Minio SSL in Jail

[CsTibor99]

Hi,

I installed Minio plugin successfully, but I not found any correct instruction, how to configure it to work with SSL.

I have Sectigo SSL certificate, private.key and public.crt are extracted.

Can anybody give me 100% working instruction (step-by-step please, I'm not Linux guy), where to copy cert files and where is the config file, how can force Minio plugin to run with ssl.

The standard built-in S3 installation works with GUI selected SSL, but Jail Minio plugin works w/o ssl only, on standard port 9000.

TrueNAS Core, 12.0-U6, Jail release: 12.2-RELEASE-p10, Minio version: 2021.09.03.03.56.13

Thank you in advance,
Tibor

 

[CsTibor99]

Hi,

Maybe the solution is here step-by-step:

1. Create a folder on any dataset (for example certs)
2. Enable SSH and connect to TrueNAS with winscp
3. Browse /mnt/yourdatasetname/certs
4. Copy the private.key and public.crt here and create a folder here with name: CA

Repeat the next steps for all new Minio plugins:

1. Create Minio plugin and test connection without SSL.
2. stop minio plugin

3. Browse: /mnt/yourJaildatasetname/iocage/jails/yourminiopluginname/root/usr/local/etc
4. Create folder minio and open it
5. Create folder certs
6. Create Mount point in "Jails - yourMiniopluginname - Mount Points"
source: /mnt/yourdatasetname/certs
destination: /mnt/yourJaildatasetname/iocage/jails/yourminiopluginname/root/usr/local/etc/minio/certs
select Read Only
7. Start Minio plugin
8. Test your connection without SSL. If error occure (success config) test with SSL.


Renew certificate:
- Overwrite private.key and public.crt on /mnt/yourdatasetname/certs
- Restart all of your Minio plugins


Tibor

 

[xlameee]

Hi,

Maybe the solution is here step-by-step:

1. Create a folder on any dataset (for example certs)
2. Enable SSH and connect to TrueNAS with winscp
3. Browse /mnt/yourdatasetname/certs
4. Copy the private.key and public.crt here and create a folder here with name: CA

Repeat the next steps for all new Minio plugins:

1. Create Minio plugin and test connection without SSL.
2. stop minio plugin

3. Browse: /mnt/yourJaildatasetname/iocage/jails/yourminiopluginname/root/usr/local/etc
4. Create folder minio and open it
5. Create folder certs
6. Create Mount point in "Jails - yourMiniopluginname - Mount Points"
source: /mnt/yourdatasetname/certs
destination: /mnt/yourJaildatasetname/iocage/jails/yourminiopluginname/root/usr/local/etc/minio/certs
select Read Only
7. Start Minio plugin
8. Test your connection without SSL. If error occure (success config) test with SSL.


Renew certificate:
- Overwrite private.key and public.crt on /mnt/yourdatasetname/certs
- Restart all of your Minio plugins


Tibor

8. Test your connection without SSL. If error occure (success config) test with SSL.

and if test with SSL Faild then what ?

 

[FanNAStic]

Hi Tibor
Your method worked great and your instructions were simple and easy.
Thank you