s3ui

module
v0.0.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jan 31, 2023 License: AGPL-3.0

README

MinIO Console

build license

A graphical user interface for MinIO

Dashboard Creating a bucket
Dashboard Dashboard

Table of Contents

Install

Binary Releases
OS ARCH Binary
Linux amd64 linux-amd64
Linux arm64 linux-arm64
Linux ppc64le linux-ppc64le
Linux s390x linux-s390x
Apple amd64 darwin-amd64
Windows amd64 windows-amd64

You can also verify the binary with minisign by downloading the corresponding .minisig signature file. Then run:

minisign -Vm console-<OS>-<ARCH> -P RWTx5Zr1tiHQLwG9keckT0c45M3AGeHD6IvimQHpyRywVWGbP1aVSGav
Docker

Pull the latest release via:

docker pull minio/console
Build from source

You will need a working Go environment. Therefore, please follow How to install Go. Minimum version required is go1.18

go install github.com/minio/console/cmd/console@latest

Setup

All console needs is a MinIO user with admin privileges and URL pointing to your MinIO deployment.

Note: We don't recommend using MinIO's Operator Credentials

1. Create a user console using mc
mc admin user add myminio/
Enter Access Key: console
Enter Secret Key: xxxxxxxx
2. Create a policy for console with admin access to all resources (for testing)
cat > admin.json << EOF
{
	"Version": "2012-10-17",
	"Statement": [{
			"Action": [
				"admin:*"
			],
			"Effect": "Allow",
			"Sid": ""
		},
		{
			"Action": [
                "s3:*"
			],
			"Effect": "Allow",
			"Resource": [
				"arn:aws:s3:::*"
			],
			"Sid": ""
		}
	]
}
EOF
mc admin policy add myminio/ consoleAdmin admin.json
3. Set the policy for the new console user
mc admin policy set myminio consoleAdmin user=console

NOTE: Additionally, you can create policies to limit the privileges for other console users, for example, if you want the user to only have access to dashboard, buckets, notifications and watch page, the policy should look like this:

{
	"Version": "2012-10-17",
	"Statement": [{
			"Action": [
				"admin:ServerInfo"
			],
			"Effect": "Allow",
			"Sid": ""
		},
		{
			"Action": [
				"s3:ListenBucketNotification",
				"s3:PutBucketNotification",
				"s3:GetBucketNotification",
				"s3:ListMultipartUploadParts",
				"s3:ListBucketMultipartUploads",
				"s3:ListBucket",
				"s3:HeadBucket",
				"s3:GetObject",
				"s3:GetBucketLocation",
				"s3:AbortMultipartUpload",
				"s3:CreateBucket",
				"s3:PutObject",
				"s3:DeleteObject",
				"s3:DeleteBucket",
				"s3:PutBucketPolicy",
				"s3:DeleteBucketPolicy",
				"s3:GetBucketPolicy"
			],
			"Effect": "Allow",
			"Resource": [
				"arn:aws:s3:::*"
			],
			"Sid": ""
		}
	]
}

Start Console service:

Before running console service, following environment settings must be supplied

# Salt to encrypt JWT payload
export CONSOLE_PBKDF_PASSPHRASE=SECRET

# Required to encrypt JWT payload
export CONSOLE_PBKDF_SALT=SECRET

# MinIO Endpoint
export CONSOLE_MINIO_SERVER=http://localhost:9000

Now start the console service.

./console server
2021-01-19 02:36:08.893735 I | 2021/01/19 02:36:08 server.go:129: Serving console at http://localhost:9090

By default console runs on port 9090 this can be changed with --port of your choice.

Start Console service with TLS:

Copy your public.crt and private.key to ~/.console/certs, then:

./console server
2021-01-19 02:36:08.893735 I | 2021/01/19 02:36:08 server.go:129: Serving console at http://[::]:9090
2021-01-19 02:36:08.893735 I | 2021/01/19 02:36:08 server.go:129: Serving console at https://[::]:9443

For advanced users, console has support for multiple certificates to service clients through multiple domains.

Following tree structure is expected for supporting multiple domains:

 certs/
  │
  ├─ public.crt
  ├─ private.key
  │
  ├─ example.com/
  │   │
  │   ├─ public.crt
  │   └─ private.key
  └─ foobar.org/
     │
     ├─ public.crt
     └─ private.key
  ...

Connect Console to a Minio using TLS and a self-signed certificate

Copy the MinIO ca.crt under ~/.console/certs/CAs, then:

export CONSOLE_MINIO_SERVER=https://localhost:9000
./console server

You can verify that the apis work by doing the request on localhost:9090/api/v1/...

Contribute to console Project

Please follow console Contributor's Guide

Directories

Path Synopsis
cmd
Package k8s - this package imports things required by build scripts, to force `go mod` to see them as dependencies
Package k8s - this package imports things required by build scripts, to force `go mod` to see them as dependencies
Package operatorapi MinIO Console Server
Package operatorapi MinIO Console Server
pkg
apis/networking.gke.io/v1beta1
Package v1beta1 is v1beta1 version of the API.
Package v1beta1 is v1beta1 version of the API.
apis/networking.gke.io/v1beta2
Package v1beta2 is v1beta2 version of the API.
Package v1beta2 is v1beta2 version of the API.
auth/idp/oauth2
Package oauth2 contains all the necessary configurations to initialize the idp communication using oauth2 protocol
Package oauth2 contains all the necessary configurations to initialize the idp communication using oauth2 protocol
clientgen/clientset/versioned
This package has the automatically generated clientset.
This package has the automatically generated clientset.
clientgen/clientset/versioned/fake
This package has the automatically generated fake clientset.
This package has the automatically generated fake clientset.
clientgen/clientset/versioned/scheme
This package contains the scheme of the automatically generated clientset.
This package contains the scheme of the automatically generated clientset.
clientgen/clientset/versioned/typed/networking.gke.io/v1beta2
This package has the automatically generated typed clients.
This package has the automatically generated typed clients.
clientgen/clientset/versioned/typed/networking.gke.io/v1beta2/fake
Package fake has the automatically generated clients.
Package fake has the automatically generated clients.
kes
Package restapi MinIO Console Server
Package restapi MinIO Console Server

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL