MinIO Console UI should report failure to communicate with MinIO during login as "Server not reachable" instead of "Invalid Login"

[ecerulm]

Is your feature request related to a problem? Please describe.

I had a new setup with HAProxy and 2 minio servers, and I couldn't login via the MinIO console at :9001.

I was getting "Invalid Login" (both in the json response that I could see fromt he browser > developer tools> network tab) and in the UI as a red banner saying "Invalid login".

The culprit was I used MINIO_SERVER_URL and that somehow prevented MinIO console from reaching the MinIO server.

But really the "Invalid Login" was misleading me into thinking there was an issue with the credentials. At the end I got help from @marktheunissen in slack , and he identified that I could get rid of the MINIO_SERVER_URL.

My point is that the error message in this case it should not be "Invalid Login" but "Server not reachable" or "Server invalid TLS" or something like that. That will help MinIO beginners like me that mistakenly thought MINIO_SERVER_URL was required when using HAProxy.

Describe the solution you'd like
Any of the following

• at startup minio console part can do a sanity check about the reachability of the server , and print something in the startup log
• at runtime the console can rely some of the underlying error to the browser client. I understand that you don't want to leak the full error to the browser , but specific error like "server unreachable" , "server invalid TLS certificate", etc I believe do not leak important information about the setup

Describe alternatives you've considered

Additional context

The correct message in the image above should have been "server unreachable" (or whatever was the actual top level cause),

[marktheunissen]

I have noticed this trip up a lot of people, and I think a better error message, if possible, would help users a lot to identify the issue

[ecerulm]

@harshavardhana mentioned in minio/docs#1312 (comment)

It isn't done in vain, it was an ask by the customer to avoid reporting "login errors" to avoid brute force attacks on the login vector in the name of security by (obscurity)

We used to be more descriptive in the past but it was implemented to make it vague on purpose.

I understand that you don't want to leak information about the login process that could be used by an attacker to learn about the system.

But in the specific case of "MinIO Console can't reach MinIO Server" I believe it would not leak anything. In a way, MinIO Console is already leaking that there is a connectivity issue between console and server since it takes 10 seconds to send the "Invalid Login". If you just write the incorrect credentials it tells you right away "Invalid Login" if the console can't communicate with server it "waits" 10 seconds and then gives the "Invalid Login".

So I hope you consider having both "Invalid Login" and "MinIO Server not reachable" as errors in the console as both are IMHO "vague" enough.

I mean, I already know how it works so I don't think it will happen to me again, but for the newcomers it will help.