This walkthru shows how to configure SSL/TLS for vm-broker instances, with examples.

./SSL/passThru

For *.lab.min.dev: In UI set `SSL Required` and `Enable TLS` only

For *.minio.training: In UI set `Enable TLS` only

SSH to instance

Install nginx

sudo apt update
sudo apt install nginx

Run

sudo openssl req -x509 -newkey rsa:4096 -nodes -sha256 -keyout /etc/ssl/private/ssl-cert-snakeoil.key -out /etc/ssl/certs/ssl-cert-snakeoil.pem -days 3650 -subj "/CN="

Append to /etc/nginx/sites-available/default

sudo vi /etc/nginx/sites-available/default

server {
        # SSL configuration
        #
        listen 443 ssl default_server;
        listen [::]:443 ssl default_server;
        include snippets/snakeoil.conf;

        root /var/www/html;
        index ssl.index.nginx-debian.htm;

        server_name _;

        location / {
                # First attempt to serve request as file, then
                # as directory, then fall back to displaying a 404.
                try_files $uri $uri/ =404;
        }
}

Run

sudo sed 's/Welcome to nginx/Welcome to nginx\(ssl\)/' /var/www/html/index.nginx-debian.html | sudo tee /var/www/html/ssl.index.nginx-debian.htm

Reload nginx

sudo nginx -s reload

Validate nginx is accessible as PASSTHRU

curl https://cert-test.lab.min.dev:443

Output:

<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx(ssl)!</title>
<style>
html { color-scheme: light dark; }
body { width: 35em; margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif; }
</style>
</head>
<body>
<h1>Welcome to nginx(ssl)!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>

<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>

<p><em>Thank you for using nginx.</em></p>
</body>
</html>

or setup a TLS enabled minio server

wget https://github.com/minio/certgen/releases/latest/download/certgen-linux-amd64
chmod +x certgen-linux-amd64 
./certgen-linux-arm64 -host "localhost,127.0.0.1"

Run a minio server WITH certs.

wget https://dl.min.io/server/minio/release/linux-amd64/minio
chmod +x minio
mkdir data
./minio server data --address :9000 --console-address :9090 --certs-dir .

Validate minio is accessible as PASSTHRU

curl https://cert-test.lab.min.dev:9090

Output:

<!doctype html><html lang="en"><head><meta charset="utf-8"/><base href="/"/><meta content="width=device-width,initial-scale=1" name="viewport"/><meta content="#081C42" media="(prefers-color-scheme: light)" name="theme-color"/><meta content="#081C42" media="(prefers-color-scheme: dark)" name="theme-color"/><meta content="MinIO Console" name="description"/><meta name="minio-license" content="agpl" /><link href="./styles/root-styles.css" rel="stylesheet"/><link href="./apple-icon-180x180.png" rel="apple-touch-icon" sizes="180x180"/><link href="./favicon-32x32.png" rel="icon" sizes="32x32" type="image/png"/><link href="./favicon-96x96.png" rel="icon" sizes="96x96" type="image/png"/><link href="./favicon-16x16.png" rel="icon" sizes="16x16" type="image/png"/><link href="./manifest.json" rel="manifest"/><link color="#3a4e54" href="./safari-pinned-tab.svg" rel="mask-icon"/><title>MinIO Console</title><script defer="defer" src="./static/js/main.ca749b3b.js"></script><link href="./static/css/main.e60e4760.css" rel="stylesheet"></head><body><noscript>You need to enable JavaScript to run this app.</noscript><div id="root"><div id="preload"><img src="./images/background.svg"/> <img src="./images/background-wave-orig2.svg"/></div><div id="loader-block"><img src="./Loader.svg"/></div></div></body></html>%

Validate nginx is accessible as PASSTHRU

curl https://cert-test-minio-training.minio.training:443 -k

Output:

<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx(ssl)!</title>
<style>
html { color-scheme: light dark; }
body { width: 35em; margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif; }
</style>
</head>
<body>
<h1>Welcome to nginx(ssl)!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>

<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>

<p><em>Thank you for using nginx.</em></p>
</body>
</html>

or setup a TLS enabled minio server

wget https://github.com/minio/certgen/releases/latest/download/certgen-linux-amd64
chmod +x certgen-linux-amd64 
./certgen-linux-arm64 -host "localhost,127.0.0.1"

Run a minio server WITH certs.

wget https://dl.min.io/server/minio/release/linux-amd64/minio
chmod +x minio
mkdir data
./minio server data --address :9000 --console-address :9090 --certs-dir .

