MinIO Console

A graphical user interface for MinIO

Dashboard	Adding A User

Setup

All console needs is a MinIO user with admin privileges and URL pointing to your MinIO deployment.

Note: We don't recommend using MinIO's Operator Credentials

1. Create a user for console using mc.

$ set +o history
$ mc admin user add myminio console YOURCONSOLESECRET
$ set -o history

2. Create a policy for console with access to everything (for testing and debugging)

$ cat > consoleAdmin.json << EOF
{
	"Version": "2012-10-17",
	"Statement": [{
			"Action": [
				"admin:*"
			],
			"Effect": "Allow",
			"Sid": ""
		},
		{
			"Action": [
                "s3:*"
			],
			"Effect": "Allow",
			"Resource": [
				"arn:aws:s3:::*"
			],
			"Sid": ""
		}
	]
}
EOF
$ mc admin policy add myminio consoleAdmin consoleAdmin.json

3. Set the policy for the new console user

$ mc admin policy set myminio consoleAdmin user=console

Note

Additionally, you can create policies to limit the privileges for console users, for example, if you want the user to only have access to dashboard, buckets, notifications and watch page, the policy should look like this:

{
	"Version": "2012-10-17",
	"Statement": [{
			"Action": [
				"admin:ServerInfo"
			],
			"Effect": "Allow",
			"Sid": ""
		},
		{
			"Action": [
				"s3:ListenBucketNotification",
				"s3:PutBucketNotification",
				"s3:GetBucketNotification",
				"s3:ListMultipartUploadParts",
				"s3:ListBucketMultipartUploads",
				"s3:ListBucket",
				"s3:HeadBucket",
				"s3:GetObject",
				"s3:GetBucketLocation",
				"s3:AbortMultipartUpload",
				"s3:CreateBucket",
				"s3:PutObject",
				"s3:DeleteObject",
				"s3:DeleteBucket",
				"s3:PutBucketPolicy",
				"s3:DeleteBucketPolicy",
				"s3:GetBucketPolicy"
			],
			"Effect": "Allow",
			"Resource": [
				"arn:aws:s3:::*"
			],
			"Sid": ""
		}
	]
}

Run Console server

To run the server:

export CONSOLE_HMAC_JWT_SECRET=YOURJWTSIGNINGSECRET

#required to encrypt jwet payload
export CONSOLE_PBKDF_PASSPHRASE=SECRET

#required to encrypt jwet payload
export CONSOLE_PBKDF_SALT=SECRET

export CONSOLE_ACCESS_KEY=console
export CONSOLE_SECRET_KEY=YOURCONSOLESECRET
export CONSOLE_MINIO_SERVER=http://localhost:9000
./console server

Connect Console to a Minio using TLS and a self-signed certificate

...
export CONSOLE_MINIO_SERVER_TLS_ROOT_CAS=<certificate_file_name>
export CONSOLE_MINIO_SERVER=https://localhost:9000
./console server

You can verify that the apis work by doing the request on localhost:9090/api/v1/...

Contribute to console Project

Please follow console Contributor's Guide