). We saw these a while back but not for over a month. Is this related to the above issue? FYI, this is without SSL

urllib3.exceptions.MaxRetryError: HTTPConnectionPool(host='172.17.0.1', port=9000): Max retries exceeded with url: /path-to-file (Caused by ResponseError('too many 500 error responses'))

[kannappanr]

@hassbabaie I don't think so.

[aead]

@adr-arroyo What is the log output at the minio server (docker container)? There should be a log msg starting with `tls:.

[ghost]

Thanks @kannappanr we'll keep running and see if it re-appears.

[adr-arroyo]

Dear everyone,
I apologize for not answering as i was in vacation.

regarding the parameter secure, It is True by default.

regarding the output of the container, I see no output starting with 'tls'. My output is the same as @hassbabaie

However, it seems to be working without security launching the server with:

docker run -p 9000:9000 minio/minio server /data

What can we be doing wrong?

Regards

[malinich]

I have the same issue (

[aead]

Since you try to connect to your MinIO docker container via TLS (HTTPS) - did you configure a TLS private key and certificate such that MinIO can present the X.509 certificate to your python client?! If not, you effectively try to connect to an HTTP server over HTTPS. This will not work.

You either have to configure a TLS private key + certificate or try to access your MinIO container over plain HTTP.

[stale]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed after 21 days if no further activity occurs. Thank you for your contributions.

[harshavardhana]

Since you try to connect to your MinIO docker container via TLS (HTTPS) - did you configure a TLS private key and certificate such that MinIO can present the X.509 certificate to your python client?! If not, you effectively try to connect to an HTTP server over HTTPS. This will not work.

You either have to configure a TLS private key + certificate or try to access your MinIO container over plain HTTP.

This issue is stale with no response and considered purely a setup issue. Please reach out to us at https://slack.min.io for further questions on a proper TLS setup.

[jjtolton]

I encountered this issue while following the quick start guide for the server with docker and the Python client SDK guide. I solved the issue by setting secure=False in my Minio invocation.

[emf-developer]

I encountered this issue while following the quick start guide for the server with docker and the Python client SDK guide. I solved the issue by setting secure=False in my Minio invocation.

as @jjtolton said,
you can use this in localhost / test environment, set secure to False to avoid ssl error.

client = Minio( endpoint = host, access_key = accessKey, secret_key = secretKey, secure = False )

[bhuiyanmobasshir94]

I encountered this issue while following the quick start guide for the server with docker and the Python client SDK guide. I solved the issue by setting secure=False in my Minio invocation.

Just saved my day brother

[rodabt]

I encountered this issue while following the quick start guide for the server with docker and the Python client SDK guide. I solved the issue by setting secure=False in my Minio invocation.

Just saved my day brother

Mine too

[toandaominh1997]

I encountered this issue while following the quick start guide for the server with docker and the Python client SDK guide. I solved the issue by setting secure=False in my Minio invocation.

as @jjtolton said, you can use this in localhost / test environment, set secure to False to avoid ssl error.

client = Minio( endpoint = host, access_key = accessKey, secret_key = secretKey, secure = False )

It worked for me