Validate minio is accessible as PASSTHRU

curl https://cert-test-minio-training.minio.training:9090 -k

Output:

<!doctype html><html lang="en"><head><meta charset="utf-8"/><base href="/"/><meta content="width=device-width,initial-scale=1" name="viewport"/><meta content="#081C42" media="(prefers-color-scheme: light)" name="theme-color"/><meta content="#081C42" media="(prefers-color-scheme: dark)" name="theme-color"/><meta content="MinIO Console" name="description"/><meta name="minio-license" content="agpl" /><link href="./styles/root-styles.css" rel="stylesheet"/><link href="./apple-icon-180x180.png" rel="apple-touch-icon" sizes="180x180"/><link href="./favicon-32x32.png" rel="icon" sizes="32x32" type="image/png"/><link href="./favicon-96x96.png" rel="icon" sizes="96x96" type="image/png"/><link href="./favicon-16x16.png" rel="icon" sizes="16x16" type="image/png"/><link href="./manifest.json" rel="manifest"/><link color="#3a4e54" href="./safari-pinned-tab.svg" rel="mask-icon"/><title>MinIO Console</title><script defer="defer" src="./static/js/main.ca749b3b.js"></script><link href="./static/css/main.e60e4760.css" rel="stylesheet"></head><body><noscript>You need to enable JavaScript to run this app.</noscript><div id="root"><div id="preload"><img src="./images/background.svg"/> <img src="./images/background-wave-orig2.svg"/></div><div id="loader-block"><img src="./Loader.svg"/></div></div></body></html>%

*.lab.min.dev/SSL/secure

For *.lab.min.dev: In UI set `SSL Required` only

Validate nginx is accessible SECURELY

curl https://cert-test.lab.min.dev:443

Output:

<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
html { color-scheme: light dark; }
body { width: 35em; margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif; }
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>

<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>

<p><em>Thank you for using nginx.</em></p>
</body>
</html>

*.minio.training/insecure

For *.minio.training: In UI unset all options

Validate nginx is accessible INSECURELY

curl http://cert-test-minio-training.minio.training:80

./*/bringYourOwnCertificates

For *.minio.training: In UI, create instance `training` under the `minio.training` domain.

Add certificates, under Instances > Accesses:

Create certificates for your instance e.g. for instance training3.minio.training Check

