base on Simple UI for MinIO Object Storage :abacus: # MinIO Console   A graphical user interface for [MinIO](https://github.com/minio/minio) | Object Browser | Creating a bucket | Object Details | |--------------------------------------|-------------------------------|---------------------------------| |  |  |  | |  |  |  | <!-- markdown-toc start - Don't edit this section. Run M-x markdown-toc-refresh-toc --> **Table of Contents** - [MinIO Console](#minio-console) - [Install](#install) - [Build from source](#build-from-source) - [Setup](#setup) - [1. Create a user `console` using `mc`](#1-create-a-user-console-using-mc) - [2. Create a policy for `console` with admin access to all resources (for testing)](#2-create-a-policy-for-console-with-admin-access-to-all-resources-for-testing) - [3. Set the policy for the new `console` user](#3-set-the-policy-for-the-new-console-user) - [Start Console service:](#start-console-service) - [Start Console service with TLS:](#start-console-service-with-tls) - [Connect Console to a Minio using TLS and a self-signed certificate](#connect-console-to-a-minio-using-tls-and-a-self-signed-certificate) - [Contribute to console Project](#contribute-to-console-project) <!-- markdown-toc end --> MinIO Console is a library that provides a management and browser UI overlay for the MinIO Server. ## Setup All `console` needs is a MinIO user with admin privileges and URL pointing to your MinIO deployment. > [!NOTE] > We don't recommend using MinIO's Operator Credentials ### 1. Create a user `console` using `mc` ```bash mc admin user add myminio/ Enter Access Key: console Enter Secret Key: xxxxxxxx ``` ### 2. Create a policy for `console` with admin access to all resources (for testing) ```sh cat > admin.json << EOF { "Version": "2012-10-17", "Statement": [{ "Action": [ "admin:*" ], "Effect": "Allow", "Sid": "" }, { "Action": [ "s3:*" ], "Effect": "Allow", "Resource": [ "arn:aws:s3:::*" ], "Sid": "" } ] } EOF ``` ```sh mc admin policy create myminio/ consoleAdmin admin.json ``` ### 3. Set the policy for the new `console` user ```sh mc admin policy attach myminio consoleAdmin --user=console ``` > [!NOTE] > Additionally, you can create policies to limit the privileges for other `console` users, for example, if you > want the user to only have access to dashboard, buckets, notifications and watch page, the policy should look like > this: > ```json > { > "Version": "2012-10-17", > "Statement": [ > { > "Action": [ > "admin:ServerInfo" > ], > "Effect": "Allow", > "Sid": "" > }, > { > "Action": [ > "s3:ListenBucketNotification", > "s3:PutBucketNotification", > "s3:GetBucketNotification", > "s3:ListMultipartUploadParts", > "s3:ListBucketMultipartUploads", > "s3:ListBucket", > "s3:HeadBucket", > "s3:GetObject", > "s3:GetBucketLocation", > "s3:AbortMultipartUpload", > "s3:CreateBucket", > "s3:PutObject", > "s3:DeleteObject", > "s3:DeleteBucket", > "s3:PutBucketPolicy", > "s3:DeleteBucketPolicy", > "s3:GetBucketPolicy" > ], > "Effect": "Allow", > "Resource": [ > "arn:aws:s3:::*" > ], > "Sid": "" > } > ] > } > ``` ## Start Console service: Before running console service, following environment settings must be supplied ```sh # Salt to encrypt JWT payload export CONSOLE_PBKDF_PASSPHRASE=SECRET # Required to encrypt JWT payload export CONSOLE_PBKDF_SALT=SECRET # MinIO Endpoint export CONSOLE_MINIO_SERVER=http://localhost:9000 ``` Now start the console service. ``` ./console server 2021-01-19 02:36:08.893735 I | 2021/01/19 02:36:08 server.go:129: Serving console at http://localhost:9090 ``` By default `console` runs on port `9090` this can be changed with `--port` of your choice. ## Start Console service with TLS: Copy your `public.crt` and `private.key` to `~/.console/certs`, then: ```sh ./console server 2021-01-19 02:36:08.893735 I | 2021/01/19 02:36:08 server.go:129: Serving console at http://[::]:9090 2021-01-19 02:36:08.893735 I | 2021/01/19 02:36:08 server.go:129: Serving console at https://[::]:9443 ``` For advanced users, `console` has support for multiple certificates to service clients through multiple domains. Following tree structure is expected for supporting multiple domains: ```sh certs/ │ ├─ public.crt ├─ private.key │ ├─ example.com/ │ │ │ ├─ public.crt │ └─ private.key └─ foobar.org/ │ ├─ public.crt └─ private.key ... ``` ## Connect Console to a Minio using TLS and a self-signed certificate Copy the MinIO `ca.crt` under `~/.console/certs/CAs`, then: ```sh export CONSOLE_MINIO_SERVER=https://localhost:9000 ./console server ``` You can verify that the apis work by doing the request on `localhost:9090/api/v1/...