API port : Trying to mount Minio in MountainDuck
-
I'm trying to access my minio app using Mountain Duck to mount it as a drive on local machine (MacBook).
Using recommended profile : S3 HTTPS
Have :- an admin user in Minio
- a user created in console
- that user has a service account
- the service account has an access policy
Trying with port 443 says I must use API port for S3 requests.
OK, so trying with 9000 and 9001 I get a timeout.
Tried on minio.domain.tld and also minio-api.domain.tldDumb question : what port should I be trying ?
-
I'm trying to access my minio app using Mountain Duck to mount it as a drive on local machine (MacBook).
Using recommended profile : S3 HTTPS
Have :- an admin user in Minio
- a user created in console
- that user has a service account
- the service account has an access policy
Trying with port 443 says I must use API port for S3 requests.
OK, so trying with 9000 and 9001 I get a timeout.
Tried on minio.domain.tld and also minio-api.domain.tldDumb question : what port should I be trying ?
-
Trying
minio-api.domain.tldin the browser (for debug purposes) generates a certificate not trusted error.
Certificate problem ??
Or more likely E30 (error 30cm away from keyboard)
well it seems that I can get a connection using the
minio-api.domain.tldand443
Doesn't compute given earlier messages.
But I then getlisting directory xxxxx failed org.xml.sax saxnotsupportedexception
So maybe this is a MountainDuck issue, which of course is not a Cloudron issue. -
I'm trying to access my minio app using Mountain Duck to mount it as a drive on local machine (MacBook).
Using recommended profile : S3 HTTPS
Have :- an admin user in Minio
- a user created in console
- that user has a service account
- the service account has an access policy
Trying with port 443 says I must use API port for S3 requests.
OK, so trying with 9000 and 9001 I get a timeout.
Tried on minio.domain.tld and also minio-api.domain.tldDumb question : what port should I be trying ?
@timconsidine said in API port : Trying to mount Minio in MountainDuck:
OK, so trying with 9000 and 9001 I get a timeout.
Where did you see these port numbers? Atleast, for the Cloudron package, these are all internal. Maybe we have some UI issue. You shouldn't have to use port numbers to connect.
well it seems that I can get a connection using the minio-api.domain.tld and 443
This is the correct domain to connect. And port 443 is just the default HTTPS port.
-
@timconsidine said in API port : Trying to mount Minio in MountainDuck:
OK, so trying with 9000 and 9001 I get a timeout.
Where did you see these port numbers? Atleast, for the Cloudron package, these are all internal. Maybe we have some UI issue. You shouldn't have to use port numbers to connect.
well it seems that I can get a connection using the minio-api.domain.tld and 443
This is the correct domain to connect. And port 443 is just the default HTTPS port.
@girish I was guessing about 9000 / 9001 based on some internet references. Thanks for clarification.
Getting a connection but still unable to list bucket contents.
Close to giving up on Minio.
Used to work for me in Forklift.
That no longer works, I'm guessing for same reasons that MountainDuck is struggling. -
@timconsidine said in API port : Trying to mount Minio in MountainDuck:
OK, so trying with 9000 and 9001 I get a timeout.
Where did you see these port numbers? Atleast, for the Cloudron package, these are all internal. Maybe we have some UI issue. You shouldn't have to use port numbers to connect.
well it seems that I can get a connection using the minio-api.domain.tld and 443
This is the correct domain to connect. And port 443 is just the default HTTPS port.
@girish I've tried various approaches based on using
minio-api.domain.tldand the standard443port :- Forklift
- MountainDuck
- Transmit
- S3FS
None of them connect properly.
