By default, the Containers are accessible on S3 with HTTP protocol. You can add a SSL Certificate to allow data encryption.
There are multiple types of certificates that can be used to enable SSL.
1. Self-Signed Certificate
Preamble
We consider in this example the following parameters
- Certificate validity period of key SSL is 365 days
- Private key file name is "private.key"
- Certificate file name is "public.crt"
1. Creation of the self-signed certificate
[root@nodeum]# cd /root/.minio/certs/
[root@nodeum certs]# sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout private.key -out public.crt
Generating a RSA private key ..........+++++
..................................................................................................................+++++
writing new private key to '/root/.minio/certs/private.key' ----
You are about to be asked to enter information that will be incorporated into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value, If you enter '.', the field will be left blank.
----
Country Name (2 letter code) [AU]:US
State or Province Name (full name) [Some-State]:California
Locality Name (eg, city) []:Newyork
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Webdock
Organizational Unit Name (eg, section) []:IT
Common Name (e.g. server FQDN or YOUR name) []:site1.example.com
Email Address []:admin@example.com
Please enter the following 'extra' attributes to be sent with your certificate request
A challenge password []:
An optional company name []:
[root@nodeum certs]#
Once done, it's required to restart the MINIO service :
[root@nodeum certs]# systemctl restart minio
You need to change the following configuration file /root/.mc/config.json and there change the URL of localminio configuration from http to https.
[root@nodeum]# vi /root/.mc/config.json
[root@nodeum .mc]# vi nodeum.conf
...
"localminio": {
"url": "https://127.0.0.1:9000",
"accessKey": "6aIo3CBHhKa35stGKAME",
"secretKey": "lFRHd0MixbrrrMXESMjsqLfGHLl2KmJ419fCrUww",
"api": "S3v4",
"path": "auto"
},
...
[root@nodeum .mc]#
Then you can test the configuration in using the mc admin command :
[root@nodeum]#sudo mc admin user info localminio user1 --insecure
AccessKey: user1
Status: enabled
PolicyName:
MemberOf:
[root@nodeum .mc]#
Let Us Know What You Thought about this Post.
Put your Comment Below.