configure minio in docker to use https

Question

This is my docker-compose.yml:

version: '3.7'

services:
  minio:
    image: minio/minio
    command: server -C /etc/minio --address ":9000" --console-address ":9001" /data
    ports:
      - "9000:9000"
      - "9001:9001"
    environment:
      MINIO_ROOT_USER: minioadmin
      MINIO_ROOT_PASSWORD: minioadmin
    volumes:
      - minio:/data
      - /etc/minio:/root/.minio/
      - /etc/minio:/etc/minio/
      
volumes:
  minio:

ls -l /etc/minio/:

drwx------ 2 root root 4096 May 20 11:43 CAs
lrwxrwxrwx 1 root root   59 May 20 11:45 private.key -> /etc/letsencrypt/live/mydomain.com/privkey.pem
lrwxrwxrwx 1 root root   61 May 20 11:44 public.crt -> /etc/letsencrypt/live/mydomain.com/fullchain.pem

accessing via http works but https does not. I have no clue, what is wrong. Sadly the logs don't show anything and the docs are also not helping.

May I ask what your final compose file looks like? Thanks. – megamaiku Aug 05 '22 at 21:51 — megamaiku, Aug 05 '22 at 21:51

score 4 · Accepted Answer · answered May 20 '22 at 12:25

4

The symlinks private.key and public.crt can't be resolved because the targets don't exist inside the container.

The easiest way would be to mount /etc/letsencrypt inside the container as well.

Keep in mind that you need to restart the container (or at least reload the minio process inside the container) after every certificate renewal.

answered May 20 '22 at 12:25

Gerald Schneider

19,757
8
52
79

great, that seems to have been the issue. now i gotta figure this out: `Unable to load the TLS configuration: Could not read PEM block from file /etc/minio/certs/public.crt`. any idea :( ? – Felix D. May 20 '22 at 12:30
That would be a topic for a new question. – Gerald Schneider May 20 '22 at 12:30
1

My first guess would be a wrong path in the minio config (`/etc/minio/certs/public.crt` vs `/etc/minio/public.crt`) – Gerald Schneider May 20 '22 at 12:32
figured it out. it did not like that i linked the `fullchain.pem` and rather expected `/etc/letsencrypt/live/mydomain.com/cert.pem` – Felix D. May 20 '22 at 12:36

hernino · Answer 2 · 2022-06-07T12:58:21.980

0

Actually looking at the error, I agree it might be because it can't read the certificates, however I believe it's a permission issue, not a wrong path issue..so I would say use chown to change permissions of the directory and the file

edited Jun 07 '22 at 12:58

answered Jun 07 '22 at 12:57

hernino

1
1

configure minio in docker to use https

2 Answers2