OpenMaxIO 是 MinIO 的社区维护分支。

OpenMaxIO 是 MinIO 的社区维护分支。
OpenMaxIO: Forked UI for MinIO Object Storage

原始链接: https://github.com/OpenMaxIO/openmaxio-object-browser

## OpenMaxIO 控制台摘要 OpenMaxIO 控制台是 MinIO 控制台的一个社区驱动的分支，旨在维护一个完全开源的对象存储管理界面。它源于 MinIO 的变更，将核心功能移至商业许可之下。该项目旨在保留原始的极简主义、性能和自由原则。要使用它，克隆仓库，检出 1.7.6 版本，使用 `yarn` 安装依赖项，并构建 Web 应用。它需要一个正在运行的 MinIO 服务器（例如 `http://1.2.3.4:9000`）和一个具有管理员权限的 MinIO 用户——通过 `mc` 命令创建用户并分配管理员策略。控制台通过 `./console server` 启动，需要环境变量用于 JWT 加密 (`CONSOLE_PBKDF_PASSPHRASE`, `CONSOLE_PBKDF_SALT`) 和 MinIO 服务器地址 (`CONSOLE_MINIO_SERVER`)。它默认使用 9090 端口，并支持使用自定义证书的 TLS。可以通过 `CONSOLE_DEBUG_LOGLEVEL` 启用调试日志。欢迎对该项目做出贡献。

原文

git clone https://github.com/OpenMaxIO/openmaxio-object-browser 
cd openmaxio-object-browser/web-app
git checkout v1.7.6
yarn install 
yarn build 
cd ../
make console 
./console server

CONSOLE_MINIO_SERVER=http://1.2.3.4:9000 ./console server

This is a fork of MinIO Console. This is a communitty driven project and is not affiliated with MinIO, Inc.

OpenMaxIO is a community-maintained fork of MinIO, created in response to the removal of key features from the MinIO open-source distribution. Our goal is simple: to preserve a fully open, fully functional, and production-grade object storage server that stays true to the original spirit of minimalism, performance, and freedom.

MinIO once stood for minimal, high-performance, open-source object storage. But recent changes have shifted core capabilities behind a commercial license. We believe the open-source ecosystem deserves better.

OpenMaxIO brings back what was removed and keeps it open for good.

We welcome contributions to OpenMaxIO Console. These are still early days, so please be patient as we work to restore and enhance the features you love.

A graphical user interface for MinIO

Table of Contents

MinIO Console is a library that provides a management and browser UI overlay for the MinIO Server.

All console needs is a MinIO user with admin privileges and URL pointing to your MinIO deployment.

Note: We don't recommend using MinIO's Operator Credentials

1. Create a user `console` using `mc`

mc admin user add myminio/
Enter Access Key: console
Enter Secret Key: xxxxxxxx

2. Create a policy for `console` with admin access to all resources (for testing)

cat > admin.json << EOF
{
	"Version": "2012-10-17",
	"Statement": [{
			"Action": [
				"admin:*"
			],
			"Effect": "Allow",
			"Sid": ""
		},
		{
			"Action": [
                "s3:*"
			],
			"Effect": "Allow",
			"Resource": [
				"arn:aws:s3:::*"
			],
			"Sid": ""
		}
	]
}
EOF

mc admin policy create myminio/ consoleAdmin admin.json

3. Set the policy for the new `console` user

mc admin policy attach myminio consoleAdmin --user=console

NOTE: Additionally, you can create policies to limit the privileges for other console users, for example, if you want the user to only have access to dashboard, buckets, notifications and watch page, the policy should look like this:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Action": [
        "admin:ServerInfo"
      ],
      "Effect": "Allow",
      "Sid": ""
    },
    {
      "Action": [
        "s3:ListenBucketNotification",
        "s3:PutBucketNotification",
        "s3:GetBucketNotification",
        "s3:ListMultipartUploadParts",
        "s3:ListBucketMultipartUploads",
        "s3:ListBucket",
        "s3:HeadBucket",
        "s3:GetObject",
        "s3:GetBucketLocation",
        "s3:AbortMultipartUpload",
        "s3:CreateBucket",
        "s3:PutObject",
        "s3:DeleteObject",
        "s3:DeleteBucket",
        "s3:PutBucketPolicy",
        "s3:DeleteBucketPolicy",
        "s3:GetBucketPolicy"
      ],
      "Effect": "Allow",
      "Resource": [
        "arn:aws:s3:::*"
      ],
      "Sid": ""
    }
  ]
}

Before running console service, following environment settings must be supplied

# Salt to encrypt JWT payload
export CONSOLE_PBKDF_PASSPHRASE=SECRET

# Required to encrypt JWT payload
export CONSOLE_PBKDF_SALT=SECRET

# MinIO Endpoint
export CONSOLE_MINIO_SERVER=http://localhost:9000

Now start the console service.

./console server
2021-01-19 02:36:08.893735 I | 2021/01/19 02:36:08 server.go:129: Serving console at http://localhost:9090

By default console runs on port 9090 this can be changed with --port of your choice.

Start Console service with TLS:

Copy your public.crt and private.key to ~/.console/certs, then:

./console server
2021-01-19 02:36:08.893735 I | 2021/01/19 02:36:08 server.go:129: Serving console at http://[::]:9090
2021-01-19 02:36:08.893735 I | 2021/01/19 02:36:08 server.go:129: Serving console at https://[::]:9443

For advanced users, console has support for multiple certificates to service clients through multiple domains.

Following tree structure is expected for supporting multiple domains:

 certs/
  │
  ├─ public.crt
  ├─ private.key
  │
  ├─ example.com/
  │   │
  │   ├─ public.crt
  │   └─ private.key
  └─ foobar.org/
     │
     ├─ public.crt
     └─ private.key
  ...

Connect Console to a Minio using TLS and a self-signed certificate

Copy the MinIO ca.crt under ~/.console/certs/CAs, then:

export CONSOLE_MINIO_SERVER=https://localhost:9000
./console server

You can verify that the apis work by doing the request on localhost:9090/api/v1/...

In some cases it may be convenient to log all HTTP requests. This can be enabled by setting the CONSOLE_DEBUG_LOGLEVEL environment variable to one of the following values:

0 (default) uses no logging.
1 log single line per request for server-side errors (status-code 5xx).
2 log single line per request for client-side and server-side errors (status-code 4xx/5xx).
3 log single line per request for all requests (status-code 4xx/5xx).
4 log details per request for server-side errors (status-code 5xx).
5 log details per request for client-side and server-side errors (status-code 4xx/5xx).
6 log details per request for all requests (status-code 4xx/5xx).

A single line logging has the following information:

Remote endpoint (IP + port) of the request. Note that reverse proxies may hide the actual remote endpoint of the client's browser.
HTTP method and URL
Status code of the response (websocket connections are hijacked, so no response is shown)
Duration of the request

The detailed logging also includes all request and response headers (if any).

Please follow console Contributor's Guide