Mc: "Encabezados adicionales" en el cliente mc más reciente

Creado en 26 jul. 2018  ·  19Comentarios  ·  Fuente: minio/mc

Comportamiento esperado

mc cp debería generar una carga exitosa.

Comportamiento real

comm-wche84-lt:essays rachel$ mc --debug cp /Users/rachel/Downloads/giphy.gif Rachel/hexo/stop-it.gif
mc: <DEBUG> GET /hexo/?location= HTTP/1.1
Host: rachel.objectstore.co
User-Agent: Minio (darwin; amd64) minio-go/v6.0.6 mc/2018-07-13T00:53:22Z
Authorization: AWS4-HMAC-SHA256 Credential=rachel/20180720/us-east-1/s3/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date, Signature=**REDACTED**
X-Amz-Content-Sha256: UNSIGNED-PAYLOAD
X-Amz-Date: 20180720T231455Z
Accept-Encoding: gzip

mc: <DEBUG> HTTP/1.1 200 OK
Transfer-Encoding: chunked
Accept-Ranges: bytes
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
Content-Type: application/xml
Date: Fri, 20 Jul 2018 23:14:58 GMT
Strict-Transport-Security: max-age=15724800; includeSubDomains
Vary: Accept-Encoding
Vary: Origin
X-Amz-Request-Id: 154336C08C9A46BE
X-Xss-Protection: 1; mode=block

mc: <DEBUG> Response Time:  620.68303ms

mc: <DEBUG> GET /hexo/?delimiter=%2F&max-keys=1000&prefix=stop-it.gif HTTP/1.1
Host: rachel.objectstore.co
User-Agent: Minio (darwin; amd64) minio-go/v6.0.6 mc/2018-07-13T00:53:22Z
Authorization: AWS4-HMAC-SHA256 Credential=rachel/20180720/us-east-1/s3/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date, Signature=**REDACTED**
X-Amz-Content-Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
X-Amz-Date: 20180720T231456Z
Accept-Encoding: gzip

mc: <DEBUG> HTTP/1.1 200 OK
Transfer-Encoding: chunked
Accept-Ranges: bytes
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
Content-Type: application/xml
Date: Fri, 20 Jul 2018 23:14:58 GMT
Strict-Transport-Security: max-age=15724800; includeSubDomains
Vary: Accept-Encoding
Vary: Origin
X-Amz-Request-Id: 154336C08DD18908
X-Xss-Protection: 1; mode=block

mc: <DEBUG> Response Time:  17.170555ms

mc: <DEBUG> HEAD /hexo/stop-it.gif HTTP/1.1
Host: rachel.objectstore.co
User-Agent: Minio (darwin; amd64) minio-go/v6.0.6 mc/2018-07-13T00:53:22Z
Authorization: AWS4-HMAC-SHA256 Credential=rachel/20180720/us-east-1/s3/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date, Signature=**REDACTED**
X-Amz-Content-Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
X-Amz-Date: 20180720T231456Z

mc: <DEBUG> HTTP/1.1 404 Not Found
Connection: close
Accept-Ranges: bytes
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
Date: Fri, 20 Jul 2018 23:14:58 GMT
Strict-Transport-Security: max-age=15724800; includeSubDomains
Vary: Origin
X-Amz-Request-Id: 154336C08F2D3BF8
X-Xss-Protection: 1; mode=block

mc: <DEBUG> Response Time:  22.167836ms

mc: <DEBUG> GET /hexo/?delimiter=%2F&max-keys=1000&prefix=stop-it.gif HTTP/1.1
Host: rachel.objectstore.co
User-Agent: Minio (darwin; amd64) minio-go/v6.0.6 mc/2018-07-13T00:53:22Z
Authorization: AWS4-HMAC-SHA256 Credential=rachel/20180720/us-east-1/s3/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date, Signature=**REDACTED**
X-Amz-Content-Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
X-Amz-Date: 20180720T231456Z
Accept-Encoding: gzip