cat training3.crt| openssl x509 -text -noout

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            04:14:17:cb:fe:9c:e2:f0:3f:da:6f:f3:1d:81:a9:94:5e:d4
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: C = US, O = Let's Encrypt, CN = R3
        Validity
            Not Before: Oct  5 19:03:38 2023 GMT
            Not After : Jan  3 19:03:37 2024 GMT
        Subject: CN = training3.minio.training
        Subject Public Key Info:
            Public Key Algorithm: id-ecPublicKey
                Public-Key: (256 bit)
                pub:
                    04:26:eb:b0:6a:bf:bc:6b:af:d1:61:ab:c3:9f:63:
                    85:a9:c6:6e:b4:b9:80:82:a2:8f:54:4e:ca:41:46:
                    a6:91:26:3f:58:98:57:ea:10:80:95:a9:16:24:08:
                    c1:ff:18:8d:e2:3d:26:e8:d8:a8:54:76:75:ea:ed:
                    da:d2:c5:c8:3f
                ASN1 OID: prime256v1
                NIST CURVE: P-256
        X509v3 extensions:
            X509v3 Key Usage: critical
                Digital Signature
            X509v3 Extended Key Usage: 
                TLS Web Server Authentication, TLS Web Client Authentication
            X509v3 Basic Constraints: critical
                CA:FALSE
            X509v3 Subject Key Identifier: 
                41:E6:F9:0A:3C:15:29:3F:25:6D:46:6C:4F:CD:EA:1C:3D:B0:14:CF
            X509v3 Authority Key Identifier: 
                14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
            Authority Information Access: 
                OCSP - URI:http://r3.o.lencr.org
                CA Issuers - URI:http://r3.i.lencr.org/
            X509v3 Subject Alternative Name: 
                DNS:*.training3.minio.training, DNS:training3.minio.training
            X509v3 Certificate Policies: 
                Policy: 2.23.140.1.2.1
            CT Precertificate SCTs: 
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : 3B:53:77:75:3E:2D:B9:80:4E:8B:30:5B:06:FE:40:3B:
                                67:D8:4F:C3:F4:C7:BD:00:0D:2D:72:6F:E1:FA:D4:17
                    Timestamp : Oct  5 20:03:38.628 2023 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:44:02:20:51:5D:70:6B:3C:67:C1:38:F3:62:91:01:
                                9F:C8:8B:07:CE:41:B6:F7:88:5B:75:B2:0F:4E:07:FC:
                                E0:D2:CF:8F:02:20:49:C3:F1:61:74:A7:57:69:9B:F0:
                                CE:F1:FF:81:8B:81:6A:23:9C:FD:6D:2E:9E:15:98:8F:
                                5C:BC:A9:57:71:1F
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : DA:B6:BF:6B:3F:B5:B6:22:9F:9B:C2:BB:5C:6B:E8:70:
                                91:71:6C:BB:51:84:85:34:BD:A4:3D:30:48:D7:FB:AB
                    Timestamp : Oct  5 20:03:38.654 2023 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:45:02:21:00:D7:1F:B5:32:4F:D9:68:09:8F:EC:0F:
                                6B:A4:27:18:4B:9E:52:BE:A6:24:94:87:D0:40:21:E1:
                                43:FE:55:10:A8:02:20:4F:1B:BC:0C:14:D9:CB:CD:3E:
                                EF:77:21:5E:75:28:42:F7:5B:B0:67:38:1B:AB:AE:5B:
                                C3:24:01:9D:40:6C:7F
    Signature Algorithm: sha256WithRSAEncryption
    Signature Value:
        9c:1e:52:47:e9:37:2e:c3:e7:c3:26:25:ae:17:5f:b4:95:b1:
        31:5f:a5:0f:63:90:74:eb:44:61:74:0f:dd:b6:97:cf:f1:d6:
        f1:7f:05:e7:02:72:0d:aa:5d:8f:68:22:4e:5f:8a:2e:92:ff:
        4d:f5:33:72:d4:65:5b:6a:e8:e0:ce:6d:20:e6:29:29:0c:0b:
        92:42:8c:db:a0:65:c1:0e:e3:e5:c9:5b:83:33:b8:04:06:da:
        b6:66:bb:f8:59:cc:31:b9:d8:84:cb:96:e9:ca:f5:b5:76:a9:
        40:f2:95:a1:46:2f:88:be:ea:50:8f:cf:ef:f3:33:67:22:b6:
        7f:5b:ff:b4:ae:f7:20:fa:44:40:c6:e3:c9:32:a4:3f:3b:7d:
        be:0b:5a:44:76:00:b9:75:61:1d:2e:fa:f9:32:54:f8:1a:f4:
        0d:13:f3:a1:be:26:68:28:2f:3f:41:69:d5:85:e5:5a:33:d9:
        e6:f5:21:73:29:fd:3d:3f:3c:45:be:33:63:4e:c7:0e:c8:4a:
        97:72:ca:4a:37:13:ed:4a:df:3e:01:43:f2:1f:e3:4b:c3:4e:
        5f:28:dc:ad:f7:68:5b:1d:74:a2:bb:b7:bd:64:82:cf:09:71:
        55:b7:65:c8:e1:7d:b0:58:3d:2b:62:27:6d:bf:91:68:e2:19:
        3a:9c:f3:e5

1. HTTP server on instance

Set Use Specific TLS certificates under Instances > Edit:

Regenerate Proxy under Instances > Edit:

SSH into instance and run a minio server without certs:

wget https://dl.min.io/server/minio/release/linux-amd64/minio
chmod +x minio
mkdir data
./minio server data --address :9000 --console-address :9090 &

Validate minio is accessible WITH OWN CERTIFICATES

curl https://training3.minio.training:9090

Output:

