Set CONSOLE_MINIO_SERVER to 127.0.0.1 by default (#15887)

2024-10-06 16:09:36 +00:00 · 2022-10-21 22:42:28 +01:00 · 2022-10-21 22:42:28 +01:00 · 58d776daa0
parent f6b2e89109
commit 58d776daa0
5 changed files with 43 additions and 24 deletions
--- a/cmd/common-main.go
+++ b/cmd/common-main.go
@ -175,7 +175,9 @@ func minioConfigToConsoleFeatures() {
 	if globalMinioEndpoint != "" {
 		os.Setenv("CONSOLE_MINIO_SERVER", globalMinioEndpoint)
 	} else {
-		os.Setenv("CONSOLE_MINIO_SERVER", getAPIEndpoints()[0])
+		// Explicitly set 127.0.0.1 so Console will automatically bypass TLS verification to the local S3 API.
+		// This will save users from providing a certificate with IP or FQDN SAN that points to the local host.
+		os.Setenv("CONSOLE_MINIO_SERVER", fmt.Sprintf("%s://127.0.0.1:%s", getURLScheme(globalIsTLS), globalMinioPort))
 	}
 	if value := env.Get("MINIO_LOG_QUERY_URL", ""); value != "" {
 		os.Setenv("CONSOLE_LOG_QUERY_URL", value)
--- a/cmd/gateway-main.go
+++ b/cmd/gateway-main.go
@ -249,7 +249,7 @@ func StartGateway(ctx *cli.Context, gw Gateway) {
 		getCert = globalTLSCerts.GetCertificate
 	}

-	httpServer := xhttp.NewServer([]string{globalMinioAddr}).
+	httpServer := xhttp.NewServer(getServerListenAddrs()).
 		UseHandler(setCriticalErrorHandler(corsHandler(router))).
 		UseTLSConfig(newTLSConfig(getCert)).
 		UseShutdownTimeout(ctx.Duration("shutdown-timeout")).
--- a/cmd/net.go
+++ b/cmd/net.go
@ -44,9 +44,8 @@ func mustSplitHostPort(hostPort string) (host, port string) {
 	return xh.Name, xh.Port.String()
 }

-// mustGetLocalIP4 returns IPv4 addresses of localhost.  It panics on error.
-func mustGetLocalIP4() (ipList set.StringSet) {
-	ipList = set.NewStringSet()
+// mustGetLocalIPs returns IPs of local interface
+func mustGetLocalIPs() (ipList []net.IP) {
 	ifs, err := net.Interfaces()
 	logger.FatalIf(err, "Unable to get IP addresses of this host")

@ -68,36 +67,33 @@ func mustGetLocalIP4() (ipList set.StringSet) {
 				ip = v.IP
 			}

-			if ip.To4() != nil {
-				ipList.Add(ip.String())
-			}
+			ipList = append(ipList, ip)
 		}
 	}

 	return ipList
 }

+// mustGetLocalIP4 returns IPv4 addresses of localhost.  It panics on error.
+func mustGetLocalIP4() (ipList set.StringSet) {
+	ipList = set.NewStringSet()
+	for _, ip := range mustGetLocalIPs() {
+		if ip.To4() != nil {
+			ipList.Add(ip.String())
+		}
+	}
+	return
+}
+
 // mustGetLocalIP6 returns IPv6 addresses of localhost.  It panics on error.
 func mustGetLocalIP6() (ipList set.StringSet) {
 	ipList = set.NewStringSet()
-	addrs, err := net.InterfaceAddrs()
-	logger.FatalIf(err, "Unable to get IP addresses of this host")
-
-	for _, addr := range addrs {
-		var ip net.IP
-		switch v := addr.(type) {
-		case *net.IPNet:
-			ip = v.IP
-		case *net.IPAddr:
-			ip = v.IP
-		}
-
+	for _, ip := range mustGetLocalIPs() {
 		if ip.To4() == nil {
 			ipList.Add(ip.String())
 		}
 	}
-
-	return ipList
+	return
 }

 // getHostIP returns IP address of given host.
--- a/cmd/server-main.go
+++ b/cmd/server-main.go
@ -25,6 +25,7 @@ import (
 	"io"
 	"log"
 	"math/rand"
+	"net"
 	"os"
 	"os/signal"
 	"runtime"
@ -36,6 +37,7 @@ import (
 	"github.com/minio/cli"
 	"github.com/minio/minio-go/v7"
 	"github.com/minio/minio-go/v7/pkg/credentials"
+	"github.com/minio/minio-go/v7/pkg/set"
 	"github.com/minio/minio/internal/auth"
 	"github.com/minio/minio/internal/bucket/bandwidth"
 	"github.com/minio/minio/internal/color"
@ -418,6 +420,24 @@ func initConfigSubsystem(ctx context.Context, newObject ObjectLayer) error {
 	return nil
 }

+// Return the list of address that MinIO server needs to listen on:
+//   - Returning 127.0.0.1 is necessary so Console will be able to send
+//     requests to the local S3 API.
+//   - The returned List needs to be deduplicated as well.
+func getServerListenAddrs() []string {
+	// Use a string set to avoid duplication
+	addrs := set.NewStringSet()
+	// Listen on local interface to receive requests from Console
+	for _, ip := range mustGetLocalIPs() {
+		if ip != nil && ip.IsLoopback() {
+			addrs.Add(net.JoinHostPort(ip.String(), globalMinioPort))
+		}
+	}
+	// Add the interface specified by the user
+	addrs.Add(globalMinioAddr)
+	return addrs.ToSlice()
+}
+
 // serverMain handler called for 'minio server' command.
 func serverMain(ctx *cli.Context) {
 	signal.Notify(globalOSSignalCh, os.Interrupt, syscall.SIGTERM, syscall.SIGQUIT)
@ -500,7 +520,7 @@ func serverMain(ctx *cli.Context) {
 		getCert = globalTLSCerts.GetCertificate
 	}

-	httpServer := xhttp.NewServer([]string{globalMinioAddr}).
+	httpServer := xhttp.NewServer(getServerListenAddrs()).
 		UseHandler(setCriticalErrorHandler(corsHandler(handler))).
 		UseTLSConfig(newTLSConfig(getCert)).
 		UseShutdownTimeout(ctx.Duration("shutdown-timeout")).
--- a/cmd/signals.go
+++ b/cmd/signals.go
@ -75,7 +75,8 @@ func handleSignals() {

 	for {
 		select {
-		case <-globalHTTPServerErrorCh:
+		case err := <-globalHTTPServerErrorCh:
+			logger.LogIf(context.Background(), err)
 			exit(stopProcess())
 		case osSignal := <-globalOSSignalCh:
 			if !globalIsGateway {