[Support] cheesemarathons repo


Recommended Posts

On 5/5/2021 at 4:01 AM, neupsh said:

Hi @cheesemarathon,

 

The icon for Oauth Proxy sticks for a while when update it by editing the docker but it keeps loosing it.

Looks like the icon url in the template

 


https://raw.githubusercontent.com/oauth2-proxy/oauth2-proxy/master/docs/logos/OAuth2_Proxy_icon.png 

 

has moved and is now


https://github.com/oauth2-proxy/oauth2-proxy/raw/master/docs/static/img/logos/OAuth2_Proxy_icon.png

 

can you please update the template to include it?

Apologies if you have already updated it and I am probably somehow still on old template. In that case can you suggest how to update it :)

Thanks.

 

Updated!

Link to comment
  • 1 month later...
  • 2 weeks later...
  • 3 weeks later...

Hello,

 

Can someone post screenshots, tutorials, etc. of how they got this to work? I was able to clear the original issue:

 

WARNING: MINIO_ACCESS_KEY and MINIO_SECRET_KEY are deprecated.
Please use MINIO_ROOT_USER and MINIO_ROOT_PASSWORD

 

No just need to figure out the following:

 

WARNING: Console endpoint is listening on a dynamic port (34921), please use --console-address ":PORT" to choose a static port.

 

Any help is sincerely approciated!

Link to comment

minio stop working

 

WARNING: MINIO_ACCESS_KEY and MINIO_SECRET_KEY are deprecated.
Please use MINIO_ROOT_USER and MINIO_ROOT_PASSWORD
API: http://172.17.0.13:9000 http://127.0.0.1:9000

Console: http://172.17.0.13:35209 http://127.0.0.1:35209

Documentation: https://docs.min.io

WARNING: Console endpoint is listening on a dynamic port (35209), please use --console-address ":PORT" to choose a static port.

Link to comment

Hi all,

 

I hope this is the right place to ask for help, it's related to nginx reverse proxy config for Oauth2_proxy. wasn't sure where else to ask! 

 

I have setup Oauth2_proxy with nginx reverse proxy under my swag container, all working fine, however I was setting up individual callback url's for every single app I have running on every single subdomain of my domain.

 

I have now setup a single callback url using redirect_url in Ouath2_proxy's config, but now nginx is not doing the second hop redirect to the original requested url..

 

anyone know how to get this setup? many thanks in advance!

 

oauth2_proxy and one of my proxy confs below for your reference.

 

oauth-conf.png

 

config.png

Link to comment

I updated Minio to the latest version but I'm still having problems connecting

 

I added

MINIO_ROOT_PASSWORD:

and

MINIO_ROOT_USER:

 

since it was telling them it needed them. After relaunching the docker I now get this

 

 

WARNING: Console endpoint is listening on a dynamic port (46167), please use --console-address ":PORT" to choose a static port.

 

Link to comment
16 hours ago, SolaAesir said:

This thread has help for the port issue with the Minio template.

this is working, using internal ip or external web address, but now you can not use it with duplicati, since i use duplicati (on my devices)+minio for backup, now you can not create a connection you get "Failed to connect: 'doctype' is an unexpected token. The expected token is 'DOCTYPE'. Line 1, position 3.", i'm not sure how to react to this, something was fixed, something else got broken 😷

Edited by Danuel
Link to comment

anyone know how to fix this problem ?

"Failed to connect: 'doctype' is an unexpected token. The expected token is 'DOCTYPE'. Line 1, position 3."

 

i did try with different client s3 browser, cloudberry, and i get the same problem, i think this is something related to minio

Link to comment

Danuel,

 

Post your Unraid setting for the Minio container.

 

Here is how I have mine set.

 

The CONSOLE port is now used for Web UI - management.

The API port is what is used for client connectivity.

 

Settings I used in Unraid (Advanced view):

1995852637_ScreenShot2021-07-29at1_53_22PM.thumb.png.20185b4e7db3635615e4f26dcc15601c.png

 

229426525_ScreenShot2021-07-29at1_47_37PM.thumb.png.7972fd289c3745c905eba79c7d61be87.png

 

 

Reminder, when connecting software to perform backups, etc, (Arq, GoodSync, Cloudberry, etc.) you will connect to the API port. So, if using NGINX Proxy Manager, you would map the connection to 9769 (in the example above).

Link to comment
4 hours ago, mfwade said:

Danuel,

 

Post your Unraid setting for the Minio container.