<!doctype html><html lang="en"><head><meta charset="utf-8"/><base href="/"/><meta content="width=device-width,initial-scale=1" name="viewport"/><meta content="#081C42" media="(prefers-color-scheme: light)" name="theme-color"/><meta content="#081C42" media="(prefers-color-scheme: dark)" name="theme-color"/><meta content="MinIO Console" name="description"/><meta name="minio-license" content="agpl" /><link href="./styles/root-styles.css" rel="stylesheet"/><link href="./apple-icon-180x180.png" rel="apple-touch-icon" sizes="180x180"/><link href="./favicon-32x32.png" rel="icon" sizes="32x32" type="image/png"/><link href="./favicon-96x96.png" rel="icon" sizes="96x96" type="image/png"/><link href="./favicon-16x16.png" rel="icon" sizes="16x16" type="image/png"/><link href="./manifest.json" rel="manifest"/><link color="#3a4e54" href="./safari-pinned-tab.svg" rel="mask-icon"/><title>MinIO Console</title><script defer="defer" src="./static/js/main.ca749b3b.js"></script><link href="./static/css/main.e60e4760.css" rel="stylesheet"></head><body><noscript>You need to enable JavaScript to run this app.</noscript><div id="root"><div id="preload"><img src="./images/background.svg"/> <img src="./images/background-wave-orig2.svg"/></div><div id="loader-block"><img src="./Loader.svg"/></div></div></body></html>%

2. HTTPS server on instance

Set Use Specific TLS certificates AND Enable TLS under Instances > Edit:

Regenerate Proxy under Instances > Edit:

SSH into instance. Use same certificates from above or create new ones with the following optional command:

wget https://github.com/minio/certgen/releases/latest/download/certgen-linux-amd64
chmod +x certgen-linux-amd64 
./certgen-linux-arm64 -host "localhost,127.0.0.1"

Run a minio server WITH certs.

wget https://dl.min.io/server/minio/release/linux-amd64/minio
chmod +x minio
mkdir data
./minio server data --address :9000 --console-address :9090 --certs-dir .

Validate minio is accessible WITH OWN CERTIFICATES

curl https://training3.minio.training:9090

Output:

<!doctype html><html lang="en"><head><meta charset="utf-8"/><base href="/"/><meta content="width=device-width,initial-scale=1" name="viewport"/><meta content="#081C42" media="(prefers-color-scheme: light)" name="theme-color"/><meta content="#081C42" media="(prefers-color-scheme: dark)" name="theme-color"/><meta content="MinIO Console" name="description"/><meta name="minio-license" content="agpl" /><link href="./styles/root-styles.css" rel="stylesheet"/><link href="./apple-icon-180x180.png" rel="apple-touch-icon" sizes="180x180"/><link href="./favicon-32x32.png" rel="icon" sizes="32x32" type="image/png"/><link href="./favicon-96x96.png" rel="icon" sizes="96x96" type="image/png"/><link href="./favicon-16x16.png" rel="icon" sizes="16x16" type="image/png"/><link href="./manifest.json" rel="manifest"/><link color="#3a4e54" href="./safari-pinned-tab.svg" rel="mask-icon"/><title>MinIO Console</title><script defer="defer" src="./static/js/main.ca749b3b.js"></script><link href="./static/css/main.e60e4760.css" rel="stylesheet"></head><body><noscript>You need to enable JavaScript to run this app.</noscript><div id="root"><div id="preload"><img src="./images/background.svg"/> <img src="./images/background-wave-orig2.svg"/></div><div id="loader-block"><img src="./Loader.svg"/></div></div></body></html>%

For *.lab.min.dev: In UI, create instance `cert-test` under the `lab.min.dev` domain.

