I m trying to deploy Minio server for a week to get the certificate to work, because the Veeam server need https to pass the repository configuration stage, finally i make it work and just share my steps and hope someone will find it useful.
Prerequisite:
1) Generate a CSR for submission, i m using openssl in my lab:
2) Submit to CA and generate the base 64 certificate, please make sure you download the CA cert as well. you will need to upload the private key, server certificate and the CA certificate to the Minio container directory. ( you can use self generated certificate if you want)
3) create a dataset to store the Minio persistent data and certificate, you need to deploy the minio container later. make sure the container have the permission to write and read from the dataset you created.
4) upload the server cert, CA cert and private key to the dataset, use any sftp client and browse to the directory of the certs dataset you created. upload the server cert and private key to certs directory and rename the server cert to "public.crt" and private key to "private.key".
5) under the certs directory, create a CAs directory and upload the CA cert and rename it as "ca.crt"
** Make sure the container have permission to read the cert
Deploy The Minio Container:
Do not use the Minio from Truenas catalog, i use https://hub.docker.com/r/bitnami/minio which the only one worked for me. please make sure read the description especially the container environment variable setting.
1) Go to App > Discovery APP > Custom App
2) At the Container Images > key in bitnami/minio
3) At the Container Environment variables, add three environment variable as show below, provide your preferred userid and password. the most important is the "MINIO_SCHEME" with value of "https", this to tell the minio to use certificate and enable https. "MINIO_SERVER_URL" key in "https://fqdn:9000" for S3 API and " "MINIO_BROWSER_REDIRECT_URL" key in "https://fqdn:9001" for web redirection
4) ens192 is a online interface without IP address assigned in the Truenas, i use it for container traffic only.
5) Configure external interface and select the ens192 for example, and provide IP address and static route and gateway.
6) Configure DNS,
7) Configure the two host path mappings, host path point to "data" dataset and mouth to "/bitnami/minio/data", "certs" dataset mount to "/certs"
** difference container image will have difference mouth path for it data and cert directory, if you use other than bitnami/minio, please make sure you read the description of the container image to get the correct mouth path.
8) this step is optional. key in the webportal fqdn for easy access.
9) finish and start the deployment process, it's useful to view the logs to see the everything bring up ok.
10) click on the webportal and access to the minio web. and it is secured
Prerequisite:
1) Generate a CSR for submission, i m using openssl in my lab:
- create a text document and let call it minio-csr.conf
- Generate private key using openssl
- Generate CSR using openssl
2) Submit to CA and generate the base 64 certificate, please make sure you download the CA cert as well. you will need to upload the private key, server certificate and the CA certificate to the Minio container directory. ( you can use self generated certificate if you want)
3) create a dataset to store the Minio persistent data and certificate, you need to deploy the minio container later. make sure the container have the permission to write and read from the dataset you created.
4) upload the server cert, CA cert and private key to the dataset, use any sftp client and browse to the directory of the certs dataset you created. upload the server cert and private key to certs directory and rename the server cert to "public.crt" and private key to "private.key".
5) under the certs directory, create a CAs directory and upload the CA cert and rename it as "ca.crt"
** Make sure the container have permission to read the cert
Deploy The Minio Container:
Do not use the Minio from Truenas catalog, i use https://hub.docker.com/r/bitnami/minio which the only one worked for me. please make sure read the description especially the container environment variable setting.
1) Go to App > Discovery APP > Custom App
2) At the Container Images > key in bitnami/minio
3) At the Container Environment variables, add three environment variable as show below, provide your preferred userid and password. the most important is the "MINIO_SCHEME" with value of "https", this to tell the minio to use certificate and enable https. "MINIO_SERVER_URL" key in "https://fqdn:9000" for S3 API and " "MINIO_BROWSER_REDIRECT_URL" key in "https://fqdn:9001" for web redirection
4) ens192 is a online interface without IP address assigned in the Truenas, i use it for container traffic only.
5) Configure external interface and select the ens192 for example, and provide IP address and static route and gateway.
6) Configure DNS,
7) Configure the two host path mappings, host path point to "data" dataset and mouth to "/bitnami/minio/data", "certs" dataset mount to "/certs"
** difference container image will have difference mouth path for it data and cert directory, if you use other than bitnami/minio, please make sure you read the description of the container image to get the correct mouth path.
8) this step is optional. key in the webportal fqdn for easy access.
9) finish and start the deployment process, it's useful to view the logs to see the everything bring up ok.
10) click on the webportal and access to the minio web. and it is secured
