Cannot enable TLS for minio on local docker

Question

Currently trying to enable TLS on docker image locally. I am using the S3 gateway to enable access S3 via. minio.

Working from windows box. Ran the following commands to create public.crtt under C:\Users\<user>/mnt/config/certs

    openssl genrsa -out root.key 2048
    openssl rsa -in root.key -out private.key
    openssl req -new -x509 -days 3650 -key private.key -out public.crt -subj '//C=Rohan\ST=MiddleEarth\L=Minas Tirith\O=ABC\CN=172.17.0.2'

Following are the contents of C:\Users\<user>\mnt\config\certs

    -rw-r--r-- 1 user 1049089 1675 Jan  9 12:12 root.key
    -rw-r--r-- 1 user 1049089 1675 Jan  9 12:14 private.key
    -rw-r--r-- 1 user 1049089 1289 Jan  9 12:14 public.crt
    drwxr-xr-x 1 user 1049089    0 Jan  9 16:24 CAs/

After this I ran -

    docker run -p 9000:9000 --name minio-s3 -e "MINIO_ACCESS_KEY=<ACCESS_KEY>" -e "MINIO_SECRET_KEY=<SECRET_KEY>" -v C:\Users\<user>\mnt\config:/root/.minio minio/minio gateway s3

Confirmed that docker image has private.key and public.crt localted in ${HOME}/.minio/certs

What I notice is docker image comes up, also the CAs folder is empty.

I cannot access https://172.17.0.2:9000 from browser or from code using minio java sdk.

    $ curl https://172.17.0.2:9000
    % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                             Dload  Upload   Total   Spent    Left  Speed
      0     0    0     0    0     0      0      0 --:--:--  0:00:20 --:--:--     0curl: (7) Failed to connect to 172.17.0.2 port 9000: Timed out

Also I get this error on the console -

    2020/01/09 20:16:33 http: TLS handshake error from 172.17.0.1:44402: remote error: tls: unknown certificate
    2020/01/09 20:16:33 http: TLS handshake error from 172.17.0.1:44404: remote error: tls: unknown certificate
    2020/01/09 20:16:53 http: TLS handshake error from 172.17.0.1:44406: remote error: tls: unknown certificate
    2020/01/09 20:16:53 http: TLS handshake error from 172.17.0.1:44408: remote error: tls: unknown certificate

When i try to access https://127.0.0.0:9000 from the browser it works but its not https its just http.

Calling https://127.0.0.1:9000 from java code returns exception -

    javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

Trying to generate certificate for local image to start with after which I will extend it to company's one once this works.

Any help would be appreciated. Thanks.

I think you should not use port 9000 for https, it is expected to serve content on port 443 — Yevgen Ponomarenko, Jan 06 '21 at 08:09

Cannot enable TLS for minio on local docker

0 Answers0