Create certificates for your instance e.g. for instance cert-test.lab.min.dev Check

cat $HOME/certbot/archive/cert-test.lab.min.dev/fullchain2.pem | openssl x509 -text -noout

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            03:e2:ee:3e:b7:5b:22:2f:01:20:f6:0f:d1:fd:df:dd:cd:4e
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: C = US, O = Let's Encrypt, CN = R3
        Validity
            Not Before: Oct 18 19:36:21 2023 GMT
            Not After : Jan 16 19:36:20 2024 GMT
        Subject: CN = cert-test.lab.min.dev
        Subject Public Key Info:
            Public Key Algorithm: id-ecPublicKey
                Public-Key: (256 bit)
                pub:
                    04:18:40:41:62:81:39:ba:41:f3:75:68:f2:d1:cd:
                    63:12:54:af:4f:1b:f9:75:1f:0f:4c:dc:b0:f0:4f:
                    54:d5:d2:67:39:45:96:ba:ef:ec:ca:21:1d:71:54:
                    49:04:8f:34:26:86:7c:be:a4:bb:26:7a:02:94:12:
                    33:ec:ad:86:d5
                ASN1 OID: prime256v1
                NIST CURVE: P-256
        X509v3 extensions:
            X509v3 Key Usage: critical
                Digital Signature
            X509v3 Extended Key Usage: 
                TLS Web Server Authentication, TLS Web Client Authentication
            X509v3 Basic Constraints: critical
                CA:FALSE
            X509v3 Subject Key Identifier: 
                3B:AB:6D:FD:3F:E0:09:4A:1E:EF:9E:C4:9E:49:74:90:73:D4:66:FB
            X509v3 Authority Key Identifier: 
                14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
            Authority Information Access: 
                OCSP - URI:http://r3.o.lencr.org
                CA Issuers - URI:http://r3.i.lencr.org/
            X509v3 Subject Alternative Name: 
                DNS:*.cert-test.lab.min.dev, DNS:cert-test.lab.min.dev
            X509v3 Certificate Policies: 
                Policy: 2.23.140.1.2.1
            CT Precertificate SCTs: 
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : DA:B6:BF:6B:3F:B5:B6:22:9F:9B:C2:BB:5C:6B:E8:70:
                                91:71:6C:BB:51:84:85:34:BD:A4:3D:30:48:D7:FB:AB
                    Timestamp : Oct 18 20:36:21.303 2023 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:45:02:21:00:95:73:8F:07:1E:CB:86:C2:66:B8:99:
                                DC:BE:81:C9:EA:15:21:84:4B:A9:94:F8:AB:A9:D7:5D:
                                7C:4D:67:E2:E8:02:20:08:53:D1:CD:BD:D8:F2:69:F7:
                                97:61:7D:3B:22:99:FA:31:4B:5D:98:B2:10:1C:C7:3D:
                                29:43:E2:AC:F1:27:45
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : EE:CD:D0:64:D5:DB:1A:CE:C5:5C:B7:9D:B4:CD:13:A2:
                                32:87:46:7C:BC:EC:DE:C3:51:48:59:46:71:1F:B5:9B
                    Timestamp : Oct 18 20:36:21.279 2023 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:46:02:21:00:C6:44:CA:88:34:1B:6A:9A:67:96:23:
                                42:3F:CC:63:32:81:CA:D9:CA:2B:B5:2F:26:0E:A0:BF:
                                04:92:C5:C2:A4:02:21:00:8D:58:42:C2:54:D8:FA:12:
                                01:E1:A7:C0:C9:94:38:93:A2:77:2A:42:94:97:DB:62:
                                E2:87:7F:57:B9:81:BE:BF
    Signature Algorithm: sha256WithRSAEncryption
    Signature Value:
        8e:e0:9a:c8:b9:5e:d8:61:d9:ad:c8:24:ad:b3:12:b5:9f:60:
        fb:97:98:9c:f6:7f:15:8a:88:bc:90:11:cc:ee:0e:34:d8:e9:
        f1:fd:e7:11:6c:22:8a:dc:03:cf:9d:51:0d:57:5d:f7:6e:55:
        ea:ab:ec:da:30:29:bb:8e:b1:9e:e4:6f:fb:d0:a9:db:b3:23:
        83:04:5a:7a:84:8f:cf:42:63:29:7b:02:68:f2:fb:93:1e:6b:
        f8:48:3a:6c:b0:bd:d4:6c:c0:f3:6b:c7:3c:59:a3:42:5d:3f:
        89:fb:2a:12:ff:d8:33:7a:c6:d9:a3:b1:11:89:2e:6c:a7:7f:
        b5:fe:07:fd:54:b5:c5:ee:4c:4b:37:9b:4d:c4:f8:25:8f:8d:
        07:5a:e9:e4:4e:45:08:22:e8:3e:30:fb:ff:75:ec:d0:9b:85:
        67:0c:b8:5a:ad:aa:bd:e0:86:12:ce:7b:d3:48:e8:da:9b:a4:
        86:a3:8b:59:67:47:dc:f7:22:3d:85:99:fc:63:5c:9e:85:36:
        c9:9a:40:fd:0b:41:a6:0a:06:da:f8:b9:6f:a3:89:bc:a0:1d:
        93:72:3d:77:97:56:0b:e7:fc:87:2e:90:09:9c:ba:86:9e:cb:
        de:f5:4a:13:33:97:c0:65:bc:a8:b4:23:5a:8f:2c:aa:ba:e8:
        dc:7c:cb:04