mc: <DEBUG> HTTP/1.1 200 OK
Transfer-Encoding: chunked
Accept-Ranges: bytes
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
Content-Type: application/xml
Date: Fri, 20 Jul 2018 23:14:58 GMT
Strict-Transport-Security: max-age=15724800; includeSubDomains
Vary: Accept-Encoding
Vary: Origin
X-Amz-Request-Id: 154336C0907ABE20
X-Xss-Protection: 1; mode=block

mc: <DEBUG> Response Time:  26.127676ms

mc: <DEBUG> HEAD /hexo/stop-it.gif HTTP/1.1
Host: rachel.objectstore.co
User-Agent: Minio (darwin; amd64) minio-go/v6.0.6 mc/2018-07-13T00:53:22Z
Authorization: AWS4-HMAC-SHA256 Credential=rachel/20180720/us-east-1/s3/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date, Signature=**REDACTED**
X-Amz-Content-Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
X-Amz-Date: 20180720T231456Z

mc: <DEBUG> HTTP/1.1 404 Not Found
Connection: close
Accept-Ranges: bytes
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
Date: Fri, 20 Jul 2018 23:14:58 GMT
Strict-Transport-Security: max-age=15724800; includeSubDomains
Vary: Origin
X-Amz-Request-Id: 154336C09206FE55
X-Xss-Protection: 1; mode=block

mc: <DEBUG> Response Time:  21.589167ms

...oads/giphy.gif:  1.16 MB / 1.16 MB  ▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓  100.00% 1.53 MB/s 0smc: <DEBUG> PUT /hexo/stop-it.gif HTTP/1.1
Host: rachel.objectstore.co
User-Agent: Minio (darwin; amd64) minio-go/v6.0.6 mc/2018-07-13T00:53:22Z
Content-Length: 1219402
Authorization: AWS4-HMAC-SHA256 Credential=rachel/20180720/us-east-1/s3/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date;x-amz-meta-com.apple.quarantine, Signature=**REDACTED**
Content-Type: image/gif
X-Amz-Content-Sha256: UNSIGNED-PAYLOAD
X-Amz-Date: 20180720T231456Z
X-Amz-Meta-Com.apple.quarantine: 0082;5b526676;Safari;
Accept-Encoding: gzip

mc: <DEBUG> HTTP/1.1 400 Bad Request
Transfer-Encoding: chunked
Accept-Ranges: bytes
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
Content-Type: application/xml
Date: Fri, 20 Jul 2018 23:15:00 GMT
Strict-Transport-Security: max-age=15724800; includeSubDomains
Vary: Origin
X-Amz-Request-Id: 154336C0FBF99F70
X-Xss-Protection: 1; mode=block

11d
<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>There were headers present in the request which were not signed</Message><Key></Key><BucketName></BucketName><Resource>/hexo/stop-it.gif</Resource><RequestId>3L137</RequestId><HostId>3L137</HostId></Error>
0

mc: <DEBUG> Response Time:  1.792951893s

mc: <ERROR> Failed to copy `/Users/rachel/Downloads/giphy.gif`. Insufficient permissions to access this file `https://rachel.objectstore.co/hexo/stop-it.gif`
 (3) cp-main.go:404 cmd.doCopySession(..) Tags: [/Users/rachel/Downloads/giphy.gif]
 (2) common-methods.go:196 cmd.uploadSourceToTargetURL(..) Tags: [https://rachel.objectstore.co/hexo/stop-it.gif]
 (1) common-methods.go:130 cmd.putTargetStream(..) Tags: [Rachel, https://rachel.objectstore.co/hexo/stop-it.gif]
 (0) client-s3.go:656 cmd.(*s3Client).Put(..)
 Release-Tag:RELEASE.2018-07-13T00-53-22Z | Commit:70dcf20d747d | Host:comm-wche84-lt.local | OS:darwin | Arch:amd64 | Lang:go1.10.2 | Mem:6.6MB/17MB | Heap:6.6MB/12MB
...oads/giphy.gif:  1.16 MB / 1.16 MB  ▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓  100.00% 663.50 KB/s 1s

Pasos para reproducir el comportamiento.

mc cp src dst_on_minio

versión mc

comm-wche84-lt:essays Rachel$ mc version
Version: 2018-07-13T00:53:22Z
Release-tag: RELEASE.2018-07-13T00-53-22Z
Commit-id: 70dcf20d747d305f73a117b4787acf46e6809d99

