From cf86009aa933e99d8995e4b2a80447fe82ceb14e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Thorben=20G=C3=BCnther?= <admin@xenrox.net>
Date: Wed, 5 Jul 2023 16:20:19 +0200
Subject: [PATCH] minio: Expose console

Closes: https://todo.xenrox.net/~xenrox/infrastructure/13
---
 roles/minio/files/minio.conf        | 41 +++++++++++++++++++++++++++++
 roles/minio/templates/minio.conf.j2 |  2 +-
 terraform_hetzner/locals.tf         |  2 +-
 3 files changed, 43 insertions(+), 2 deletions(-)

diff --git a/roles/minio/files/minio.conf b/roles/minio/files/minio.conf
index f7d8395..679e818 100644
--- a/roles/minio/files/minio.conf
+++ b/roles/minio/files/minio.conf
@@ -29,3 +29,44 @@ server {
         proxy_pass http://127.0.0.1:9001;
     }
 }
+
+server {
+    include /etc/nginx/snippets/http.conf;
+    server_name minioconsole.xenrox.net;
+}
+
+server {
+    include /etc/nginx/snippets/https.conf;
+    server_name minioconsole.xenrox.net;
+
+    client_max_body_size 5000M;
+    # To allow special characters in headers
+    ignore_invalid_headers off;
+    # To disable buffering
+    proxy_buffering off;
+    proxy_request_buffering off;
+
+    location / {
+        include /etc/nginx/snippets/internal_access.conf;
+
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_set_header Host $http_host;
+        proxy_set_header X-NginX-Proxy true;
+
+        # This is necessary to pass the correct IP to be hashed
+        real_ip_header X-Real-IP;
+
+        proxy_connect_timeout 300;
+
+        # To support websockets in MinIO versions released after January 2023
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "upgrade";
+
+        chunked_transfer_encoding off;
+
+        proxy_pass http://127.0.0.1:35957;
+    }
+}
diff --git a/roles/minio/templates/minio.conf.j2 b/roles/minio/templates/minio.conf.j2
index 742ddad..f4a77da 100644
--- a/roles/minio/templates/minio.conf.j2
+++ b/roles/minio/templates/minio.conf.j2
@@ -5,7 +5,7 @@ MINIO_ROOT_USER={{ minio_secrets['access_key'] }}
 # Server password.
 MINIO_ROOT_PASSWORD={{ minio_secrets['secret_key'] }}
 # Use if you want to run Minio on a custom port.
-MINIO_OPTS="--address 127.0.0.1:9001"
+MINIO_OPTS="--address 127.0.0.1:9001 --console-address 127.0.0.1:35957"
 # Prometheus metrics with auth
 MINIO_PROMETHEUS_AUTH_TYPE="jwt"
 # Support DNS bucket lookup
diff --git a/terraform_hetzner/locals.tf b/terraform_hetzner/locals.tf
index f23e6a3..05fb6cb 100644
--- a/terraform_hetzner/locals.tf
+++ b/terraform_hetzner/locals.tf
@@ -18,7 +18,7 @@ locals {
     "cloud", "grafana", "keycloak", "tube", "vault", "matrix", "hedgedoc",
 
     # minio
-    "minio", "tube.minio",
+    "minio", "minioconsole", "tube.minio",
 
     "bot", "faceit", "gamja", "pass", "search",
 
-- 
2.44.0