A graphical user interface for MinIO
| Dashboard | Creating a bucket |
|---|---|
 |
 |
Table of Contents
- MinIO Console
- Contribute to console Project
| OS | ARCH | Binary |
|---|---|---|
| Linux | amd64 | linux-amd64 |
| Linux | arm64 | linux-arm64 |
| Linux | ppc64le | linux-ppc64le |
| Linux | s390x | linux-s390x |
| Apple | amd64 | darwin-amd64 |
| Windows | amd64 | windows-amd64 |
You can also verify the binary with minisign by downloading the corresponding .minisig signature file. Then run:
minisign -Vm console-<OS>-<ARCH> -P RWTx5Zr1tiHQLwG9keckT0c45M3AGeHD6IvimQHpyRywVWGbP1aVSGav
Pull the latest release via:
docker pull minio/console
You will need a working Go environment. Therefore, please follow How to install Go. Minimum version required is go1.18
go install github.com/minio/console/cmd/console@latest
All console needs is a MinIO user with admin privileges and URL pointing to your MinIO deployment.
Note: We don't recommend using MinIO's Operator Credentials
mc admin user add myminio/
Enter Access Key: console
Enter Secret Key: xxxxxxxxcat > admin.json << EOF
{
"Version": "2012-10-17",
"Statement": [{
"Action": [
"admin:*"
],
"Effect": "Allow",
"Sid": ""
},
{
"Action": [
"s3:*"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::*"
],
"Sid": ""
}
]
}
EOFmc admin policy add myminio/ consoleAdmin admin.jsonmc admin policy set myminio consoleAdmin user=consoleNOTE: Additionally, you can create policies to limit the privileges for other
consoleusers, for example, if you want the user to only have access to dashboard, buckets, notifications and watch page, the policy should look like this:
{
"Version": "2012-10-17",
"Statement": [{
"Action": [
"admin:ServerInfo"
],
"Effect": "Allow",
"Sid": ""
},
{
"Action": [
"s3:ListenBucketNotification",
"s3:PutBucketNotification",
"s3:GetBucketNotification",
"s3:ListMultipartUploadParts",
"s3:ListBucketMultipartUploads",
"s3:ListBucket",
"s3:HeadBucket",
"s3:GetObject",
"s3:GetBucketLocation",
"s3:AbortMultipartUpload",
"s3:CreateBucket",
"s3:PutObject",
"s3:DeleteObject",
"s3:DeleteBucket",
"s3:PutBucketPolicy",
"s3:DeleteBucketPolicy",
"s3:GetBucketPolicy"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::*"
],
"Sid": ""
}
]
}Before running console service, following environment settings must be supplied
# Salt to encrypt JWT payload
export CONSOLE_PBKDF_PASSPHRASE=SECRET
# Required to encrypt JWT payload
export CONSOLE_PBKDF_SALT=SECRET
# MinIO Endpoint
export CONSOLE_MINIO_SERVER=http://localhost:9000Now start the console service.
./console server
2021-01-19 02:36:08.893735 I | 2021/01/19 02:36:08 server.go:129: Serving console at http://localhost:9090
By default console runs on port 9090 this can be changed with --port of your choice.
Copy your public.crt and private.key to ~/.console/certs, then:
./console server
2021-01-19 02:36:08.893735 I | 2021/01/19 02:36:08 server.go:129: Serving console at http://[::]:9090
2021-01-19 02:36:08.893735 I | 2021/01/19 02:36:08 server.go:129: Serving console at https://[::]:9443For advanced users, console has support for multiple certificates to service clients through multiple domains.
Following tree structure is expected for supporting multiple domains:
certs/
│
├─ public.crt
├─ private.key
│
├─ example.com/
│ │
│ ├─ public.crt
│ └─ private.key
└─ foobar.org/
│
├─ public.crt
└─ private.key
...
Copy the MinIO ca.crt under ~/.console/certs/CAs, then:
export CONSOLE_MINIO_SERVER=https://localhost:9000
./console serverYou can verify that the apis work by doing the request on localhost:9090/api/v1/...
Please follow console Contributor's Guide