Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


Skip to content
  • Categories
  • Recent
  • Tags
  • Popular
  • Bookmarks
  • Search
Skins
  • Light
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor

  • Default (No Skin)
  • No Skin
Collapse
Brand Logo

Cloudron Forum

Apps | Demo | Docs | Install
  1. Cloudron Forum
  2. Minio
  3. API port : Trying to mount Minio in MountainDuck

API port : Trying to mount Minio in MountainDuck

Scheduled Pinned Locked Moved Solved Minio
9 Posts 2 Posters 3.4k Views 2 Watching
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • timconsidineT Offline
    timconsidineT Offline
    timconsidine
    App Dev
    wrote on last edited by
    #1

    I'm trying to access my minio app using Mountain Duck to mount it as a drive on local machine (MacBook).
    Using recommended profile : S3 HTTPS
    Have :

    • an admin user in Minio
    • a user created in console
    • that user has a service account
    • the service account has an access policy

    Trying with port 443 says I must use API port for S3 requests.
    OK, so trying with 9000 and 9001 I get a timeout.
    Tried on minio.domain.tld and also minio-api.domain.tld

    Dumb question : what port should I be trying ?

    timconsidineT girishG 2 Replies Last reply
    0
    • timconsidineT timconsidine

      I'm trying to access my minio app using Mountain Duck to mount it as a drive on local machine (MacBook).
      Using recommended profile : S3 HTTPS
      Have :

      • an admin user in Minio
      • a user created in console
      • that user has a service account
      • the service account has an access policy

      Trying with port 443 says I must use API port for S3 requests.
      OK, so trying with 9000 and 9001 I get a timeout.
      Tried on minio.domain.tld and also minio-api.domain.tld

      Dumb question : what port should I be trying ?

      timconsidineT Offline
      timconsidineT Offline
      timconsidine
      App Dev
      wrote on last edited by timconsidine
      #2

      Trying minio-api.domain.tld in the browser (for debug purposes) generates a certificate not trusted error.
      Certificate problem ??
      Or more likely E30 (error 30cm away from keyboard) 😄

      timconsidineT 1 Reply Last reply
      0
      • timconsidineT timconsidine

        Trying minio-api.domain.tld in the browser (for debug purposes) generates a certificate not trusted error.
        Certificate problem ??
        Or more likely E30 (error 30cm away from keyboard) 😄

        timconsidineT Offline
        timconsidineT Offline
        timconsidine
        App Dev
        wrote on last edited by
        #3

        well it seems that I can get a connection using the minio-api.domain.tld and 443
        Doesn't compute given earlier messages.
        But I then get listing directory xxxxx failed org.xml.sax saxnotsupportedexception
        So maybe this is a MountainDuck issue, which of course is not a Cloudron issue.

        1 Reply Last reply
        0
        • timconsidineT timconsidine

          I'm trying to access my minio app using Mountain Duck to mount it as a drive on local machine (MacBook).
          Using recommended profile : S3 HTTPS
          Have :

          • an admin user in Minio
          • a user created in console
          • that user has a service account
          • the service account has an access policy

          Trying with port 443 says I must use API port for S3 requests.
          OK, so trying with 9000 and 9001 I get a timeout.
          Tried on minio.domain.tld and also minio-api.domain.tld

          Dumb question : what port should I be trying ?

          girishG Offline
          girishG Offline
          girish
          Staff
          wrote on last edited by
          #4

          @timconsidine said in API port : Trying to mount Minio in MountainDuck:

          OK, so trying with 9000 and 9001 I get a timeout.

          Where did you see these port numbers? Atleast, for the Cloudron package, these are all internal. Maybe we have some UI issue. You shouldn't have to use port numbers to connect.

          well it seems that I can get a connection using the minio-api.domain.tld and 443

          This is the correct domain to connect. And port 443 is just the default HTTPS port.

          timconsidineT 2 Replies Last reply
          1
          • girishG girish

            @timconsidine said in API port : Trying to mount Minio in MountainDuck:

            OK, so trying with 9000 and 9001 I get a timeout.

            Where did you see these port numbers? Atleast, for the Cloudron package, these are all internal. Maybe we have some UI issue. You shouldn't have to use port numbers to connect.

            well it seems that I can get a connection using the minio-api.domain.tld and 443

            This is the correct domain to connect. And port 443 is just the default HTTPS port.

            timconsidineT Offline
            timconsidineT Offline
            timconsidine
            App Dev
            wrote on last edited by
            #5

            @girish I was guessing about 9000 / 9001 based on some internet references. Thanks for clarification.

            Getting a connection but still unable to list bucket contents.

            Close to giving up on Minio.
            Used to work for me in Forklift.
            That no longer works, I'm guessing for same reasons that MountainDuck is struggling.

            1 Reply Last reply
            0
            • girishG girish

              @timconsidine said in API port : Trying to mount Minio in MountainDuck:

              OK, so trying with 9000 and 9001 I get a timeout.

              Where did you see these port numbers? Atleast, for the Cloudron package, these are all internal. Maybe we have some UI issue. You shouldn't have to use port numbers to connect.

              well it seems that I can get a connection using the minio-api.domain.tld and 443

              This is the correct domain to connect. And port 443 is just the default HTTPS port.

              timconsidineT Offline
              timconsidineT Offline
              timconsidine
              App Dev
              wrote on last edited by timconsidine
              #6

              @girish I've tried various approaches based on using minio-api.domain.tld and the standard 443 port :

              • Forklift
              • MountainDuck
              • Transmit
              • S3FS

              None of them connect properly.
              I haven't tried Expandrive but don't expect any different.