Información del sistema

Darwin

@harshavardhana mencionó que debería haberse arreglado en el n. ° 2193, pero no un cigarro.

duplicate medium
Fuente
picture zllovesuki

Comentario más útil

para las personas que buscan en Google: establezca ignore-invalid-headers en false en su mapa de configuración

picture zllovesuki en 18 oct. 2018
👍2

Todos 19 comentarios

¿tal vez nginx agregó algo jugoso a los encabezados y luego Minio se queja?

zllovesuki picture zllovesuki en 31 jul. 2018

@zllovesuki , ¿tienes un proxy Nginx entre Minio? ¿Puedes señalar directamente a Minio y ver si funciona?

harshavardhana picture harshavardhana en 31 jul. 2018

@harshavardhana bueno, se está ejecutando en Kubernetes, por lo que Ingress siempre está ahí. No creo que nginx sea el problema porque las versiones anteriores de mc funcionan bien con Nginx entre el usuario y Minio.

zllovesuki picture zllovesuki en 1 ago. 2018

@harshavardhana bueno, se está ejecutando en Kubernetes, por lo que Ingress siempre está ahí. No creo que nginx sea el problema porque las versiones anteriores de mc funcionan bien con Nginx entre el usuario y Minio.

Entonces tal vez necesite reproducir esto localmente, tal vez los cambios recientes en la firma v4 estén causando el problema. @zllovesuki

harshavardhana picture harshavardhana en 1 ago. 2018

Todavía está roto a partir del lanzamiento actual en homebrew.

Rachels-MacBook:~ rachel$ mc version
Version: 2018-09-10T23:39:12Z
Release-tag: RELEASE.2018-09-10T23-39-12Z
Commit-id: c352cadd4be2c6bed64884c78d1e8a8ac6efaf3f
zllovesuki picture zllovesuki en 12 sept. 2018

Todavía está roto a partir del lanzamiento actual en homebrew.

Por lo que puedo ver, esto tiene que ver con su proxy nginx, no estoy seguro de qué está tratando de hacer con los encabezados. Parece que no puedo reproducirlo.

harshavardhana picture harshavardhana en 14 sept. 2018

Todavía está roto para mí también, reproducible con Minio detrás de nginx y mc en MacOS.

mc version Version: 2018-09-26T00:42:43Z Release-tag: RELEASE.2018-09-26T00-42-43Z Commit-id: 87f7e65c4c837c8886bf2dd8800c445983b36187

Las versiones anteriores de mc funcionaron bien. La interfaz web de Minio también funciona bien.

@zllovesuki ¿Has encontrado una solución?

tholu picture tholu en 10 oct. 2018

Mi configuración de nginx:

''
minio_servers ascendentes {
servidor 127.0.0.1:9001;
servidor 127.0.0.1:9002;
servidor 127.0.0.1:9003;
servidor 127.0.0.1:9004;
}

servidor {
nombre_servidor my.minio.server;
client_max_body_size 512M;

location / {
    proxy_set_header Host $http_host;
    proxy_pass       http://minio_servers;
}

listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/my.minio.server/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/my.minio.server/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}

tholu picture tholu en 10 oct. 2018

¡Encontré el problema!

Este es el encabezado adicional que solo se agrega para archivos con un atributo xattr personalizado en MacOS: X-Amz-Meta-Com.apple.quarantine: 0082;5bbe2ec5;Keka;

Verifique los atributos existentes con: xattr file.zip
Puede deshacerse de los atributos (aquí: com.apple.quarantine ) de la siguiente manera:
xattr -d com.apple.quarantine file.zip

Después de eso, cargar con mc funciona bien.

tholu picture tholu en 10 oct. 2018

Interesante, revisaré mi computadora más tarde.

zllovesuki picture zllovesuki en 11 oct. 2018

Puede confirmar.

