I had to create an account to share my victory over the past four hours of relentlessness with MiaB and Minio.
To run Minio like me, in a firewalled and SSL self-signed way, you either need to:
- Figure out how to import/accept the SSL cert using python on your box (gave up)
- Use certbot to set up legit certs using dns verification (to keep firewalled/use alternate ports).
I got my Minio set up with proper certs. And then the fun really began. Working through the annoying flaws in both MiaB and Minio collectively.
It is possible to get an “OK” success after your efforts. But here are some tips for future readers:
-
As of current, MiaB is bugged for S3. It will not parse or handle http(s) or port numbers in Host/Endpoint. And will screw up its POST if you use any URI such as http. You must use “yourminio.com” as one simple example.
-
do not enter any region name
-
It does not allow you to accept self signed certs currently. ( I’m using the post hook method with certbot to run the post hook script, rename, replace and chown minio:minio my outdated certs to minios cert folder when re-generated (/etc/letsencrypt/renewal-hooks/post/copykeys.sh - look it up)
-
It will always connect on a 443 port. Do not try using iptables to forward 443 to 9000. Websockets will not work with this. Wasted timefiguring that out. Instead, reconfigure minio to run the API on 443 using your delicious accepted LE cert.
https://serverfault . com/questions/1081607/access-minio-api-on-port-80
https:// github . com/minio/minio-service/tree/master/linux-systemd -
You need to create a miab bucket. AND THEN (*important) you need to create a folder within the bucket (e.g. mail) AND THEN (!) go inside that folder and upload some temp file to keep make the folder persist as a minio bucket generated directory. There’s no other way around it.
Good luck.
Hopefully MiaB addresses this tedious stuff once and for all.
ps - i had to break some urls with spaces because new new users can never be trusted to contribute