minio · ravindk89 · Jul 21, 2023 · Jul 17, 2023 · Jul 20, 2023 · Jul 21, 2023
diff --git a/source/integrations/setup-nginx-proxy-with-minio.rst b/source/integrations/setup-nginx-proxy-with-minio.rst
@@ -33,19 +33,27 @@ There are two models for proxying requests to the MinIO Server API and the MinIO
 
       - Proxy requests to the root ``https://minio.example.net`` to the MinIO Server listening on ``https://minio.local:9000``.
 
-      - Proxy requests to the subpath ``https://minio.example.net/minio`` to the MinIO Console listening on ``https://minio.local:9001``.
+      - Proxy requests to the subpath ``https://minio.example.net/minio/ui`` to the MinIO Console listening on ``https://minio.local:9090``.
 
       The following location blocks provide a template for further customization in your unique environment:
 
       .. code-block:: nginx
          :class: copyable
 
-         upstream minio {
+         upstream minio_s3 {
             least_conn;
-            server minio-01.internal-domain.com;
-            server minio-02.internal-domain.com;
-            server minio-03.internal-domain.com;
-            server minio-04.internal-domain.com;
+            server minio-01.internal-domain.com:9000;
+            server minio-02.internal-domain.com:9000;
+            server minio-03.internal-domain.com:9000;
+            server minio-04.internal-domain.com:9000;
+         }
+
+         upstream minio_console {
+            least_conn;
+            server minio-01.internal-domain.com:9090;
+            server minio-02.internal-domain.com:9090;
+            server minio-03.internal-domain.com:9090;
+            server minio-04.internal-domain.com:9090;
          }
 
          server {
@@ -74,10 +82,11 @@ There are two models for proxying requests to the MinIO Server API and the MinIO
                proxy_set_header Connection "";
                chunked_transfer_encoding off;
 
-               proxy_pass https://minio:9000/; # This uses the upstream directive definition to load balance
+               proxy_pass https://minio_s3; # This uses the upstream directive definition to load balance
             }
 
-            location /minio {
+            location /minio/ui {
+               rewrite ^/minio/ui/(.*) /$1 break;
                proxy_set_header Host $http_host;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
@@ -96,11 +105,16 @@ There are two models for proxying requests to the MinIO Server API and the MinIO
 
                chunked_transfer_encoding off;
 
-               proxy_pass https://minio:9001/; # This uses the upstream directive definition to load balance and assumes a static Console port of 9001
+               proxy_pass https://minio_console; # This uses the upstream directive definition to load balance
             }
          }
 
-      The S3 API signature calculation algorithm does *not* support proxy schemes where you host either the MinIO Server API or Console GUI on a subpath, such as ``example.net/s3/`` or ``example.net/console/``.
+      The S3 API signature calculation algorithm does *not* support proxy schemes where you host the MinIO Server API such as ``example.net/s3/``.
+
+      You must also set the following environment variables for the MinIO deployment:
+
+      - Set :envvar:`MINIO_SERVER_URL` to the proxy host FQDN of the MinIO Server (``https://minio.example.net``)
+      - Set the :envvar:`MINIO_BROWSER_REDIRECT_URL` to the proxy host FQDN of the MinIO Console (``https://example.net/minio/ui``)
 
    .. tab-item:: Subdomain
 
@@ -110,19 +124,27 @@ There are two models for proxying requests to the MinIO Server API and the MinIO
 
       - Proxy request to the subdomain ``minio.example.net`` to the MinIO Server listening on ``https://minio.local:9000``
 
-      - Proxy requests to the subdomain ``console.example.net`` to the MinIO Console listening on ``https://minio.local:9001``
+      - Proxy requests to the subdomain ``console.example.net`` to the MinIO Console listening on ``https://minio.local:9090``
 
       The following location blocks provide a template for further customization in your unique environment:
 
       .. code-block:: nginx
          :class: copyable
 
-         upstream minio {
+         upstream minio_s3 {
             least_conn;
-            server minio-01.internal-domain.com;
-            server minio-02.internal-domain.com;
-            server minio-03.internal-domain.com;
-            server minio-04.internal-domain.com;
+            server minio-01.internal-domain.com:9000;
+            server minio-02.internal-domain.com:9000;
+            server minio-03.internal-domain.com:9000;
+            server minio-04.internal-domain.com:9000;
+         }
+
+         upstream minio_console {
+            least_conn;
+            server minio-01.internal-domain.com:9090;
+            server minio-02.internal-domain.com:9090;
+            server minio-03.internal-domain.com:9090;
+            server minio-04.internal-domain.com:9090;
          }
 
          server {
@@ -151,7 +173,7 @@ There are two models for proxying requests to the MinIO Server API and the MinIO
                proxy_set_header Connection "";
                chunked_transfer_encoding off;
 
-               proxy_pass http://minio:9000/; # This uses the upstream directive definition to load balance
+               proxy_pass http://minio_s3; # This uses the upstream directive definition to load balance
             }
          }
 
