Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


    Cloudron Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular

    Solved API port : Trying to mount Minio in MountainDuck

    Minio
    2
    9
    352
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • timconsidine
      timconsidine App Dev last edited by

      I'm trying to access my minio app using Mountain Duck to mount it as a drive on local machine (MacBook).
      Using recommended profile : S3 HTTPS
      Have :

      • an admin user in Minio
      • a user created in console
      • that user has a service account
      • the service account has an access policy

      Trying with port 443 says I must use API port for S3 requests.
      OK, so trying with 9000 and 9001 I get a timeout.
      Tried on minio.domain.tld and also minio-api.domain.tld

      Dumb question : what port should I be trying ?

      timconsidine girish 2 Replies Last reply Reply Quote 0
      • timconsidine
        timconsidine App Dev @timconsidine last edited by timconsidine

        Trying minio-api.domain.tld in the browser (for debug purposes) generates a certificate not trusted error.
        Certificate problem ??
        Or more likely E30 (error 30cm away from keyboard) 😄

        timconsidine 1 Reply Last reply Reply Quote 0
        • timconsidine
          timconsidine App Dev @timconsidine last edited by

          well it seems that I can get a connection using the minio-api.domain.tld and 443
          Doesn't compute given earlier messages.
          But I then get listing directory xxxxx failed org.xml.sax saxnotsupportedexception
          So maybe this is a MountainDuck issue, which of course is not a Cloudron issue.

          1 Reply Last reply Reply Quote 0
          • girish
            girish Staff @timconsidine last edited by

            @timconsidine said in API port : Trying to mount Minio in MountainDuck:

            OK, so trying with 9000 and 9001 I get a timeout.

            Where did you see these port numbers? Atleast, for the Cloudron package, these are all internal. Maybe we have some UI issue. You shouldn't have to use port numbers to connect.

            well it seems that I can get a connection using the minio-api.domain.tld and 443

            This is the correct domain to connect. And port 443 is just the default HTTPS port.

            timconsidine 2 Replies Last reply Reply Quote 1
            • timconsidine
              timconsidine App Dev @girish last edited by

              @girish I was guessing about 9000 / 9001 based on some internet references. Thanks for clarification.

              Getting a connection but still unable to list bucket contents.

              Close to giving up on Minio.
              Used to work for me in Forklift.
              That no longer works, I'm guessing for same reasons that MountainDuck is struggling.

              1 Reply Last reply Reply Quote 0
              • timconsidine
                timconsidine App Dev @girish last edited by timconsidine

                @girish I've tried various approaches based on using minio-api.domain.tld and the standard 443 port :

                • Forklift
                • MountainDuck
                • Transmit
                • S3FS

                None of them connect properly.
                I haven't tried Expandrive but don't expect any different.

                Even the "official" Minio mc CLI app (https://docs.min.io/docs/minio-client-complete-guide.html) fails with this message.

                $ mc ls minio
mc: <ERROR> Unable to list folder. Get "https://minio-api.domain.tld/": x509: certificate 
is not valid for any names, but wanted to match minio-api.domain.tld

                I'm no expert but I'm starting to think there is an issue with Cloudron's minio implementation. Maybe simply that the certificate for the installed app is valid for the console url, e.g. minio.domain.tld but not for minio-api.domain.tld

                I'm not sure how to properly test the certificate for minio-api.domain.tld, but a clumsy attempt to visit https://minio-api.domain.tld (without expecting it to render a page) gives the standard certificate problem response :

                Your connection is not private
Attackers might be trying to steal your information from minio-api.domain.tld (for example, passwords, messages, or credit cards). Learn more
NET::ERR_CERT_COMMON_NAME_INVALID
This server could not prove that it is minio-api.domain.tld; its security certificate does not specify Subject Alternative Names. This may be caused by a misconfiguration or an attacker intercepting your connection.

                Is it dumb to question whether minio-api.domain.tld can actually be verified by connecting apps ?
                Why else would Minio's mc app fail to connect ?

                girish 1 Reply Last reply Reply Quote 0
                • girish
                  girish Staff @timconsidine last edited by

                  @timconsidine It looks the certs for minio-api.domain.tld are not valid. Which DNS backend are you using? If it's manual/wildcard, can you check if the DNS is pre-setup correctly ? If not, can you go to Domains -> Renew All Certs and check the logs if it is renewing correctly ?

                  timconsidine 2 Replies Last reply Reply Quote 1
                  • timconsidine
                    timconsidine App Dev @girish last edited by

                    @girish yep, seems to be a cert issue
                    The cert for minio.domain.tld is shown in the logs, but there is no entry in the logs for minio-api.domain.tld.
                    I'm using wildcard DNS (cloudns.net).
                    The DNS entries are fine for domain.tld (I have a number of apps on the domain).
                    I will try to force it by changing the Location in the morning.
                    If necessary, I will download the data content and recreate the app.
                    I think we're close to a solution.
                    Will confirm in the morning.

                    1 Reply Last reply Reply Quote 0
                    • timconsidine
                      timconsidine App Dev @girish last edited by

                      @girish yay ! 🍾
                      Despite the hour I couldn't resist trying it.
                      I changed the location of the api from minio-api.domain.tld to minioapi.domain.tld (just removed the hyphen) and saved the change.
                      Renewed certs and logs now show the api domain in there.
                      Tested with Minio mc CLI and Forklift : they both list buckets and contents.
                      Will check MountainDuck and others later.

                      Thanks for your patience and support.
                      Marking it solved ! 🍾

                      1 Reply Last reply Reply Quote 4
                      • Topic has been marked as solved  timconsidine timconsidine 
                      • First post
                        Last post
                      Powered by NodeBB