Erkka
Erkka2d ago

About Minio... I tried to find reason

About Minio... I tried to find reason for signature mismatch but my rust skills are limited...
15 Replies
nipunn
nipunn2d ago
by Minio, are you referencing this? https://min.io/ I'm not familiar.
MinIO
MinIO | S3 Compatible Storage for AI
MinIO's High Performance Object Storage is Open Source, Amazon S3 compatible, Kubernetes Native and is designed for cloud native workloads like AI.
nipunn
nipunn2d ago
if it's S3 compatible, it should work. We have instructions on how to use R2 which is another S3 compatible objectstore.
nipunn
nipunn2d ago
https://github.com/get-convex/convex-backend/tree/main/self-hosted#using-s3-storage @Spioune helped implement it and may be able to give you pointers if they're around.
GitHub
convex-backend/self-hosted at main · get-convex/convex-backend
The open-source reactive database for app developers - get-convex/convex-backend
Spioune
Spioune2d ago
@Erkka @Nipunn I just tried with a minio docker container and everything works fine docker-compose.yaml 
services:
  minio:
    image: quay.io/minio/minio
    ports:
      - "9000:9000"
      - "9001:9001"
    volumes:
      - ~/minio/data:/data
      - ./root.key:/root.key
      - ./root.cert:/root.cert
    environment:
      - MINIO_ROOT_USER=${MINIO_ROOT_USER:-}
      - MINIO_ROOT_PASSWORD=${MINIO_ROOT_PASSWORD:-}
      - MINIO_KMS_KES_ENDPOINT=${MINIO_KMS_KES_ENDPOINT:-}
      - MINIO_KMS_KES_KEY_FILE=${MINIO_KMS_KES_KEY_FILE:-}
      - MINIO_KMS_KES_CERT_FILE=${MINIO_KMS_KES_CERT_FILE:-}
      - MINIO_KMS_KES_KEY_NAME=${MINIO_KMS_KES_KEY_NAME:-}
    command: server /data --address "0.0.0.0:9000" --console-address ":9001"
services:
  minio:
    image: quay.io/minio/minio
    ports:
      - "9000:9000"
      - "9001:9001"
    volumes:
      - ~/minio/data:/data
      - ./root.key:/root.key
      - ./root.cert:/root.cert
    environment:
      - MINIO_ROOT_USER=${MINIO_ROOT_USER:-}
      - MINIO_ROOT_PASSWORD=${MINIO_ROOT_PASSWORD:-}
      - MINIO_KMS_KES_ENDPOINT=${MINIO_KMS_KES_ENDPOINT:-}
      - MINIO_KMS_KES_KEY_FILE=${MINIO_KMS_KES_KEY_FILE:-}
      - MINIO_KMS_KES_CERT_FILE=${MINIO_KMS_KES_CERT_FILE:-}
      - MINIO_KMS_KES_KEY_NAME=${MINIO_KMS_KES_KEY_NAME:-}
    command: server /data --address "0.0.0.0:9000" --console-address ":9001"
.env 
AWS_REGION=auto
AWS_ACCESS_KEY_ID=H8x58ENxEbRrLUzqarEo
AWS_SECRET_ACCESS_KEY=OgCEuXCcCul5uasqaqwpG2keqLveJ4AnmgQvhTHE
#AWS_SESSION_TOKEN=
S3_STORAGE_EXPORTS_BUCKET=bucket1
S3_STORAGE_SNAPSHOT_IMPORTS_BUCKET=bucket1
S3_STORAGE_MODULES_BUCKET=bucket1
S3_STORAGE_FILES_BUCKET=bucket1
S3_STORAGE_SEARCH_BUCKET=bucket1
S3_ENDPOINT_URL=http://172.18.0.4:9000

MINIO_ROOT_USER=ROOTNAME
MINIO_ROOT_PASSWORD=CHANGEME123
MINIO_KMS_KES_ENDPOINT=https://play.min.io:7373
MINIO_KMS_KES_KEY_FILE=root.key
MINIO_KMS_KES_CERT_FILE=root.cert
MINIO_KMS_KES_KEY_NAME=my-minio-key
AWS_REGION=auto
AWS_ACCESS_KEY_ID=H8x58ENxEbRrLUzqarEo
AWS_SECRET_ACCESS_KEY=OgCEuXCcCul5uasqaqwpG2keqLveJ4AnmgQvhTHE
#AWS_SESSION_TOKEN=
S3_STORAGE_EXPORTS_BUCKET=bucket1
S3_STORAGE_SNAPSHOT_IMPORTS_BUCKET=bucket1
S3_STORAGE_MODULES_BUCKET=bucket1
S3_STORAGE_FILES_BUCKET=bucket1
S3_STORAGE_SEARCH_BUCKET=bucket1
S3_ENDPOINT_URL=http://172.18.0.4:9000

MINIO_ROOT_USER=ROOTNAME
MINIO_ROOT_PASSWORD=CHANGEME123
MINIO_KMS_KES_ENDPOINT=https://play.min.io:7373
MINIO_KMS_KES_KEY_FILE=root.key
MINIO_KMS_KES_CERT_FILE=root.cert
MINIO_KMS_KES_KEY_NAME=my-minio-key
for HA, only one instance of the convex backend can run at the same time (because of transactions) but I guess with docker swarm/kubernetes if the server crashes you can spawn another instance on another node
Erkka
ErkkaOP2d ago
I see you don't use https. Problem is with signed urls
Spioune
Spioune2d ago
assuming your database and minio are HA also ah I will try with https later and let you know
Erkka
ErkkaOP2d ago
What I know is that most open source solutions use path style and I assume my problem has something to do with virtual host style paths (although in minio those "seem" to work okay)
Spioune
Spioune2d ago
you are using a subdomain?
Erkka
ErkkaOP2d ago
library used forces virtual host style I I'm not sure how endpoint should look like in that case but it seems to add bucket to endpoint url as well (maybe that is reason for signature mismatch)
Spioune
Spioune2d ago
How does your S3_ENDPOINT_URL env variable look like ?
Erkka
ErkkaOP2d ago
it is the minio lb url or ingress but I can see from Convex logs that bucket has been added in front
Spioune
Spioune2d ago
did you set MINIO_DOMAIN env variable ? (To enable virtual host style url)
Erkka
ErkkaOP2d ago
no because I use minio-operator. Like I said virtual hosts seem to work in minio side...
Spioune
Spioune2d ago
Do you have a way to inspect http requests to your minio instance with something like wireshark ? I suspect some header mismatch maybe you need to set the Host header with your reverse proxy (nginx, traefik, caddy...)
jamwt
jamwt22h ago
just be very careful to ensure locking if you use HA if two committers were accidentally running at the same time, it could be bad. like "data corruption" bad, in terms of transactional consistency we utliize some pretty careful database locks to prevent this in the cloud product

Did you find this page helpful?