I'd written a pretty lengthy explanation of an apparent issue with the config directory, but that turned out to be a red herring. If I generate a self-signed cert, and put the files in
/usr/local/etc/minio/certs/,
and make sure they're readable by minio (which was the actual source of the problems I was seeing, and which minio sucks at logging), minio will restart and run just fine. The web console will now only be accessible via HTTPS (not via HTTP, and there's no redirect). If you've created the cert correctly, you'll be able to log in and go about your business.
One critical point is that the self-signed cert
must contain the address you're using to access minio. I generated a cert for
minio, and the service started and I was able to reach the web console by the IP address just fine. However, I wasn't able to log in, because the IP address wasn't listed on the cert as a SAN. Once I corrected that, I was able to log in and see this:
View attachment 50840
Here are the steps I took:
iocage console miniomkdir -p /usr/local/etc/minio/certscd /usr/local/etc/minio/certsopenssl genrsa -out private.key 2048ee minio.conf
Its contents should be (assuming minio as the hostname, and 192.168.1.221 as the IP address):
Code:
[req]
distinguished_name=req
[SAN]
subjectAltName=@alt_names
[alt_names]
DNS.1 = minio
IP.1 = 192.168.1.221
openssl req -new -x509 -key private.key -out public.crt -days 3650 -subj /CN=minio -extensions SAN -config 'minio.conf'chown minio:minio private.keyservice minio restart- Browse to https://192.168.1.221:9000 and log in with the credentials TrueNAS gave you when you installed the plugin.
And that's all there was to it. Configuring any client devices or applications to trust the self-signed cert is left as an exercise for the reader.