Rachels-MacBook:~ rachel$ xattr -d com.apple.quarantine ~/Downloads/ezgif.com-optimize.gif 
Rachels-MacBook:~ rachel$ mc --debug cp ~/Downloads/ezgif.com-optimize.gif rachel/dist/hue.gif
mc: <DEBUG> GET /dist/?location= HTTP/1.1
Host: rachel.objectstore.co
User-Agent: Minio (darwin; amd64) minio-go/v6.0.6 mc/2018-09-10T23:39:12Z
Authorization: AWS4-HMAC-SHA256 Credential=rachel/20181013/us-east-1/s3/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date, Signature=**REDACTED**
X-Amz-Content-Sha256: UNSIGNED-PAYLOAD
X-Amz-Date: 20181013T010120Z
Accept-Encoding: gzip

mc: <DEBUG> HTTP/1.1 200 OK
Transfer-Encoding: chunked
Accept-Ranges: bytes
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
Content-Type: application/xml
Date: Sat, 13 Oct 2018 01:01:21 GMT
Strict-Transport-Security: max-age=15724800; includeSubDomains
Vary: Accept-Encoding
Vary: Origin
X-Amz-Request-Id: 155D054E3C2F83F1
X-Xss-Protection: 1; mode=block

mc: <DEBUG> Response Time:  411.104274ms

mc: <DEBUG> GET /dist/?delimiter=%2F&max-keys=1000&prefix=hue.gif HTTP/1.1
Host: rachel.objectstore.co
User-Agent: Minio (darwin; amd64) minio-go/v6.0.6 mc/2018-09-10T23:39:12Z
Authorization: AWS4-HMAC-SHA256 Credential=rachel/20181013/us-east-1/s3/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date, Signature=**REDACTED**
X-Amz-Content-Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
X-Amz-Date: 20181013T010121Z
Accept-Encoding: gzip

mc: <DEBUG> HTTP/1.1 200 OK
Transfer-Encoding: chunked
Accept-Ranges: bytes
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
Content-Type: application/xml
Date: Sat, 13 Oct 2018 01:01:21 GMT
Strict-Transport-Security: max-age=15724800; includeSubDomains
Vary: Accept-Encoding
Vary: Origin
X-Amz-Request-Id: 155D054E3E630800
X-Xss-Protection: 1; mode=block

mc: <DEBUG> Response Time:  30.125179ms

mc: <DEBUG> HEAD /dist/hue.gif HTTP/1.1
Host: rachel.objectstore.co
User-Agent: Minio (darwin; amd64) minio-go/v6.0.6 mc/2018-09-10T23:39:12Z
Authorization: AWS4-HMAC-SHA256 Credential=rachel/20181013/us-east-1/s3/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date, Signature=**REDACTED**
X-Amz-Content-Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
X-Amz-Date: 20181013T010121Z

mc: <DEBUG> HTTP/1.1 404 Not Found
Connection: close
Accept-Ranges: bytes
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
Date: Sat, 13 Oct 2018 01:01:21 GMT
Strict-Transport-Security: max-age=15724800; includeSubDomains
Vary: Origin
X-Amz-Request-Id: 155D054E4051BC08
X-Xss-Protection: 1; mode=block

mc: <DEBUG> Response Time:  32.376025ms

mc: <DEBUG> GET /dist/?delimiter=%2F&max-keys=1000&prefix=hue.gif HTTP/1.1
Host: rachel.objectstore.co
User-Agent: Minio (darwin; amd64) minio-go/v6.0.6 mc/2018-09-10T23:39:12Z
Authorization: AWS4-HMAC-SHA256 Credential=rachel/20181013/us-east-1/s3/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date, Signature=**REDACTED**
X-Amz-Content-Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
X-Amz-Date: 20181013T010121Z
Accept-Encoding: gzip

mc: <DEBUG> HTTP/1.1 200 OK
Transfer-Encoding: chunked
Accept-Ranges: bytes
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
Content-Type: application/xml
Date: Sat, 13 Oct 2018 01:01:21 GMT
Strict-Transport-Security: max-age=15724800; includeSubDomains
Vary: Accept-Encoding
Vary: Origin
X-Amz-Request-Id: 155D054E424FF8C5
X-Xss-Protection: 1; mode=block