I haven't tried Expandrive but don't expect any different.Even the "official" Minio
mcCLI app (https://docs.min.io/docs/minio-client-complete-guide.html) fails with this message.$ mc ls minio mc: <ERROR> Unable to list folder. Get "https://minio-api.domain.tld/": x509: certificate is not valid for any names, but wanted to match minio-api.domain.tldI'm no expert but I'm starting to think there is an issue with Cloudron's minio implementation. Maybe simply that the certificate for the installed app is valid for the console url, e.g. minio.domain.tld but not for minio-api.domain.tld
I'm not sure how to properly test the certificate for minio-api.domain.tld, but a clumsy attempt to visit
https://minio-api.domain.tld(without expecting it to render a page) gives the standard certificate problem response :Your connection is not private Attackers might be trying to steal your information from minio-api.domain.tld (for example, passwords, messages, or credit cards). Learn more NET::ERR_CERT_COMMON_NAME_INVALID This server could not prove that it is minio-api.domain.tld; its security certificate does not specify Subject Alternative Names. This may be caused by a misconfiguration or an attacker intercepting your connection.Is it dumb to question whether
minio-api.domain.tldcan actually be verified by connecting apps ?
Why else would Minio'smcapp fail to connect ? -
@girish I've tried various approaches based on using
minio-api.domain.tldand the standard443port :- Forklift
- MountainDuck
- Transmit
- S3FS
None of them connect properly.
I haven't tried Expandrive but don't expect any different.Even the "official" Minio
mcCLI app (https://docs.min.io/docs/minio-client-complete-guide.html) fails with this message.$ mc ls minio mc: <ERROR> Unable to list folder. Get "https://minio-api.domain.tld/": x509: certificate is not valid for any names, but wanted to match minio-api.domain.tldI'm no expert but I'm starting to think there is an issue with Cloudron's minio implementation. Maybe simply that the certificate for the installed app is valid for the console url, e.g. minio.domain.tld but not for minio-api.domain.tld
I'm not sure how to properly test the certificate for minio-api.domain.tld, but a clumsy attempt to visit
https://minio-api.domain.tld(without expecting it to render a page) gives the standard certificate problem response :Your connection is not private Attackers might be trying to steal your information from minio-api.domain.tld (for example, passwords, messages, or credit cards). Learn more NET::ERR_CERT_COMMON_NAME_INVALID This server could not prove that it is minio-api.domain.tld; its security certificate does not specify Subject Alternative Names. This may be caused by a misconfiguration or an attacker intercepting your connection.Is it dumb to question whether
minio-api.domain.tldcan actually be verified by connecting apps ?
Why else would Minio'smcapp fail to connect ?@timconsidine It looks the certs for
minio-api.domain.tldare not valid. Which DNS backend are you using? If it's manual/wildcard, can you check if the DNS is pre-setup correctly ? If not, can you go to Domains -> Renew All Certs and check the logs if it is renewing correctly ? -
@timconsidine It looks the certs for
minio-api.domain.tldare not valid. Which DNS backend are you using? If it's manual/wildcard, can you check if the DNS is pre-setup correctly ? If not, can you go to Domains -> Renew All Certs and check the logs if it is renewing correctly ?@girish yep, seems to be a cert issue
The cert forminio.domain.tldis shown in the logs, but there is no entry in the logs forminio-api.domain.tld.
I'm using wildcard DNS (cloudns.net).
The DNS entries are fine for domain.tld (I have a number of apps on the domain).
I will try to force it by changing the Location in the morning.
If necessary, I will download the data content and recreate the app.
I think we're close to a solution.
Will confirm in the morning. -
@timconsidine It looks the certs for
minio-api.domain.tldare not valid. Which DNS backend are you using? If it's manual/wildcard, can you check if the DNS is pre-setup correctly ? If not, can you go to Domains -> Renew All Certs and check the logs if it is renewing correctly ?@girish yay !
Despite the hour I couldn't resist trying it.
I changed the location of the api fromminio-api.domain.tldtominioapi.domain.tld(just removed the hyphen) and saved the change.
Renewed certs and logs now show the api domain in there.
Tested with MiniomcCLI and Forklift : they both list buckets and contents.
Will check MountainDuck and others later.Thanks for your patience and support.
Marking it solved ! -
T timconsidine has marked this topic as solved on