` ## Debug logging In some cases it may be convenient to log all HTTP requests. This can be enabled by setting the `CONSOLE_DEBUG_LOGLEVEL` environment variable to one of the following values: - `0` (default) uses no logging. - `1` log single line per request for server-side errors (status-code 5xx). - `2` log single line per request for client-side and server-side errors (status-code 4xx/5xx). - `3` log single line per request for all requests (status-code 4xx/5xx). - `4` log details per request for server-side errors (status-code 5xx). - `5` log details per request for client-side and server-side errors (status-code 4xx/5xx). - `6` log details per request for all requests (status-code 4xx/5xx). A single line logging has the following information: - Remote endpoint (IP + port) of the request. Note that reverse proxies may hide the actual remote endpoint of the client's browser. - HTTP method and URL - Status code of the response (websocket connections are hijacked, so no response is shown) - Duration of the request The detailed logging also includes all request and response headers (if any). # Contribute to console Project Please follow console [Contributor's Guide](https://github.com/minio/console/blob/master/CONTRIBUTING.md) ", Assign "at most 3 tags" to the expected json: {"id":"7261","tags":[]} "only from the tags list I provide: [{"id":77,"name":"3d"},{"id":89,"name":"agent"},{"id":17,"name":"ai"},{"id":54,"name":"algorithm"},{"id":24,"name":"api"},{"id":44,"name":"authentication"},{"id":3,"name":"aws"},{"id":27,"name":"backend"},{"id":60,"name":"benchmark"},{"id":72,"name":"best-practices"},{"id":39,"name":"bitcoin"},{"id":37,"name":"blockchain"},{"id":1,"name":"blog"},{"id":45,"name":"bundler"},{"id":58,"name":"cache"},{"id":21,"name":"chat"},{"id":49,"name":"cicd"},{"id":4,"name":"cli"},{"id":64,"name":"cloud-native"},{"id":48,"name":"cms"},{"id":61,"name":"compiler"},{"id":68,"name":"containerization"},{"id":92,"name":"crm"},{"id":34,"name":"data"},{"id":47,"name":"database"},{"id":8,"name":"declarative-gui "},{"id":9,"name":"deploy-tool"},{"id":53,"name":"desktop-app"},{"id":6,"name":"dev-exp-lib"},{"id":59,"name":"dev-tool"},{"id":13,"name":"ecommerce"},{"id":26,"name":"editor"},{"id":66,"name":"emulator"},{"id":62,"name":"filesystem"},{"id":80,"name":"finance"},{"id":15,"name":"firmware"},{"id":73,"name":"for-fun"},{"id":2,"name":"framework"},{"id":11,"name":"frontend"},{"id":22,"name":"game"},{"id":81,"name":"game-engine "},{"id":23,"name":"graphql"},{"id":84,"name":"gui"},{"id":91,"name":"http"},{"id":5,"name":"http-client"},{"id":51,"name":"iac"},{"id":30,"name":"ide"},{"id":78,"name":"iot"},{"id":40,"name":"json"},{"id":83,"name":"julian"},{"id":38,"name":"k8s"},{"id":31,"name":"language"},{"id":10,"name":"learning-resource"},{"id":33,"name":"lib"},{"id":41,"name":"linter"},{"id":28,"name":"lms"},{"id":16,"name":"logging"},{"id":76,"name":"low-code"},{"id":90,"name":"message-queue"},{"id":42,"name":"mobile-app"},{"id":18,"name":"monitoring"},{"id":36,"name":"networking"},{"id":7,"name":"node-version"},{"id":55,"name":"nosql"},{"id":57,"name":"observability"},{"id":46,"name":"orm"},{"id":52,"name":"os"},{"id":14,"name":"parser"},{"id":74,"name":"react"},{"id":82,"name":"real-time"},{"id":56,"name":"robot"},{"id":65,"name":"runtime"},{"id":32,"name":"sdk"},{"id":71,"name":"search"},{"id":63,"name":"secrets"},{"id":25,"name":"security"},{"id":85,"name":"server"},{"id":86,"name":"serverless"},{"id":70,"name":"storage"},{"id":75,"name":"system-design"},{"id":79,"name":"terminal"},{"id":29,"name":"testing"},{"id":12,"name":"ui"},{"id":50,"name":"ux"},{"id":88,"name":"video"},{"id":20,"name":"web-app"},{"id":35,"name":"web-server"},{"id":43,"name":"webassembly"},{"id":69,"name":"workflow"},{"id":87,"name":"yaml"}]" returns me the "expected json"