console

module
v0.5.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 19, 2021 License: AGPL-3.0

README

MinIO Console

A graphical user interface for MinIO

Dashboard Creating a bucket
Dashboard Dashboard

Setup

All console needs is a MinIO user with admin privileges and URL pointing to your MinIO deployment.

Note: We don't recommend using MinIO's Operator Credentials

  1. Create a user for console using mc.
$ set +o history
$ mc admin user add myminio console YOURCONSOLESECRET
$ set -o history
  1. Create a policy for console with access to everything (for testing and debugging)
$ cat > consoleAdmin.json << EOF
{
	"Version": "2012-10-17",
	"Statement": [{
			"Action": [
				"admin:*"
			],
			"Effect": "Allow",
			"Sid": ""
		},
		{
			"Action": [
                "s3:*"
			],
			"Effect": "Allow",
			"Resource": [
				"arn:aws:s3:::*"
			],
			"Sid": ""
		}
	]
}
EOF
$ mc admin policy add myminio consoleAdmin consoleAdmin.json
  1. Set the policy for the new console user
$ mc admin policy set myminio consoleAdmin user=console
Note

Additionally, you can create policies to limit the privileges for console users, for example, if you want the user to only have access to dashboard, buckets, notifications and watch page, the policy should look like this:

{
	"Version": "2012-10-17",
	"Statement": [{
			"Action": [
				"admin:ServerInfo"
			],
			"Effect": "Allow",
			"Sid": ""
		},
		{
			"Action": [
				"s3:ListenBucketNotification",
				"s3:PutBucketNotification",
				"s3:GetBucketNotification",
				"s3:ListMultipartUploadParts",
				"s3:ListBucketMultipartUploads",
				"s3:ListBucket",
				"s3:HeadBucket",
				"s3:GetObject",
				"s3:GetBucketLocation",
				"s3:AbortMultipartUpload",
				"s3:CreateBucket",
				"s3:PutObject",
				"s3:DeleteObject",
				"s3:DeleteBucket",
				"s3:PutBucketPolicy",
				"s3:DeleteBucketPolicy",
				"s3:GetBucketPolicy"
			],
			"Effect": "Allow",
			"Resource": [
				"arn:aws:s3:::*"
			],
			"Sid": ""
		}
	]
}

Run Console server

To run the server:

# Salt to encrypt JWT payload
export CONSOLE_PBKDF_PASSPHRASE=SECRET

#required to encrypt jwet payload
export CONSOLE_PBKDF_SALT=SECRET

# MinIO endpoint
export CONSOLE_MINIO_SERVER=http://localhost:9000
./console server

Run Console with TLS enable

Copy your public.crt and private.key to ~/.console/certs, then:

./console server

Additionally, Console has support for multiple certificates, clients can request them using SNI. It expects the following structure:

 certs/
  │
  ├─ public.crt
  ├─ private.key
  │
  ├─ example.com/
  │   │
  │   ├─ public.crt
  │   └─ private.key
  └─ foobar.org/
     │
     ├─ public.crt
     └─ private.key
  ...

Therefore, we read all filenames in the cert directory and check for each directory whether it contains a public.crt and private.key.

Connect Console to a Minio using TLS and a self-signed certificate

Copy the MinIO ca.crt under ~/.console/certs/CAs, then:

export CONSOLE_MINIO_SERVER=https://localhost:9000
./console server

You can verify that the apis work by doing the request on localhost:9090/api/v1/...

Contribute to console Project

Please follow console Contributor's Guide

Directories

Path Synopsis
cmd
console
This package imports things required by build scripts, to force `go mod` to see them as dependencies
 This package imports things required by build scripts, to force `go mod` to see them as dependencies
pkg
acl
apis/networking.gke.io/v1beta1
Package v1beta1 is v1beta1 version of the API.
 Package v1beta1 is v1beta1 version of the API.
apis/networking.gke.io/v1beta2
Package v1beta2 is v1beta2 version of the API.
 Package v1beta2 is v1beta2 version of the API.
auth
auth/idp/oauth2
Package oauth2 contains all the necessary configurations to initialize the idp communication using oauth2 protocol
 Package oauth2 contains all the necessary configurations to initialize the idp communication using oauth2 protocol
auth/ldap
auth/token
auth/utils
certs
clientgen/clientset/versioned
This package has the automatically generated clientset.
 This package has the automatically generated clientset.
clientgen/clientset/versioned/fake
This package has the automatically generated fake clientset.
 This package has the automatically generated fake clientset.
clientgen/clientset/versioned/scheme
This package contains the scheme of the automatically generated clientset.
 This package contains the scheme of the automatically generated clientset.
clientgen/clientset/versioned/typed/networking.gke.io/v1beta2
This package has the automatically generated typed clients.
 This package has the automatically generated typed clients.
clientgen/clientset/versioned/typed/networking.gke.io/v1beta2/fake
Package fake has the automatically generated clients.
 Package fake has the automatically generated clients.
clientgen/informers/externalversions
clientgen/informers/externalversions/internalinterfaces
clientgen/informers/externalversions/networking.gke.io
clientgen/informers/externalversions/networking.gke.io/v1beta2
clientgen/listers/networking.gke.io/v1beta2
kes
subnet
utils
Code generated for package portal by go-bindata DO NOT EDIT.
 Code generated for package portal by go-bindata DO NOT EDIT.
Package restapi MinIO Console Server Schemes: http ws Host: localhost BasePath: /api/v1 Version: 0.1.0 Consumes: - application/json - multipart/form-data Produces: - application/octet-stream - application/json swagger:meta
 Package restapi MinIO Console Server Schemes: http ws Host: localhost BasePath: /api/v1 Version: 0.1.0 Consumes: - application/json - multipart/form-data Produces: - application/octet-stream - application/json swagger:meta
operations
operations/admin_api
operations/user_api

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.