search

caprover / one-click-apps

Community Maintained One Click Apps (https://github.com/caprover/caprover)
Apache License 2.0
559 stars 548 forks source link

Minio stopped serving files after adding a new domain to the endpoint. #1006

Open yruk8 opened 1 year ago

yruk8 commented 1 year ago

Hello. To reproduce the error:

  1. Install Minio using the one-click app, after I have two applications: 'minio' (domain: minio.panel.domain.com) and 'minio-api' (domain: minio-api.panel.domain.com).
  2. Enabled HTTPS and WebSocket for both 'minio' and 'minio-api' applications.
  3. Created a bucket and credentials.
  4. Tested uploading and downloading, and everything was working.
  5. In the 'minio-api' application, added a new domain (min.new-domain.com) in the admin panel caprover, enabled HTTPS for it, clicked 'save and restart.'
  6. In the 'minio' application, changed the MINIO_SERVER_URL variable from 'minio-api.panel.domain.com' to 'min.new-domain.com'

As a result, the admin panel of Minio works, and I can upload files to minio. However, when I try to download files, I receive a 403 error: Error: Unexpected response status code (403).

When I revert the MINIO_SERVER_URL variable to 'minio-api.panel.domain.com' everything works as expected.

From my research, it seems that the issue may be related to Nginx settings, and at some point, an additional redirect is interfering with the operation of the Minio API. My Nginx settings are standard, and I haven't made any changes to them."

Nginx setting app minio-api 

<%
if (s.forceSsl) {
%>
    server {

        listen       80;

        server_name  <%-s.publicDomain%>;

        # Used by Lets Encrypt
        location /.well-known/acme-challenge/ {
            root <%-s.staticWebRoot%>;
        }

        # Used by CapRover for health check
        location /.well-known/captain-identifier {
            root <%-s.staticWebRoot%>;
        }

        location / {
            return 302 https://$http_host$request_uri;
        }
    }
<%
}
%>

server {

    <%
    if (!s.forceSsl) {
    %>
        listen       80;
    <%
    }
    if (s.hasSsl) {
    %>
        listen              443 ssl http2;
        ssl_certificate     <%-s.crtPath%>;
        ssl_certificate_key <%-s.keyPath%>;
    <%
    }
    %>

        client_max_body_size 500m;

        server_name  <%-s.publicDomain%>;

        # 127.0.0.11 is DNS set up by Docker, see:
        # https://docs.docker.com/engine/userguide/networking/configure-dns/
        # https://github.com/moby/moby/issues/20026
        resolver 127.0.0.11 valid=10s;
        # IMPORTANT!! If you are here from an old thread to set a custom port, you do not need to modify this port manually here!!
        # Simply change the Container HTTP Port from the dashboard HTTP panel
        set $upstream http://<%-s.localDomain%>:<%-s.containerHttpPort%>;

        location / {

    <%
    if (s.redirectToPath) {
    %>
        return 302 <%-s.redirectToPath%>;
    <%
    } else {
    %>

            <%
            if (s.httpBasicAuthPath) {
            %>
                auth_basic           "Restricted Access";
                auth_basic_user_file <%-s.httpBasicAuthPath%>; 
            <%
            }
            %>

                proxy_pass $upstream;
                proxy_set_header Host $host;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header X-Forwarded-Proto $scheme;

            <%
            if (s.websocketSupport) {
            %>
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection "upgrade";
                proxy_http_version 1.1;
            <%
            }
            %>

    <%
    }
    %>

        }

        # Used by Lets Encrypt
        location /.well-known/acme-challenge/ {
            root <%-s.staticWebRoot%>;
        }

        # Used by CapRover for health check
        location /.well-known/captain-identifier {
            root <%-s.staticWebRoot%>;
        }

        error_page 502 /captain_502_custom_error_page.html;
        location = /captain_502_custom_error_page.html {
                root <%-s.customErrorPagesDirectory%>;
                internal;
        }
}

example Nginx logs

| 1xx.1xx.1xx.1xx - - [21/Oct/2023:20:14:25 +0000] "minio-api.panel.domain.com" "GET /local/?location= HTTP/2.0" 200 128 "-" "MinIO (linux; amd64) minio-go/v7.0.64 MinIO Console/(dev)" "1x.0.x.5,1xx.2xx.1xx.8x"
| 1xx.7x.2xx.7 - - [21/Oct/2023:20:14:25 +0000] "minio-api.panel.domain.com" "GET /local/test_file.jpg?versionId=null HTTP/2.0" 403 487 "-" "MinIO (linux; amd64) minio-go/v7.0.64 MinIO Console/(dev)" "1x.0.x.5,1xx.2xx.1xx.8x"
githubsaturn commented 1 year ago

Hi @yruk8 - one click apps are community maintained, please see below to learn how to report and resolve your issues:

https://github.com/caprover/one-click-apps/blob/master/.github/ISSUE_TEMPLATE/app_issue.md

image

kgnfth commented 11 months ago

I followed your steps and it just works