minio example not working

[reiniertc]

I've got chiefonboarding up and running using docker. I'm trying to get Minio connected for object storage and used the example from the chiefonboarding - documentation. Minio is running (can access it from the console), but within Chief onboarding I still cant upload any attachment, logo, etc.

my compose.yml is as follows: ` version: "3.9" services: db: image: postgres:latest container_name: ChiefOnboarding-DB hostname: chiefonboarding-db security_opt:

• no-new-privileges:true healthcheck: test: ["CMD", "pg_isready", "-q", "-d", "chiefonboarding", "-U", "chiefuser"] timeout: 45s interval: 10s retries: 10 user: 1035:101 volumes:
• /volume1/docker-data/chiefonboarding/database:/var/lib/postgresql/data environment:
• POSTGRES_DB=chiefonboarding
• POSTGRES_USER=chiefuser
• POSTGRES_PASSWORD=chiefpass restart: always networks:

• global

  app: image: chiefonboarding/chiefonboarding:latest container_name: ChiefOnboarding hostname: chiefonboarding security_opt:

• no-new-privileges:true healthcheck: test: wget --no-verbose --tries=1 --spider http://localhost:8000/health || exit 1 ports:
• 9810:8000 environment:
• SECRET_KEY=[redacted]
• DATABASE_URL=postgres://chiefuser:chiefpass@chiefonboarding-db:5432/chiefonboarding
• ALLOWED_HOSTS=welkom.[redacted].nl
• CSRF_TRUSTED_ORIGINS=https://welkom.[redacted].nl
• ACCOUNT_EMAIL=[redacted]
• ACCOUNT_PASSWORD=[redacted]
• DEFAULT_FROM_EMAIL=redacted reinier@[redacted].nl
• SENDGRID_KEY=[redacted]
• HTTP_INSECURE=True
• AWS_S3_ENDPOINT_URL=http://minio.[external-url].nl
• AWS_ACCESS_KEY_ID=chief[<-redacted]
• AWS_SECRET_ACCESS_KEY=chiefpass[<-redacted]
• AWS_STORAGE_BUCKET_NAME=chiefonboarding
• AWS_DEFAULT_REGION=us-east-1 restart: always depends_on: db: condition: service_started networks:

• global

  minio-server: image: minio/minio ports:

  • 9009:9000
  • 9001:9001 volumes:
• /volume1/docker-data/minio:/data environment:
• MINIO_ROOT_USER=chief[<-redacted]
• MINIO_ROOT_PASSWORD=chiefpass[<-redacted]
• MINIO_DOMAIN=http://minio.[external-url].nl command: server --address 0.0.0.0:9000 --console-address 0.0.0.0:9001 /data networks:
• global

networks: global: `

I have a reverse proxy for http://minio.[external-url].nl to the docker container at port 9009 Since I have followed the documentation in detail, I'm goinig nuts: Do I do something wrong, or is it a bug perhaps?

[reiniertc]

sorry: it won't format as code...

[GDay]

Could you go to a page where you can upload something, then right-click on the screen and click on "inspect". Then click on the "console" tab and then try to upload something. Does it give you an error message there?

If not, go to the "network" tab and check if you get any 4xx or 5xx errors and check the response.

[reiniertc]

the POST command issued by chiefonboarding results in a 200 response. but when I zoom in on error messages in the console pane of the Safari Browser, I see:

XMLHttpRequest cannot load http://minio.[external-url].nl/[bucketname-redacted]/38-Unknown/Unknown.jpeg?X-Amz-Algorithm=[redacted]&X-Amz-Credential=[redacted]%2F20240213%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20240213T164530Z&X-Amz-Expires=3600&X-Amz-SignedHeaders=host&X-Amz-Signature=[redacted] due to access control checks.

hmmm.... what "access control checks" could that be?

[reiniertc]

i think I found a clue: [blocked] The page at https://welkom.[redacted].nl/admin/templates/resources/8/edit was not allowed to display insecure content from http://minio.[url].nl/andersom/38-Unknown/Unknown.jpeg?X[redacted].

[GDay]

Try to change the ‘AWS_S3_ENDPOINT_URL’ to ‘https’. Minio will need to be accessible over https to make that work (depends on your reverse proxy).

Op di 13 feb , reiniertc @.***(mailto:Op di 13 feb , reiniertc < schreef:

i think I found a clue: [blocked] The page at https://welkom.[redacted].nl/admin/templates/resources/8/edit was not allowed to display insecure content from http://minio.[url].nl/andersom/38-Unknown/Unknown.jpeg?X[redacted].

— Reply to this email directly, view it on GitHub, or unsubscribe. You are receiving this because you commented.Message ID: @.***>

[reiniertc]

Ok, tried that. It's now pointing to https. I still get an error (after 1 minute of trying): Failed to load resource: Preflight response is not successful. Status code: 504

I also see another erro:r

[reiniertc]

I also added Cors Allow Origin setting of "https://welkom.[url].nl in the minio configuration

[GDay]

504 means a server error (minio). Can you access the uploaded file directly? In a new tab for example?

Op di 13 feb , reiniertc @.***(mailto:Op di 13 feb , reiniertc < schreef:

I also added Cors Allow Origin setting of "https://welkom.[url].nl in the minio configuration

— Reply to this email directly, view it on GitHub, or unsubscribe. You are receiving this because you commented.Message ID: @.***>

[reiniertc]

I havent managed to upload a single file from the chiefonboarding interface. I can upload a file to minio via the console interface of minio itself, if that's what you mean

[GDay]

Oh, I thought uploading worked, sorry. Can you access minio over https? The 504 error means that it timed out, so there might be something wrong with the SSL.

Op di 13 feb , reiniertc @.***(mailto:Op di 13 feb , reiniertc < schreef:

I havent managed to upload a single file from the chiefonboarding interface. I can upload a file to minio via the console interface of minio itself, if that's what you mean

— Reply to this email directly, view it on GitHub, or unsubscribe. You are receiving this because you commented.Message ID: @.***>

[reiniertc]

I have a reverse proxy setup for the console and one for the api. Both use the same wildcard certificate. The one form the console works, so the container is reachable. I'm fiddling with the reverse proxy setting, to a) point it to the ip-address of the local server on which it is installen (for instance 192.168.1.34:9000) b) point it to "localhost:9000"

a) results in a time-out for the api b) results in an error 403 for the api

[GDay]

Yeah, so that’s the issue. You need access to the normal address (not the console) for it to work. The timeout is the error you also get in ChiefOnboarding.

Maybe you just need to change the MINIO_DOMAIN and put https there instead of http?

Op di 13 feb , reiniertc @.***(mailto:Op di 13 feb , reiniertc < schreef:

I have a reverse proxy setup for the console and one for the api. Both use the same wildcard certificate. The one form the console works, so the container is reachable. I'm fiddling with the reverse proxy setting, to a) point it to the ip-address of the local server on which it is installen (for instance 192.168.1.34:9000) b) point it to "localhost:9000"

a) results in a time-out for the api b) results in an error 403 for the api

— Reply to this email directly, view it on GitHub, or unsubscribe. You are receiving this because you commented.Message ID: @.***>

[reiniertc]

Gday: you've helped me on the right track. Turns out: a) it HAS to be https in stead of http b) I needed to add the Cors Allow Origin setting either in the console, or via the ENVIRONMENT variable c) in the reverse proxy I have to point to "localhost:9000" and not to "[ipadress]:9000"

the 403 error I got was because I fiddled with different users with different policies in Minio, so after getting a, b and c right all I had to do was use the right credentials.

So: it work now: thanks a million!