github.com/minio/console@v1.4.1/README.md (about) 1 # MinIO Console 2 3   4 5 A graphical user interface for [MinIO](https://github.com/minio/minio) 6 7 | Object Browser | Dashboard | Creating a bucket | 8 |------------------------------------|-------------------------------|-------------------------------| 9 |  |  |  | 10 11 <!-- markdown-toc start - Don't edit this section. Run M-x markdown-toc-refresh-toc --> 12 **Table of Contents** 13 14 - [MinIO Console](#minio-console) 15 - [Install](#install) 16 - [Build from source](#build-from-source) 17 - [Setup](#setup) 18 - [1. Create a user `console` using `mc`](#1-create-a-user-console-using-mc) 19 - [2. Create a policy for `console` with admin access to all resources (for testing)](#2-create-a-policy-for-console-with-admin-access-to-all-resources-for-testing) 20 - [3. Set the policy for the new `console` user](#3-set-the-policy-for-the-new-console-user) 21 - [Start Console service:](#start-console-service) 22 - [Start Console service with TLS:](#start-console-service-with-tls) 23 - [Connect Console to a Minio using TLS and a self-signed certificate](#connect-console-to-a-minio-using-tls-and-a-self-signed-certificate) 24 - [Contribute to console Project](#contribute-to-console-project) 25 26 <!-- markdown-toc end --> 27 28 ## Install 29 30 MinIO Console is a library that provides a management and browser UI overlay for the MinIO Server. 31 The standalone binary installation path has been removed. 32 33 In case a Console standalone binary is needed, it can be generated by building this package from source as follows: 34 35 ### Build from source 36 37 > You will need a working Go environment. Therefore, please follow [How to install Go](https://golang.org/doc/install). 38 > Minimum version required is go1.21 39 40 ``` 41 go install github.com/minio/console/cmd/console@latest 42 ``` 43 44 ## Setup 45 46 All `console` needs is a MinIO user with admin privileges and URL pointing to your MinIO deployment. 47 48 > Note: We don't recommend using MinIO's Operator Credentials 49 50 ### 1. Create a user `console` using `mc` 51 52 ```bash 53 mc admin user add myminio/ 54 Enter Access Key: console 55 Enter Secret Key: xxxxxxxx 56 ``` 57 58 ### 2. Create a policy for `console` with admin access to all resources (for testing) 59 60 ```sh 61 cat > admin.json << EOF 62 { 63 "Version": "2012-10-17", 64 "Statement": [{ 65 "Action": [ 66 "admin:*" 67 ], 68 "Effect": "Allow", 69 "Sid": "" 70 }, 71 { 72 "Action": [ 73 "s3:*" 74 ], 75 "Effect": "Allow", 76 "Resource": [ 77 "arn:aws:s3:::*" 78 ], 79 "Sid": "" 80 } 81 ] 82 } 83 EOF 84 ``` 85 86 ```sh 87 mc admin policy create myminio/ consoleAdmin admin.json 88 ``` 89 90 ### 3. Set the policy for the new `console` user 91 92 ```sh 93 mc admin policy attach myminio consoleAdmin --user=console 94 ``` 95 96 > NOTE: Additionally, you can create policies to limit the privileges for other `console` users, for example, if you 97 > want the user to only have access to dashboard, buckets, notifications and watch page, the policy should look like 98 > this: 99 100 ```json 101 { 102 "Version": "2012-10-17", 103 "Statement": [ 104 { 105 "Action": [ 106 "admin:ServerInfo" 107 ], 108 "Effect": "Allow", 109 "Sid": "" 110 }, 111 { 112 "Action": [ 113 "s3:ListenBucketNotification", 114 "s3:PutBucketNotification", 115 "s3:GetBucketNotification", 116 "s3:ListMultipartUploadParts", 117 "s3:ListBucketMultipartUploads", 118 "s3:ListBucket", 119 "s3:HeadBucket", 120 "s3:GetObject", 121 "s3:GetBucketLocation", 122 "s3:AbortMultipartUpload", 123 "s3:CreateBucket", 124 "s3:PutObject", 125 "s3:DeleteObject", 126 "s3:DeleteBucket", 127 "s3:PutBucketPolicy", 128 "s3:DeleteBucketPolicy", 129 "s3:GetBucketPolicy" 130 ], 131 "Effect": "Allow", 132 "Resource": [ 133 "arn:aws:s3:::*" 134 ], 135 "Sid": "" 136 } 137 ] 138 } 139 ``` 140 141 ## Start Console service: 142 143 Before running console service, following environment settings must be supplied 144 145 ```sh 146 # Salt to encrypt JWT payload 147 export CONSOLE_PBKDF_PASSPHRASE=SECRET 148 149 # Required to encrypt JWT payload 150 export CONSOLE_PBKDF_SALT=SECRET 151 152 # MinIO Endpoint 153 export CONSOLE_MINIO_SERVER=http://localhost:9000 154 ``` 155 156 Now start the console service. 157 158 ``` 159 ./console server 160 2021-01-19 02:36:08.893735 I | 2021/01/19 02:36:08 server.go:129: Serving console at http://localhost:9090 161 ``` 162 163 By default `console` runs on port `9090` this can be changed with `--port` of your choice. 164 165 ## Start Console service with TLS: 166 167 Copy your `public.crt` and `private.key` to `~/.console/certs`, then: 168 169 ```sh 170 ./console server 171 2021-01-19 02:36:08.893735 I | 2021/01/19 02:36:08 server.go:129: Serving console at http://[::]:9090 172 2021-01-19 02:36:08.893735 I | 2021/01/19 02:36:08 server.go:129: Serving console at https://[::]:9443 173 ``` 174 175 For advanced users, `console` has support for multiple certificates to service clients through multiple domains. 176 177 Following tree structure is expected for supporting multiple domains: 178 179 ```sh 180 certs/ 181 │ 182 ├─ public.crt 183 ├─ private.key 184 │ 185 ├─ example.com/ 186 │ │ 187 │ ├─ public.crt 188 │ └─ private.key 189 └─ foobar.org/ 190 │ 191 ├─ public.crt 192 └─ private.key 193 ... 194 195 ``` 196 197 ## Connect Console to a Minio using TLS and a self-signed certificate 198 199 Copy the MinIO `ca.crt` under `~/.console/certs/CAs`, then: 200 201 ```sh 202 export CONSOLE_MINIO_SERVER=https://localhost:9000 203 ./console server 204 ``` 205 206 You can verify that the apis work by doing the request on `localhost:9090/api/v1/...` 207 208 # Contribute to console Project 209 210 Please follow console [Contributor's Guide](https://github.com/minio/console/blob/master/CONTRIBUTING.md)