feat: subpath support using reverse proxy

[NaccOll]

Minio console redirects using basepath as baseUrl. But react router does not set basename, so when I use reverse proxy, static resources are loaded normally, and basename is / during navigation. Also, the page will not be found on refresh

[dvaldivia]

Additional fix is needed, but it works fine.

[NaccOll]

@dvaldivia When will a new version that supports subpaths be released?

[dvaldivia]

I need to fix one behavior that this sub path breaks, so later this week

[NaccOll]

@dvaldivia
Sorry to bother you, I'm having issues with subpath support on the newly released minio. I want to proxy the api and console to a port, my configuration:

start-minio.sh

export MINIO_ROOT_USER=minioadmin
export MINIO_ROOT_PASSWORD=minioadmin
export MINIO_BROWSER_REDIRECT_URL=https://minio.example.com/minio-console/
nohup minio server --console-address :39759 --config-dir /etc/minio /data/minio > /root/components/minio/minio.log 2>&1 &

minio.example.com.conf

server {
        listen 80;
        server_name minio.example.com;

        # To allow special characters in headers
        ignore_invalid_headers off;
        # Allow any size file to be uploaded.
        # Set to a value such as 1000m; to restrict file size to a specific value
        client_max_body_size 0;
        # To disable buffering
        proxy_buffering off;
        location / {
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header X-Forwarded-Proto $scheme;
                proxy_set_header Host $http_host;

                proxy_connect_timeout 300;
                # Default is HTTP/1, keepalive is only enabled in HTTP/1.1
                proxy_http_version 1.1;
                proxy_set_header Connection "";
                chunked_transfer_encoding off;

                proxy_pass http://localhost:9000;
        }

        location /minio-console/ {
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header X-Forwarded-Proto $scheme;
                proxy_set_header Host $http_host;
                proxy_set_header X-Forwarded-Prefix /minio-console/;

                proxy_pass http://localhost:39759/;
        }
}

When I start the console-ui alone, I don't find any problem. However, when the console-ui in minio, I find that it will access /api/v1/session on the login page, and then the response is not 401, and the page is blank.

Could you please help me to see if there is something wrong with my configuration?

[mskyttner]

I'm too not able to reverse proxy minio console on a subpath.

These issues seem related:

• Ingress SubPath Not Working. #2045
• Minio console session error when exposed on subpath #2166
• Minio console cannot be exposed trough k8s ingress and NGINX gateway #1908

Tried various workarounds but have not yet found a way to do it.

Thankful for any hints or ideas...

[mcooknu]

Thanks @mskyttner for the summary of various issues. I have documented my attempts at #2045 (comment) and also waiting for some hints/ideas/clarification on what is possible to support reverse-proxy subpath.

[NaccOll]

@mskyttner @mcooknu
I have used subpaths on v0.19.3. The configuration is as follows:

server {
        listen 80;
        server_name minio.example.com;  

        # To allow special characters in headers
        ignore_invalid_headers off;
        # Allow any size file to be uploaded.
        # Set to a value such as 1000m; to restrict file size to a specific value
        client_max_body_size 0;
        # To disable buffering
        proxy_buffering off;
        location / {
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header X-Forwarded-Proto $scheme;
                proxy_set_header Host $http_host;

                proxy_connect_timeout 300;
                # Default is HTTP/1, keepalive is only enabled in HTTP/1.1
                proxy_http_version 1.1;
                proxy_set_header Connection "";
                chunked_transfer_encoding off;

                proxy_pass http://localhost:9000;
        }

        location /minio-console/ {
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header X-Forwarded-Proto $scheme;
                proxy_set_header Host $http_host;
                proxy_set_header X-Forwarded-Prefix /minio-console/;

                proxy_pass http://localhost:9001/;
        }
}

[mmhlego]

Hi everyone
I stumbled upon this problem myself and after a lot of tweaking, I was finally able to host the console in /minio-console subpath and the backend server in /files subpath.
Special thanks to the community for contributing and sharing their solutions:

• Minio console session error when exposed on subpath #2166
• feat: subpath support using reverse proxy #2174

Note: In this approach, I didn't expose any ports to the public and increased my server's security.

Note: Since I used minio in my docker as service name, I could connect to http://minio:900X in the private shared network and access the console and backend.

Here are my configuration files:

Nginx Configuration

server {
    listen       80;
	listen		433 ssl;
	server_name mydomain.com;

	root /var/www/html;

	ignore_invalid_headers off;
	client_max_body_size 50M;
	proxy_buffering off;
	proxy_request_buffering off;

	location / {
		# server files
                ...
        }

	location /minio-console {
		rewrite   ^/minio-console/(.*) /$1 break;
		proxy_pass http://minio:9001/;

		proxy_http_version 1.1;
		proxy_set_header Host $http_host;
		proxy_set_header X-Real-IP $remote_addr;
		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
		proxy_set_header X-Forwarded-Proto $scheme;
		proxy_set_header X-NginX-Proxy true;
		proxy_set_header Upgrade $http_upgrade;
		proxy_set_header Connection "upgrade";

		real_ip_header X-Real-IP;
		proxy_connect_timeout 300;

		chunked_transfer_encoding off;
	}
	
	location /files/ {
		rewrite   ^/files/(.*) /$1 break;
		proxy_set_header Host $http_host;
		proxy_set_header X-Real-IP $remote_addr;
		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
		proxy_set_header X-Forwarded-Proto $scheme;

		proxy_connect_timeout 300;
		proxy_http_version 1.1;
		proxy_set_header Connection "";
		chunked_transfer_encoding off;

		proxy_pass http://minio:9000/;
	}


    # redirect server error pages to the static page /50x.html
    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
        root   /usr/share/nginx/html;
    }

    # SSL configuration
    listen 443 ssl;
    ...
}

Environment Variables

MINIO_ROOT_USER=*****
MINIO_ROOT_PASSWORD=******
MINIO_DEFAULT_BUCKETS=main:public
MINIO_BROWSER_REDIRECT_URL=https://mydomain.com/minio-console
MINIO_API_SELECT_PARQUET=on

Docker Compose Configuration

version: "3.4"

services:
    gateway:
        image: gateway
        restart: on-failure
        build:
            context: ./Gateway
            dockerfile: Dockerfile
        ports:
            - 80:80
            - 443:443
        volumes:
            - /etc/letsencrypt:/etc/letsencrypt
        networks:
            - private-net

    # Service name: Used in private network to connect
    minio:
        image: bitnami/minio:latest
        restart: on-failure
        volumes:
            - minio_data:/bitnami/minio/data
        env_file: .env
        networks:
            - private-net

volumes:
    minio_data:

networks:
    private-net:

Dockerfile for Nginx

FROM focker.ir/nginx:1.25.3-alpine

COPY default.conf /etc/nginx/conf.d/default.conf