S3 login issue

G

GabrieleMax

Dabbler
Joined
Mar 25, 2023
Messages
15
Hi guys,

I just read an old post https://www.truenas.com/community/threads/problems-with-s3-service-minio.99347/ but it didn't solve my issue :\

I'm using TrueNAS-SCALE-22.12.2, you can see what happen here:

ibb.co

S3-01 hosted at ImgBB

Image S3-01 hosted in ImgBB
ibb.co ibb.co
ibb.co

S3-02 hosted at ImgBB

Image S3-02 hosted in ImgBB
ibb.co ibb.co
ibb.co

S3-03 hosted at ImgBB

Image S3-03 hosted in ImgBB
ibb.co ibb.co

I don't know how I can go beyond and what I could check to solve it, I tried to add a local ca and I did a local certificate but I had the same isssue, I tried also to import a external SSL certificate bought from a web site but... nothing is changed...

Regards.
GabrieleMax
 
im.thatoneguy

im.thatoneguy

Dabbler
Joined
Nov 4, 2022
Messages
37
Once you specify a hostname (and don't explicitly add a flag to remain in http not https) it'll enable https/tls.

The hostname has to match one of the options in the certificate or else it'll error. In your case you aren't using a hostname at all you're using IP and the self-signed certificate is for like "GarbrieleTruenas" not "192.168.1.246" so it's giving an error.

Your options are:
1) Create a certificate in the certs page for "192.168.1.246" aka an IP Name.
2) Use the DNS Name for the machine. Whether that's the self signed host name or a public certificate like Let's Encrypt with a wildcard. So if your local LAN is on like GabrieleMax.com you would ask Let's Encrypt in the certs tab for something like *.GabrieleMax.com and then when you access your minio server you would navigate to TrueNas.GabrieleMax.com and set your Hostname to the same.
3) Leave Minio in http mode and put a reverse proxy in front of it that performs the tls termination. (This is what I did since my PFSense cluster is fast enough). This is slightly tricky because if you want to generate file shares you need to still specify a hostname AND you need to add startup flag (not sure if it's possible with the service) to force it into http mode.
 
G

GabrieleMax

Dabbler
Joined
Mar 25, 2023
Messages
15
im.thatoneguy said:
1) Create a certificate in the certs page for "192.168.1.246" aka an IP Name.
Click to expand...
I solved the issue by point one, I created a certificate with my hostname nas02 and now S3 works also with https://192.168.1.246/9000 and not just by https://nas02/9000.

I don't know why https://nas02/9000 doesn't work properly (sometimes it shows me a timed out page) than https://192.168.1.246/9000 which works always, I have a local dns in my lan managed by Windows server, maybe I should modify records there...

Now I should understand how to a "Distributed mode" https://ibb.co/3WDvVqN, in this nas I have a pool of four disks but maybe to do it I should have a S3 space on other nas... I don't know... :\

Thanks for your reply! :)
 
Last edited:
You must log in or register to reply here.

Important Announcement for the TrueNAS Community.

The TrueNAS Community has now been moved. This forum will now become READ-ONLY for historical purposes. Please feel free to join us on the new TrueNAS Community Forums.

Related topics on forums.truenas.com for thread: "S3 login issue"

Similar threads

D
S3 certificate but no secure connection
Replies
1
Views
2K
DonGuig
D
netspear.io
TrueNAS Scale Backup To TrueNAS Scale S3
Replies
0
Views
2K
netspear.io
netspear.io
H
[minio] S3 service failed to start.
Replies
6
Views
5K
designet
designet
M
11.3 Minio and Veeam
Replies
0
Views
1K
Mr-C
M
R
Minio / S3 Service (TrueNAS-13.0-U3.1) Metrics
Replies
0
Views
2K
Richard Durso
R
Top