Documented here as well, but in summary MinIO’s console can’t reach the S3 interface locally.
TrueNAS-SCALE-24.04.1.1, MinIO app 2023-03-13 chart 2.6.0 image minio/minio:RELEASE.2023-07-21T21-12-44Z.
When logging in to console:
Post "https://nas1.domain:9000/": dial tcp 192.168.0.200:9000: i/o timeout
From within the MinIO pod:
root@nas1[~]# k3s kubectl -n ix-minio exec -it minio-7bc8b845f4-bplbj -c minio -- bash
bash-4.4$ curl https://localhost:9000
curl: (51) SSL: no alternative certificate subject name matches target host name 'localhost'
bash-4.4$ curl https://192.168.0.200:9000
curl: (7) Failed to connect to 192.168.0.200 port 9000: Connection timed out
MinIO pod logs:
root@nas1[~]# k3s kubectl -n ix-minio logs -f minio-7bc8b845f4-bplbj -c minio
MinIO Object Storage Server
Copyright: 2015-2023 MinIO, Inc.
License: GNU AGPLv3 <https://www.gnu.org/licenses/agpl-3.0.html>
Version: RELEASE.2023-07-21T21-12-44Z (go1.19.11 linux/amd64)
Status: 1 Online, 0 Offline.
S3-API: https://nas1.domain:9000
Console: https://nas1.domain:9002
Documentation: https://min.io/docs/minio/linux/index.html
Warning: The standard parity is set to 0. This can lead to data loss.
You are running an older version of MinIO released 10 months ago
Update: Run `mc admin update`
Using curl above to test socket connections (in lieu of natcat), localhost works (cert fail, expected), but IP (and by extension FQDN as well if used) fails.
This was working a few days ago, and problems seem to coincide with an automatic cert update (cert is valid):
❯ echo | openssl s_client -showcerts -servername nas1.domain -connect nas1.domain:9000 2>/dev/null | openssl x509 -inform pem -noout -text
...
Validity
Not Before: Jun 3 18:41:47 2024 GMT
Not After : Sep 1 18:41:46 2024 GMT
Subject: CN=nas1.domain