By default, the Containers are accessible on S3 with HTTP protocol. You can add a SSL Certificate to allow data encryption.
There are multiple types of certificates that can be used to enable SSL.
1. Self-Signed Certificate
Preamble
We consider in this example the following parameters
- Certificate validity period of key SSL is 365 days
- Private key file name is "private.key"
- Certificate file name is "public.crt"
- Server IP address is "10.x.x.x"
1. Creation of the self-signed certificate
[root@nodeum]# cd /root/.minio/certs/
[root@nodeum certs]# sudo openssl11 req -x509 -newkey rsa:4096 -sha256 -days 365 -nodes -keyout ./private.key -out ./public.crt -subj "/CN=nodeum.domain.local" -addext "subjectAltName=DNS:nodeum.domain.local,DNS:localhost,IP:0.0.0.0,IP:127.0.0.1,IP:10.x.x.x"
Generating a RSA private key
....................................................................................................................................................................................................................................................................................................................................++++
........................................................................................................................++++
writing new private key to './private.key'
-----
[root@nodeum certs]#
Once done, it's required to restart the MINIO service :
[root@nodeum certs]# systemctl restart minio
You need to change the following configuration file /root/.mc/config.json and there change the URL of localminio configuration from http to https.
[root@nodeum]# vi /root/.mc/config.json
[root@nodeum .mc]# vi nodeum.conf
...
"localminio": {
"url": "https://127.0.0.1:9000",
"accessKey": "6aIo3CBHhKa35stGKAME",
"secretKey": "lFRHd0MixbrrrMXESMjsqLfGHLl2KmJ419fCrUww",
"api": "S3v4",
"path": "auto"
},
...
[root@nodeum .mc]#
Then you can test the configuration in using the mc admin command :
[root@nodeum]#sudo mc admin user info localminio user1 --insecure
AccessKey: user1
Status: enabled
PolicyName:
MemberOf:
[root@nodeum .mc]#
Let Us Know What You Thought about this Post.
Put your Comment Below.