              Even the "official" Minio mc CLI app (https://docs.min.io/docs/minio-client-complete-guide.html) fails with this message.

              $ mc ls minio
              mc: <ERROR> Unable to list folder. Get "https://minio-api.domain.tld/": x509: certificate 
              is not valid for any names, but wanted to match minio-api.domain.tld
              

              I'm no expert but I'm starting to think there is an issue with Cloudron's minio implementation. Maybe simply that the certificate for the installed app is valid for the console url, e.g. minio.domain.tld but not for minio-api.domain.tld

              I'm not sure how to properly test the certificate for minio-api.domain.tld, but a clumsy attempt to visit https://minio-api.domain.tld (without expecting it to render a page) gives the standard certificate problem response :

              Your connection is not private
              Attackers might be trying to steal your information from minio-api.domain.tld (for example, passwords, messages, or credit cards). Learn more
              NET::ERR_CERT_COMMON_NAME_INVALID
              This server could not prove that it is minio-api.domain.tld; its security certificate does not specify Subject Alternative Names. This may be caused by a misconfiguration or an attacker intercepting your connection.
              

              Is it dumb to question whether minio-api.domain.tld can actually be verified by connecting apps ?
              Why else would Minio's mc app fail to connect ?

              girishG 1 Reply Last reply
              0
              • timconsidineT timconsidine

                @girish I've tried various approaches based on using minio-api.domain.tld and the standard 443 port :

                • Forklift
                • MountainDuck
                • Transmit
                • S3FS

                None of them connect properly.
                I haven't tried Expandrive but don't expect any different.

                Even the "official" Minio mc CLI app (https://docs.min.io/docs/minio-client-complete-guide.html) fails with this message.

                $ mc ls minio
                mc: <ERROR> Unable to list folder. Get "https://minio-api.domain.tld/": x509: certificate 
                is not valid for any names, but wanted to match minio-api.domain.tld
                

                I'm no expert but I'm starting to think there is an issue with Cloudron's minio implementation. Maybe simply that the certificate for the installed app is valid for the console url, e.g. minio.domain.tld but not for minio-api.domain.tld

                I'm not sure how to properly test the certificate for minio-api.domain.tld, but a clumsy attempt to visit https://minio-api.domain.tld (without expecting it to render a page) gives the standard certificate problem response :

                Your connection is not private
                Attackers might be trying to steal your information from minio-api.domain.tld (for example, passwords, messages, or credit cards). Learn more
                NET::ERR_CERT_COMMON_NAME_INVALID
                This server could not prove that it is minio-api.domain.tld; its security certificate does not specify Subject Alternative Names. This may be caused by a misconfiguration or an attacker intercepting your connection.
                

                Is it dumb to question whether minio-api.domain.tld can actually be verified by connecting apps ?
                Why else would Minio's mc app fail to connect ?

                girishG Offline
                girishG Offline
                girish
                Staff
                wrote on last edited by
                #7

                @timconsidine It looks the certs for minio-api.domain.tld are not valid. Which DNS backend are you using? If it's manual/wildcard, can you check if the DNS is pre-setup correctly ? If not, can you go to Domains -> Renew All Certs and check the logs if it is renewing correctly ?

                timconsidineT 2 Replies Last reply
                1
                • girishG girish

                  @timconsidine It looks the certs for minio-api.domain.tld are not valid. Which DNS backend are you using? If it's manual/wildcard, can you check if the DNS is pre-setup correctly ? If not, can you go to Domains -> Renew All Certs and check the logs if it is renewing correctly ?

                  timconsidineT Offline
                  timconsidineT Offline
                  timconsidine
                  App Dev
                  wrote on last edited by
                  #8

                  @girish yep, seems to be a cert issue
                  The cert for minio.domain.tld is shown in the logs, but there is no entry in the logs for minio-api.domain.tld.
                  I'm using wildcard DNS (cloudns.net).
                  The DNS entries are fine for domain.tld (I have a number of apps on the domain).
                  I will try to force it by changing the Location in the morning.
                  If necessary, I will download the data content and recreate the app.
                  I think we're close to a solution.
                  Will confirm in the morning.

                  1 Reply Last reply
                  0
                  • girishG girish

                    @timconsidine It looks the certs for minio-api.domain.tld are not valid. Which DNS backend are you using? If it's manual/wildcard, can you check if the DNS is pre-setup correctly ? If not, can you go to Domains -> Renew All Certs and check the logs if it is renewing correctly ?

                    timconsidineT Offline
                    timconsidineT Offline
                    timconsidine
                    App Dev
                    wrote on last edited by
                    #9

                    @girish yay ! 🍾
                    Despite the hour I couldn't resist trying it.
                    I changed the location of the api from minio-api.domain.tld to minioapi.domain.tld (just removed the hyphen) and saved the change.
                    Renewed certs and logs now show the api domain in there.
                    Tested with Minio mc CLI and Forklift : they both list buckets and contents.
                    Will check MountainDuck and others later.

                    Thanks for your patience and support.
                    Marking it solved ! 🍾

                    1 Reply Last reply
                    3
                    • timconsidineT timconsidine has marked this topic as solved on
                    Reply
                    • Reply as topic
                    Log in to reply
                    • Oldest to Newest
                    • Newest to Oldest
                    • Most Votes


                    • Login

                    • Don't have an account? Register

                    • Login or register to search.
                    • First post
                      Last post
                    0
                    • Categories
                    • Recent
                    • Tags
                    • Popular
                    • Bookmarks
                    • Search