mc: <DEBUG> Response Time:  33.95394ms

mc: <DEBUG> HEAD /dist/hue.gif HTTP/1.1
Host: rachel.objectstore.co
User-Agent: Minio (darwin; amd64) minio-go/v6.0.6 mc/2018-09-10T23:39:12Z
Authorization: AWS4-HMAC-SHA256 Credential=rachel/20181013/us-east-1/s3/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date, Signature=**REDACTED**
X-Amz-Content-Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
X-Amz-Date: 20181013T010121Z

mc: <DEBUG> HTTP/1.1 404 Not Found
Connection: close
Accept-Ranges: bytes
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
Date: Sat, 13 Oct 2018 01:01:21 GMT
Strict-Transport-Security: max-age=15724800; includeSubDomains
Vary: Origin
X-Amz-Request-Id: 155D054E444DEED8
X-Xss-Protection: 1; mode=block

mc: <DEBUG> Response Time:  28.903296ms

...optimize.gif:  1.99 MB / 1.99 MB  ▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓  100.00% 3.15 MB/s 0smc: <DEBUG> PUT /dist/hue.gif HTTP/1.1
Host: rachel.objectstore.co
User-Agent: Minio (darwin; amd64) minio-go/v6.0.6 mc/2018-09-10T23:39:12Z
Content-Length: 2083206
Authorization: AWS4-HMAC-SHA256 Credential=rachel/20181013/us-east-1/s3/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date, Signature=**REDACTED**
Content-Type: image/gif
X-Amz-Content-Sha256: UNSIGNED-PAYLOAD
X-Amz-Date: 20181013T010121Z
Accept-Encoding: gzip

mc: <DEBUG> HTTP/1.1 200 OK
Content-Length: 0
Accept-Ranges: bytes
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
Date: Sat, 13 Oct 2018 01:01:22 GMT
Etag: "c0e09c3ba99d1133c8c848e29fb27430"
Strict-Transport-Security: max-age=15724800; includeSubDomains
Vary: Origin
X-Amz-Request-Id: 155D054E84C7E947
X-Xss-Protection: 1; mode=block

mc: <DEBUG> Response Time:  1.088734018s

...optimize.gif:  1.99 MB / 1.99 MB  ▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓  100.00% 1.82 MB/s 1s

¿Es una buena idea que mc elimine esos atributos?

zllovesuki picture zllovesuki en 13 oct. 2018

¿Es una buena idea que mc elimine esos atributos?

Podemos admitirlo @zllovesuki ; debe ser un error.

harshavardhana picture harshavardhana en 13 oct. 2018

parece que esto funciona bien cuando uso directamente Minio

mc: <DEBUG> POST /sjm-airlines/rhel-server-7.4-x86_64-dvd.iso?uploads= HTTP/1.1
Host: localhost:9000
User-Agent: Minio (linux; amd64) minio-go/v6.0.8 mc/2018-10-11T22:45:56Z
Content-Length: 0
Authorization: AWS4-HMAC-SHA256 Credential=minio/20181013/us-east-1/s3/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date;x-amz-meta-user.xdg.origin.url, Signature=**REDACTED**
Content-Type: application/x-iso9660-image
X-Amz-Content-Sha256: UNSIGNED-PAYLOAD
X-Amz-Date: 20181013T010537Z
X-Amz-Meta-User.xdg.origin.url: https://access.cdn.redhat.com//content/origin/files/sha256/43/431a58c8c0351803a608ffa56948c5a7861876f78ccbe784724dd8c987ff7000/rhel-server-7.4-x86_64-dvd.iso?_auth_=1520282889_258e1e3f3dc397397d0dace5891c60aa
Accept-Encoding: gzip

El problema parece provenir del nginx que intenta hacer algo con estos encabezados, ¿puede habilitar MINIO_HTTP_TRACE = / dev / stdout para ver lo que nginx está enviando a Minio?

@zllovesuki ^^

harshavardhana picture harshavardhana en 13 oct. 2018

@harshavardhana stdout va a explotar si hago TRACE en el servidor prod. ¿Quizás puedas hacer referencia a la configuración de @tholu ?

zllovesuki picture zllovesuki en 13 oct. 2018

@harshavardhana stdout va a explotar si hago TRACE en el servidor prod. ¿Quizás puedas hacer referencia a la configuración de @tholu ?