@@ -189,9 +211,13 @@ There are two models for proxying requests to the MinIO Server API and the MinIO
 
                chunked_transfer_encoding off;
 
-               proxy_pass http://minio:9001/; # This uses the upstream directive definition to load balance and assumes a static Console port of 9001
+               proxy_pass http://minio_console/; # This uses the upstream directive definition to load balance
             }
          }
 
-      The S3 API signature calculation algorithm does *not* support proxy schemes where you host either the MinIO Server API or Console GUI on a subpath, such as ``minio.example.net/s3/`` or ``console.example.net/gui``.
+      The S3 API signature calculation algorithm does *not* support proxy schemes where you host the MinIO Server API on a subpath, such as ``minio.example.net/s3/``.
+
+      You must also set the following environment variables for the MinIO deployment:
 
+      - Set :envvar:`MINIO_SERVER_URL` to the proxy host FQDN of the MinIO Server (``https://minio.example.net``)
+      - Set the :envvar:`MINIO_BROWSER_REDIRECT_URL` to the proxy host FQDN of the MinIO Console (``https://console.example.net/``)
diff --git a/source/reference/minio-server/minio-server.rst b/source/reference/minio-server/minio-server.rst
@@ -277,12 +277,23 @@ Core Configuration
 .. envvar:: MINIO_CONFIG_ENV_FILE
 
    Specifies the full path to the file the MinIO server process uses for loading environment variables.
+
+   For ``systemd``-managed files, setting this value to the environment file allows MinIO to reload changes to that file on using :mc-cmd:`mc admin service restart` to restart the deployment.
 
 .. envvar:: MINIO_ILM_EXPIRY_WORKERS
 
    Specifies the number of workers to make available to expire objects configured with ILM rules for expiration.
    When not set, MinIO defaults to using up to half of the available processing cores available.
 
+
+.. envvar:: MINIO_DOMAIN
+
+   Set to the Fully Qualified Domain Name (FQDN) MinIO accepts Bucket DNS (Virtual Host)-style requests on.
+
+   For example, setting ``MINIO_DOMAIN=minio.example.net`` directs MinIO to accept an incoming connection request the ``data`` bucket at ``data.minio.example.net``.
+
+   If this setting is omitted, the default is to only accept path-style requests. For example, ``minio.example.net/data``.
+
 Root Credentials
 ~~~~~~~~~~~~~~~~
 
@@ -432,32 +443,27 @@ MinIO Console:
 
    *Optional*
 
-   Specify the URL the MinIO Console provides as the redirect URL to the 
-   configured :ref:`external identity manager 
-   <minio-authentication-and-identity-management>`.
-
-   This variable may be necessary for MinIO deployments behind a reverse 
-   proxy, load balancer, or similar technology where the internal 
-   hostname or IP structure is not reachable from the external network. 
-
-   For example, consider a MinIO deployment behind a proxy where
-   ``https://minio.example.net`` redirects to the MinIO deployment on port 
-   ``:9000`` and ``https://console.minio.example.net`` redirects to the
-   MinIO Console on port ``:9001``. 
+   Specify the Fully Qualified Domain Name (FQDN) the MinIO Console listens for incoming connections on.
+
+   If you want to host the MinIO Console exclusively from a reverse-proxy service, you must specify the hostname managed by that service.
 
-   By default, the MinIO Console use its *internal* hostname as part of the
-   request. Set this variable to ``https://console.minio.example.net`` to ensure
-   the external identity provider has a reachable URL to which to send the
-   authentication response.
+   For example, consider a reverse proxy configured to route ``https://example.net/minio/`` to the MinIO Console.
+   You must set this environment variable to match that hostname for the Console to both listen and respond to requests using that hostname.
+
+   If you omit this variable, the Console listens and responds to all IP addresses or hostnames associated to the host machine on which the MinIO Server runs.
 
 .. envvar:: MINIO_SERVER_URL
 
    *Optional*
 
-   Specify the Fully Qualified Domain Name (FQDN) the MinIO Console should use for connecting to the MinIO Server.
+   Specify the Fully Qualified Domain Name (FQDN) the MinIO Console must use for connecting to the MinIO Server.
+   The Console also uses this value for setting the root hostname when generating presigned URLs.
+
+   This setting may be required if:
+
+   - The MinIO Server uses a TLS certificate that does not include the host local IP(s) in the certificate Subject Alternative Name (SAN) *or*
 
-   This variable is typically only necessary when the MinIO Server TLS certificates do not contain an IP Subject Alternative Name (SAN) for the MinIO Server.
-   Since the Console uses the MinIO Server IP by default, the Console may fail to connect due to the TLS certificate not having the necessary IP listed as a SAN.
+   - The Console must use a specific hostname to connect or reference the MinIO Server, e.g. due to a reverse proxy or similar configuration.
 
 Key Management Service and Encryption
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~