Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Ingress SubPath Not Working. #2045

Closed
Sam-Sundar opened this issue May 26, 2022 · 21 comments · Fixed by #2818
Closed

Ingress SubPath Not Working. #2045

Sam-Sundar opened this issue May 26, 2022 · 21 comments · Fixed by #2818
Assignees
Labels
bug this needs to be fixed community

Comments

@Sam-Sundar
Copy link

Sam-Sundar commented May 26, 2022

Hey Team,

I'm trying to upgrade from old version of MinIo to latest one and we found we had to make multiple changes,

    spec:
      containers:
      - args:
        - server
        - /storage
        - --console-address
        - :9001
        env:
        - name: MINIO_ROOT_USER
          value: minio
        - name: MINIO_ROOT_PASSWORD
          value: minio123
        #- name: MINIO_BROWSER_REDIRECT_URL
        #  value: https://onprem-test.development.apty.io
        image: minio/minio:latest
        imagePullPolicy: IfNotPresent
        name: minio
        ports:
        - containerPort: 9000
          name: api-port
          protocol: TCP
        - containerPort: 9001
          name: console-port
          protocol: TCP
        resources:

This is my svc definition

minio-api-service         NodePort    10.96.1.117   <none>        9000:31822/TCP                  29m
minio-service             NodePort    10.96.0.155   <none>        9001:31823/TCP                  38d

This is my ingress file

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  projectcontour.io/response-timeout: infinity
  name: https-ingress
  namespace: default
spec:
  rules:
  - host: onprem-test.development.apty.io
    http:
      paths:
      - backend:
          service:
            name: minio-service
            port:
              number: 9001
        path: /minio/
        pathType: Prefix
  tls:
  - hosts:
    - onprem-test.development.apty.io
    secretName: apty-onprem
status:
  loadBalancer: {}

When i try to hit /minio, it's not opening console

image

@harshavardhana
Copy link
Member

You need to tell MinIO where is your console hosted at, leaving out MINIO_BROWSER_REDIRECT_URL won't work.

It should be

value: https://onprem-test.development.apty.io/minio

@Sam-Sundar
Copy link
Author

Hey @harshavardhana,

I did try it as mentioned in here https://github.com/minio/minio#things-to-consider. But still no luck. PFB screenshot of my deployment file. Can you please let me know what i'm missing ?

image
image

@harshavardhana
Copy link
Member

You need also use fairly recent MinIO.

@Sam-Sundar
Copy link
Author

Hey @harshavardhana,

I'm on latest version of MinIO, used the latest tag from both docker and quay.io, still same .. No Luck..

@Sam-Sundar
Copy link
Author

Also @harshavardhana,

With NodePort i'm able to access, just behind ingress getting this weird issue where favicon is loading, but the app is not. 😬

@harshavardhana
Copy link
Member

I can reproduce the problem with docker-compose and nginx

@harshavardhana harshavardhana transferred this issue from minio/minio May 26, 2022
@harshavardhana harshavardhana changed the title Ingress Path Not Working. Ingress SubPath Not Working. May 26, 2022
@Sam-Sundar
Copy link
Author

Sam-Sundar commented May 26, 2022

Thanks a lot @harshavardhana,

If possible, can you try to reproduce on Kubernetes and ingress ? Or with subpath on compose and Nginx.

Since, main domain will reach out to our app and /minio should reach minio. This used to work with 2021 July version, before the update to this UI version.
Also, there's the same bug reported by someone else

#1908

@dvaldivia
Copy link
Collaborator

your nginx config is missing a rewrite_rule you need to add rewrite ^/minio/(.*) /$1 break; to the console location directive

	location /minio {
            proxy_set_header Host $http_host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto $scheme;
            proxy_set_header X-NginX-Proxy true;

            # This is necessary to pass the correct IP to be hashed
            real_ip_header X-Real-IP;

            proxy_connect_timeout 300;
            
            # To support websocket
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "upgrade";
            
            chunked_transfer_encoding off;
            rewrite   ^/minio/(.*) /$1 break;
            proxy_pass http://console;
	}