@zllovesuki , incluso puedes escribir en un archivo @zllovesuki ? MINIO_HTTP_TRACE = trace.log

harshavardhana picture harshavardhana en 13 oct. 2018

Finalmente tengo tiempo para sentarme ...

Aquí está el archivo de seguimiento. minio-trace.txt

Como referencia, este es el yaml para la prueba minio:

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: minio-test
  namespace: objectstore
spec:
  rules:
  - host: test.objectstore.co
    http:
      paths:
      - backend:
          serviceName: minio-test
          servicePort: 9000
        path: /
  tls:
  - hosts:
    - test.objectstore.co
    secretName: objectstore-tls-gs
---
apiVersion: v1
kind: Service
metadata:
  name: minio-test
  namespace: objectstore
spec:
  ports:
  - port: 9000
    protocol: TCP
    targetPort: 9000
  selector:
    app: minio-test
  sessionAffinity: None
  type: ClusterIP
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  labels:
    app: minio-test
  name: minio-test
  namespace: objectstore
spec:
  replicas: 1
  selector:
    matchLabels:
      app: minio-test
  strategy:
    type: Recreate
  template:
    metadata:
      labels:
        app: minio-test
    spec:
      containers:
      - args:
        - server
        - /storage
        command:
        - minio
        env:
        - name: MINIO_ACCESS_KEY
          value: test
        - name: MINIO_SECRET_KEY
          value: testtest123
        - name: MINIO_BROWSER
          value: "off"
        - name: _MINIO_CACHE
          value: "off"
        - name: MINIO_HTTP_TRACE
          value: "/dev/stdout"
        image: minio/minio:RELEASE.2018-07-13T00-09-07Z
        imagePullPolicy: IfNotPresent
        name: minio
        ports:
        - containerPort: 9000
          protocol: TCP
        volumeMounts:
        - mountPath: /storage
          name: storage
      dnsPolicy: ClusterFirst
      restartPolicy: Always
      volumes:
      - name: storage
        emptyDir: {}

Controlador de entrada desde: https://github.com/kubernetes/ingress-nginx. Ejecutando imagen quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.19.0 , con la siguiente configuración:

apiVersion: v1
data:
  disable-access-log: "true"
  enable-dynamic-tls-records: "true"
  enable-modsecurity: "false"
  enable-owasp-modsecurity-crs: "false"
  enable-vts-status: "true"
  error-log-level: warn
  keep-alive: "60"
  load-balance: ip_hash
  max-worker-connections: "20480"
  proxy-body-size: 2g
  proxy-buffer-size: 64k
  proxy-connect-timeout: "5"
  proxy-read-timeout: "3600"
  proxy-send-timeout: "3600"
  proxy-stream-timeout: "604800"
  server-name-hash-max-size: "512"
  server-tokens: "false"
  ssl-ciphers: ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS
  ssl-dh-param: default/nginx-dhparam-4096
  ssl-ecdh-curve: prime256v1:secp384r1:secp521r1
  ssl-protocols: TLSv1 TLSv1.1 TLSv1.2
  ssl-session-tickets: "false"
  worker-processes: "4"
kind: ConfigMap
metadata:
  name: nginx-conf
  namespace: default
zllovesuki picture zllovesuki en 18 oct. 2018

@zllovesuki encontramos la solución https://github.com/minio/mc/issues/2569 y, de hecho, es el problema de Nginx

harshavardhana picture harshavardhana en 18 oct. 2018
👍1

para las personas que buscan en Google: establezca ignore-invalid-headers en false en su mapa de configuración

zllovesuki picture zllovesuki en 18 oct. 2018
👍2

Este hilo se ha bloqueado automáticamente ya que no ha habido ninguna actividad reciente después de que se cerró. Abra un nuevo problema para errores relacionados.

lock[bot] picture lock[bot] en 25 abr. 2020
¿Fue útil esta página
0 / 5 - 0 calificaciones

Temas relacionados

lavvy picture lavvy  ·  15Comentarios
tru2dagame picture tru2dagame  ·  6Comentarios
roman-m-work picture roman-m-work  ·  4Comentarios
mausch picture mausch  ·  8Comentarios
nikwen picture nikwen  ·  15Comentarios