使用容器运行的minio配置https(TLS)访问
使用certgen生成证书
下载地址:https://github.com/minio/certgen/releases/tag/v0.0.2
下载地址:https://files.cnblogs.com/files/sanduzxcvbnm/0.0.2.zip
注意: 只能使用0.0.2版本的certgen,高版本的certgen没有-ca参数了
# 0.0.2版本的参数
# ./certgen-linux-amd64 --help
Usage of ./certgen-linux-amd64:
-ca
whether this cert should be its own Certificate Authority
-duration duration
Duration that certificate is valid for (default 8760h0m0s)
-ecdsa-curve string
ECDSA curve to use to generate a key. Valid values are P224, P256 (recommended), P384, P521
-ed25519
Generate an Ed25519 key
-host string
Comma-separated hostnames and IPs to generate a certificate for
-org-name string
Organization name used when generating the certs (default "Acme Co")
-rsa-bits int
Size of RSA key to generate. Ignored if --ecdsa-curve is set (default 2048)
-start-date string
Creation date formatted as Jan 1 15:04:05 2011
# 大于0.0.2版本的参数
# ./certgen-linux-amd64 --help
Usage of ./certgen-linux-amd64:
-duration duration
Duration that certificate is valid for (default 8760h0m0s)
-ecdsa-curve string
ECDSA curve to use to generate a key. Valid values are P224, P256 (recommended), P384, P521
-ed25519
Generate an Ed25519 key (default true)
-host string
Comma-separated hostnames and IPs to generate a certificate for
-no-ca
whether this cert should not be its own Certificate Authority
-org-name string
Organization name used when generating the certs (default "Acme Co")
-start-date string
Creation date formatted as Jan 1 15:04:05 2011
# certgen -ca -host "主机IP,minio容器运行IP"
# 如果缺容器IP Post "https://172.17.0.2:9000/": x509: certificate is valid for 192.168.20.102, not 172.17.0.2 错误
# 如果缺主机IP Post "https://172.17.0.2:9000/": x509: certificate signed by unknown authority (possibly because of "crypto/rsa: verification error" while trying to verify candidate authority certificate "Acme Co") 错误
# 实际执行的生成证书的命令
# ./certgen-linux-amd64 -ca -host "192.168.20.102,172.17.0.2"
2022/03/09 14:10:58 wrote public.crt
2022/03/09 14:10:58 wrote private.key
使用容器运行minio服务
mkdir -p /mnt/{data,config}
docker run -d -p 9000:9000 -p 9001:9001 --name minio1 \
-e "MINIO_ACCESS_KEY=admin" \
-e "MINIO_SECRET_KEY=12345678" \
-v /mnt/data:/data \
-v /mnt/config:/root/.minio \
minio/minio server /data --console-address ":9001"
复制生成的证书到/mnt/config/certs路径下
cp p* /mnt/config/certs
docker restart minio1
使用https://192.168.20.102:9000访问登录即可
certgen扩展
Example (server)
certgen -ca -host "10.10.0.3,10.10.0.4,10.10.0.5"
2020/11/21 10:16:18 wrote public.crt
2020/11/21 10:16:18 wrote private.key
Example (client)
certgen -client -host "localhost"
2022/02/28 16:55:37 wrote client.crt
2022/02/28 16:55:37 wrote client.key