@Sam-Sundar
Copy link
Author

Hey,

We aren't using Nginx, we are using contour ingress and I don't think Nginx ingress also has something like rewrite_rules

@Subetov
Copy link

Subetov commented Jun 1, 2022

Have the same issue.
Can't make MinIO ingress work on subpath.
RELEASE.2022-05-23T18-45-11Z
I've tried all these ENVs:
- name: MINIO_BROWSER_REDIRECT_URL
value: http://localhost:9001/minio
- name: CONSOLE_SUBPATH
value: /minio/
- name: MINIO_CONSOLE_SUBPATH
value: /minio/

Also have tried rewrite rules.
Couldn't get it to work =(

@Subetov
Copy link

Subetov commented Jun 1, 2022

Could you please suggest how can I get this to work.
Or suggest the version of Minio in which it works.
Thank you.

@dvaldivia dvaldivia added bug this needs to be fixed and removed triage labels Jun 1, 2022
@dvaldivia dvaldivia self-assigned this Jun 1, 2022
@Subetov
Copy link

Subetov commented Jun 1, 2022

One more question - does the MINIO_CONSOLE_SUBPATH variable no longer work?
It seems that only MINIO_BROWSER_REDIRECT_URL works.
But I do not want to specify a hostname, I want my ingress to listen to any hostname.
Like:

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  annotations:
    nginx.ingress.kubernetes.io/rewrite-target: /$2
  name: minio-console
spec:
  rules:
  - http:
      paths:
      - backend:
          service:
            name: minio-console
            port:
              number: 9001
        path: /minio/(/|$)(.*)
        pathType: Prefix
 spec:
      containers:
      - args:
        - server
        - /data
        - --console-address
        - :9001
        env:
        - name: CONSOLE_SUBPATH
          value: /minio
        - name: MINIO_CONSOLE_SUBPATH
          value: /minio
        - name: MINIO_BROWSER
          value: "on"

Thanks !

@dvaldivia
Copy link
Collaborator

yes, we removed MINIO_CONSOLE_SUBPATH in favor of MINIO_BROWSER_REDIRECT_URL as it implies the subpath and the domain the console will be accessed through, this has the downside that we only allow a single domain, do you need to support multiple different domains @Subetov ?

@Subetov
Copy link

Subetov commented Jun 2, 2022

@dvaldivia , yes.
Sorry to hear that =(
MINIO_CONSOLE_SUBPATH was very useful.
A lot of people use it without a specific domain.
In order to cover all possible domains with ingress.
Or uses several domains at the same time.

@jmthomas
Copy link

Turns out the domain doesn't really matter if you're using something like traefik. I set mine to MINIO_BROWSER_REDIRECT_URL: "http://openc3.com/minio" and then in my traefik.yaml rule I created a router to push files to that service:

http:
  middlewares:
    # Removes the first part of the url before passing onto the service
    removeFirst:
      replacePathRegex:
        regex: "^/([^/]*)/(.*)"
        replacement: "/$2"
  routers:
    minio-console:
      rule: PathPrefix(`/minio`)
      middlewares:
        # remove /minio from the beginning
        - "removeFirst"
      service: service-minio-console
  services:
    # The Minio S3 console
    service-minio-console:
      loadBalancer:
        passHostHeader: false
        servers:
          - url: "http://openc3-minio:9001"

I'm also setting the console address in my compose.yaml with the following minio command:

command: server --address ":9000" --console-address ":9001" /data

@mcooknu
Copy link

mcooknu commented Aug 18, 2022

Assuming I want to use a subpath for the operator (or tenant) console and I dont rewrite the path before hitting the console.

What are the provisioning steps when installing minio-operator via helm (minio-operator chart 4.4.28) which uses console 0.19.4.
I see the support subpath in console code base is in console v0.19.2 but I am not sure what steps I should take defining ENVs with the subpath I wish to use on the ingress.

Do I need to set MINIO_CONSOLE_SUBPATH?
(I have tried setting MINIO_BROWSER_REDIRECT_URL)

console:
  image:
    repository: minio/console
    tag: v0.19.4
    pullPolicy: IfNotPresent
  imagePullSecrets: [ ]
  initcontainers: [ ]
  replicaCount: 1
  nodeSelector: { }
  affinity: { }
  tolerations: [ ]
  topologySpreadConstraints: [ ]
  resources: { }
  env:
    - name: MINIO_CONSOLE_SUBPATH
      value: "/minio/operator/"
  securityContext:
    runAsUser: 1000
    runAsNonRoot: true
  ingress:
    enabled: true
    ingressClassName: ""
    labels: { }
    annotations: { }
    tls: [ ]
    host: localhost
    path: /minio/operator/
    pathType: Prefix
  volumes: [ ]
  volumeMounts: [ ]

I can reach the operator console fine via kubectl proxy but I would like to reach it via http://localhost/minio/operator and then similarly the console for tenant-1, http://localhost/minio/tenant-1/.

In both instances, I can read the operator console but it is not using a subpath and attempts to load most of the page from non-existing "root" subpath location.

(I've also just tried: #1908 (comment) using nginx rewrite and this didn't work for me. So I feel like this is a moving target based on how many Issues are raised about this problem!?)

Appreciate any help, I've spent way too many hours trying to follow old documentation with new charts & releases. :/

Setup Context:
KinD Cluster with 3 nodes and an NGINX Ingress on MacOS. Various ingress paths with subpaths to other opensource projects works as expected.

@vmire
Copy link

vmire commented Aug 25, 2022

Subpath works for me except for download links, which ignores it.

I use the latest docker image (minio/minio:latest)
Environment :

MINIO_BROWSER_REDIRECT_URL: 'http://localhost:8080/minio/'

Reverse proxy rewrite :

"proxy-rewrite": {
      "regex_uri": [
        "^/minio/(.*)",
        "/$1"
      ]
    }

Console URL : http://localhost:8080/minio/
=> works fine
Generated download link example : http://localhost:8080/api/v1/buckets/orgo/objects/download?prefix=ZmlsZXMvU3ludGglQzMlODMlQzIlQThzZSUyMGRlJTIwR2FyYW50aWVzLTIucGRm&version_id=null
=> doesn't work : subpath is missing

I appreciate any help

@dvaldivia
Copy link
Collaborator

@vmire that sounds a like a simple bug to fix, can you file a separate issue for that?

@liolay
Copy link

liolay commented Oct 27, 2022

we also need subpath rather than MINIO_BROWSER_REDIRECT_URL, this environment parameter is very inflexible !

@jarrettprosser
Copy link

I am running into the same issue configuring an ingress subpath. Though I have MINIO_BROWSER_REDIRECT_URL configured, the console is still serving resources at / and so I get the same loading errors that @Sam-Sundar-Apty showed in the original post. This is with minio image RELEASE.2022-10-29T06-21-33Z and the minio helm chart 5.0.0.

@usersina
Copy link

usersina commented Mar 21, 2023

I also have the same issue configuring Ingress console access with this helm chart.

consoleIngress:
  enabled: true
  annotations:
    cert-manager.io/cluster-issuer: app-clusterissuer
    nginx.ingress.kubernetes.io/rewrite-target: /$2
  path: /minio(/|$)(.*)
  hosts:
    - my.application.com
  tls:
    - secretName: app-certificate-secret
      hosts:
        - my.application.com

I tried my own ingress.yml without luck but found similar issues where the base path should be specified as well. I tried setting the MINIO_BROWSER_REDIRECT_URL environment variable to "https://my.application.com/minio" but I got the following error:

ERROR Invalid MINIO_BROWSER_REDIRECT_URL value is environment variable: URL contains unexpected resources, expected URL to be of http(s)://minio.example.com format: https://my.application.com/minio

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug this needs to be fixed community
Projects
None yet
Development

Successfully merging a pull request may close this issue.

10 participants