diff --git a/cmd/common-main.go b/cmd/common-main.go index bffe73c1e..417b88032 100644 --- a/cmd/common-main.go +++ b/cmd/common-main.go @@ -175,7 +175,9 @@ func minioConfigToConsoleFeatures() { if globalMinioEndpoint != "" { os.Setenv("CONSOLE_MINIO_SERVER", globalMinioEndpoint) } else { - os.Setenv("CONSOLE_MINIO_SERVER", getAPIEndpoints()[0]) + // Explicitly set 127.0.0.1 so Console will automatically bypass TLS verification to the local S3 API. + // This will save users from providing a certificate with IP or FQDN SAN that points to the local host. + os.Setenv("CONSOLE_MINIO_SERVER", fmt.Sprintf("%s://127.0.0.1:%s", getURLScheme(globalIsTLS), globalMinioPort)) } if value := env.Get("MINIO_LOG_QUERY_URL", ""); value != "" { os.Setenv("CONSOLE_LOG_QUERY_URL", value) diff --git a/cmd/gateway-main.go b/cmd/gateway-main.go index 70a15430c..01767e1f5 100644 --- a/cmd/gateway-main.go +++ b/cmd/gateway-main.go @@ -249,7 +249,7 @@ func StartGateway(ctx *cli.Context, gw Gateway) { getCert = globalTLSCerts.GetCertificate } - httpServer := xhttp.NewServer([]string{globalMinioAddr}). + httpServer := xhttp.NewServer(getServerListenAddrs()). UseHandler(setCriticalErrorHandler(corsHandler(router))). UseTLSConfig(newTLSConfig(getCert)). UseShutdownTimeout(ctx.Duration("shutdown-timeout")). diff --git a/cmd/net.go b/cmd/net.go index 63bed5074..97d9cf865 100644 --- a/cmd/net.go +++ b/cmd/net.go @@ -44,9 +44,8 @@ func mustSplitHostPort(hostPort string) (host, port string) { return xh.Name, xh.Port.String() } -// mustGetLocalIP4 returns IPv4 addresses of localhost. It panics on error. -func mustGetLocalIP4() (ipList set.StringSet) { - ipList = set.NewStringSet() +// mustGetLocalIPs returns IPs of local interface +func mustGetLocalIPs() (ipList []net.IP) { ifs, err := net.Interfaces() logger.FatalIf(err, "Unable to get IP addresses of this host") @@ -68,36 +67,33 @@ func mustGetLocalIP4() (ipList set.StringSet) { ip = v.IP } - if ip.To4() != nil { - ipList.Add(ip.String()) - } + ipList = append(ipList, ip) } } return ipList } +// mustGetLocalIP4 returns IPv4 addresses of localhost. It panics on error. +func mustGetLocalIP4() (ipList set.StringSet) { + ipList = set.NewStringSet() + for _, ip := range mustGetLocalIPs() { + if ip.To4() != nil { + ipList.Add(ip.String()) + } + } + return +} + // mustGetLocalIP6 returns IPv6 addresses of localhost. It panics on error. func mustGetLocalIP6() (ipList set.StringSet) { ipList = set.NewStringSet() - addrs, err := net.InterfaceAddrs() - logger.FatalIf(err, "Unable to get IP addresses of this host") - - for _, addr := range addrs { - var ip net.IP - switch v := addr.(type) { - case *net.IPNet: - ip = v.IP - case *net.IPAddr: - ip = v.IP - } - + for _, ip := range mustGetLocalIPs() { if ip.To4() == nil { ipList.Add(ip.String()) } } - - return ipList + return } // getHostIP returns IP address of given host. diff --git a/cmd/server-main.go b/cmd/server-main.go index da713fa1f..83ff74518 100644 --- a/cmd/server-main.go +++ b/cmd/server-main.go @@ -25,6 +25,7 @@ import ( "io" "log" "math/rand" + "net" "os" "os/signal" "runtime" @@ -36,6 +37,7 @@ import ( "github.com/minio/cli" "github.com/minio/minio-go/v7" "github.com/minio/minio-go/v7/pkg/credentials" + "github.com/minio/minio-go/v7/pkg/set" "github.com/minio/minio/internal/auth" "github.com/minio/minio/internal/bucket/bandwidth" "github.com/minio/minio/internal/color" @@ -418,6 +420,24 @@ func initConfigSubsystem(ctx context.Context, newObject ObjectLayer) error { return nil } +// Return the list of address that MinIO server needs to listen on: +// - Returning 127.0.0.1 is necessary so Console will be able to send +// requests to the local S3 API. +// - The returned List needs to be deduplicated as well. +func getServerListenAddrs() []string { + // Use a string set to avoid duplication + addrs := set.NewStringSet() + // Listen on local interface to receive requests from Console + for _, ip := range mustGetLocalIPs() { + if ip != nil && ip.IsLoopback() { + addrs.Add(net.JoinHostPort(ip.String(), globalMinioPort)) + } + } + // Add the interface specified by the user + addrs.Add(globalMinioAddr) + return addrs.ToSlice() +} + // serverMain handler called for 'minio server' command. func serverMain(ctx *cli.Context) { signal.Notify(globalOSSignalCh, os.Interrupt, syscall.SIGTERM, syscall.SIGQUIT) @@ -500,7 +520,7 @@ func serverMain(ctx *cli.Context) { getCert = globalTLSCerts.GetCertificate } - httpServer := xhttp.NewServer([]string{globalMinioAddr}). + httpServer := xhttp.NewServer(getServerListenAddrs()). UseHandler(setCriticalErrorHandler(corsHandler(handler))). UseTLSConfig(newTLSConfig(getCert)). UseShutdownTimeout(ctx.Duration("shutdown-timeout")). diff --git a/cmd/signals.go b/cmd/signals.go index d8db1e436..6606fc240 100644 --- a/cmd/signals.go +++ b/cmd/signals.go @@ -75,7 +75,8 @@ func handleSignals() { for { select { - case <-globalHTTPServerErrorCh: + case err := <-globalHTTPServerErrorCh: + logger.LogIf(context.Background(), err) exit(stopProcess()) case osSignal := <-globalOSSignalCh: if !globalIsGateway {