Add certificates, under Instances > Accesses:

1. HTTP server on instance

Set Use Specific TLS certificates AND SSL Required under Instances > Edit:

Regenerate Proxy under Instances > Edit:

SSH into instance and run a minio server without certs:

wget https://dl.min.io/server/minio/release/linux-amd64/minio
chmod +x minio
mkdir data
./minio server data --address :9000 --console-address :9090

Validate minio is accessible WITH OWN CERTIFICATES

curl https://cert-test.lab.min.dev:9090

Output:

<!doctype html><html lang="en"><head><meta charset="utf-8"/><base href="/"/><meta content="width=device-width,initial-scale=1" name="viewport"/><meta content="#081C42" media="(prefers-color-scheme: light)" name="theme-color"/><meta content="#081C42" media="(prefers-color-scheme: dark)" name="theme-color"/><meta content="MinIO Console" name="description"/><meta name="minio-license" content="agpl" /><link href="./styles/root-styles.css" rel="stylesheet"/><link href="./apple-icon-180x180.png" rel="apple-touch-icon" sizes="180x180"/><link href="./favicon-32x32.png" rel="icon" sizes="32x32" type="image/png"/><link href="./favicon-96x96.png" rel="icon" sizes="96x96" type="image/png"/><link href="./favicon-16x16.png" rel="icon" sizes="16x16" type="image/png"/><link href="./manifest.json" rel="manifest"/><link color="#3a4e54" href="./safari-pinned-tab.svg" rel="mask-icon"/><title>MinIO Console</title><script defer="defer" src="./static/js/main.ca749b3b.js"></script><link href="./static/css/main.e60e4760.css" rel="stylesheet"></head><body><noscript>You need to enable JavaScript to run this app.</noscript><div id="root"><div id="preload"><img src="./images/background.svg"/> <img src="./images/background-wave-orig2.svg"/></div><div id="loader-block"><img src="./Loader.svg"/></div></div></body></html>%

2. HTTPS server on instance

Set Use Specific TLS certificates AND Enable TLS AND SSL Required under Instances > Edit:

Regenerate Proxy under Instances > Edit:

SSH into instance. Use same certificates from above or create new ones with the following optional command:

wget https://github.com/minio/certgen/releases/latest/download/certgen-linux-amd64
chmod +x certgen-linux-amd64 
./certgen-linux-arm64 -host "localhost,127.0.0.1"

Run a minio server WITH certs.

wget https://dl.min.io/server/minio/release/linux-amd64/minio
chmod +x minio
mkdir data
./minio server data --address :9000 --console-address :9090 --certs-dir .

Validate minio is accessible WITH OWN CERTIFICATES

curl https://cert-test.lab.min.dev:9090

Output:

<!doctype html><html lang="en"><head><meta charset="utf-8"/><base href="/"/><meta content="width=device-width,initial-scale=1" name="viewport"/><meta content="#081C42" media="(prefers-color-scheme: light)" name="theme-color"/><meta content="#081C42" media="(prefers-color-scheme: dark)" name="theme-color"/><meta content="MinIO Console" name="description"/><meta name="minio-license" content="agpl" /><link href="./styles/root-styles.css" rel="stylesheet"/><link href="./apple-icon-180x180.png" rel="apple-touch-icon" sizes="180x180"/><link href="./favicon-32x32.png" rel="icon" sizes="32x32" type="image/png"/><link href="./favicon-96x96.png" rel="icon" sizes="96x96" type="image/png"/><link href="./favicon-16x16.png" rel="icon" sizes="16x16" type="image/png"/><link href="./manifest.json" rel="manifest"/><link color="#3a4e54" href="./safari-pinned-tab.svg" rel="mask-icon"/><title>MinIO Console</title><script defer="defer" src="./static/js/main.ca749b3b.js"></script><link href="./static/css/main.e60e4760.css" rel="stylesheet"></head><body><noscript>You need to enable JavaScript to run this app.</noscript><div id="root"><div id="preload"><img src="./images/background.svg"/> <img src="./images/background-wave-orig2.svg"/></div><div id="loader-block"><img src="./Loader.svg"/></div></div></body></html>%

Sample Expected Output

<!doctype html><html lang="en"><head><meta charset="utf-8"/><base href="/"/><meta content="width=device-width,initial-scale=1" name="viewport"/><meta content="#081C42" media="(prefers-color-scheme: light)" name="theme-color"/><meta content="#081C42" media="(prefers-color-scheme: dark)" name="theme-color"/><meta content="MinIO Console" name="description"/><meta name="minio-license" content="agpl" /><link href="./styles/root-styles.css" rel="stylesheet"/><link href="./apple-icon-180x180.png" rel="apple-touch-icon" sizes="180x180"/><link href="./favicon-32x32.png" rel="icon" sizes="32x32" type="image/png"/><link href="./favicon-96x96.png" rel="icon" sizes="96x96" type="image/png"/><link href="./favicon-16x16.png" rel="icon" sizes="16x16" type="image/png"/><link href="./manifest.json" rel="manifest"/><link color="#3a4e54" href="./safari-pinned-tab.svg" rel="mask-icon"/><title>MinIO Console</title><script defer="defer" src="./static/js/main.ca749b3b.js"></script><link href="./static/css/main.e60e4760.css" rel="stylesheet"></head><body><noscript>You need to enable JavaScript to run this app.</noscript><div id="root"><div id="preload"><img src="./images/background.svg"/> <img src="./images/background-wave-orig2.svg"/></div><div id="loader-block"><img src="./Loader.svg"/></div></div></body></html>%

minio vm‐broker test SSL TLS configurations - allanrogerr/public GitHub Wiki

This walkthru shows how to configure SSL/TLS for vm-broker instances, with examples.

./SSL/passThru

For *.lab.min.dev: In UI set `SSL Required` and `Enable TLS` only

For *.minio.training: In UI set `Enable TLS` only

*.lab.min.dev/SSL/secure

For *.lab.min.dev: In UI set `SSL Required` only

*.minio.training/insecure

For *.minio.training: In UI unset all options

./*/bringYourOwnCertificates

For *.minio.training: In UI, create instance `training` under the `minio.training` domain.

1. HTTP server on instance

2. HTTPS server on instance

For *.lab.min.dev: In UI, create instance `cert-test` under the `lab.min.dev` domain.

1. HTTP server on instance

2. HTTPS server on instance

Sample Expected Output

⚠️ GitHub.com Fallback ⚠️

minio vm‐broker test SSL TLS configurations - allanrogerr/public GitHub Wiki

This walkthru shows how to configure SSL/TLS for vm-broker instances, with examples.

./SSL/passThru

For *.lab.min.dev: In UI set SSL Required and Enable TLS only

For *.minio.training: In UI set Enable TLS only

*.lab.min.dev/SSL/secure

For *.lab.min.dev: In UI set SSL Required only

*.minio.training/insecure

For *.minio.training: In UI unset all options

./*/bringYourOwnCertificates

For *.minio.training: In UI, create instance training under the minio.training domain.

1. HTTP server on instance

2. HTTPS server on instance

For *.lab.min.dev: In UI, create instance cert-test under the lab.min.dev domain.

1. HTTP server on instance

2. HTTPS server on instance

Sample Expected Output

⚠️ **GitHub.com Fallback** ⚠️

For *.lab.min.dev: In UI set `SSL Required` and `Enable TLS` only

For *.minio.training: In UI set `Enable TLS` only

For *.lab.min.dev: In UI set `SSL Required` only

For *.minio.training: In UI, create instance `training` under the `minio.training` domain.

For *.lab.min.dev: In UI, create instance `cert-test` under the `lab.min.dev` domain.

⚠️ GitHub.com Fallback ⚠️