 

Here is how I have mine set.

 

The CONSOLE port is now used for Web UI - management.

The API port is what is used for client connectivity.

 

Settings I used in Unraid (Advanced view):

1995852637_ScreenShot2021-07-29at1_53_22PM.thumb.png.20185b4e7db3635615e4f26dcc15601c.png

 

229426525_ScreenShot2021-07-29at1_47_37PM.thumb.png.7972fd289c3745c905eba79c7d61be87.png

 

 

Reminder, when connecting software to perform backups, etc, (Arq, GoodSync, Cloudberry, etc.) you will connect to the API port. So, if using NGINX Proxy Manager, you would map the connection to 9769 (in the example above).

your default template is way different then my, however this is not working, cant start container with either internal ip or external

 

Link to comment
  • 3 weeks later...
On 7/27/2021 at 6:23 AM, spacey said:

Hi all,

 

I hope this is the right place to ask for help, it's related to nginx reverse proxy config for Oauth2_proxy. wasn't sure where else to ask! 

 

I have setup Oauth2_proxy with nginx reverse proxy under my swag container, all working fine, however I was setting up individual callback url's for every single app I have running on every single subdomain of my domain.

 

I have now setup a single callback url using redirect_url in Ouath2_proxy's config, but now nginx is not doing the second hop redirect to the original requested url..

 

anyone know how to get this setup? many thanks in advance!

 

oauth2_proxy and one of my proxy confs below for your reference.

 

oauth-conf.png

 

config.png


Images have timed out, but here is one of my configs:

 

server {
	listen 80;
	server_name app.domain.com;
	return 301 https://$server_name$request_uri;
}

server {
  listen 443 ssl;
  server_name app.domain.com;
  
  ssl_certificate /config/keys/letsencrypt/fullchain.pem;
  ssl_certificate_key /config/keys/letsencrypt/privkey.pem;
  ssl_prefer_server_ciphers on;
  add_header Strict-Transport-Security max-age=2592000;

  location /oauth2/ {
    proxy_pass       http://192.168.1.41:4180;
    proxy_set_header Host                    $host;
    proxy_set_header X-Real-IP               $remote_addr;
    proxy_set_header X-Scheme                $scheme;
    proxy_set_header X-Auth-Request-Redirect $request_uri;
  }
  location = /oauth2/auth {
    proxy_pass       http://192.168.1.41:4180;
    proxy_set_header Host             $host;
    proxy_set_header X-Real-IP        $remote_addr;
    proxy_set_header X-Scheme         $scheme;
    # nginx auth_request includes headers but not body
    proxy_set_header Content-Length   "";
    proxy_pass_request_body           off;
  }

  location / {
    auth_request /oauth2/auth;
    error_page 401 = /oauth2/sign_in;

    # pass information via X-User and X-Email headers to backend,
    # requires running with --set-xauthrequest flag
    auth_request_set $user   $upstream_http_x_auth_request_user;
    auth_request_set $email  $upstream_http_x_auth_request_email;
    proxy_set_header X-User  $user;
    proxy_set_header X-Email $email;

    # if you enabled --cookie-refresh, this is needed for it to work with auth_request
    auth_request_set $auth_cookie $upstream_http_set_cookie;
    add_header Set-Cookie $auth_cookie;
	
	include /config/nginx/proxy.conf;
	
	add_header X-Frame-Options SAMEORIGIN;

	proxy_pass http://192.168.1.41:9080;

  }
}

 

Link to comment

After the latest update the Minio container cannot start. I get the following error:

ERROR Unable to validate credentials inherited from the shell environment: Invalid credentials

> Please provide correct credentials
HINT:
Access key length should be at least 3, and secret key length at least 8 characters

 

Link to comment

Looks like I am not the only one. I can no longer connect to Minio from Arq or duplicacy (CLI). I can still log into the Minio Web UI after having set the root username and password. It does show the previous buckets and such, so no data is lost. When trying to connect from Arq, I get 

 

Quote

The Access Key Id you provided does not exist in our records

 

From duplicacy

 

Quote

The storage has not been initialized

 

Mind you, no changes have been made and the access and secret key are the same as always. I changed docker network type to 'Host' to get access to the GUI working again.

 

Any suggestions about what to try next would be greatly appreciated. This used to work so well, it'd be a real bummer if I had to move to a different backup system:(

 

Thanks

Link to comment
12 minutes ago, langrock said:

Looks like I am not the only one. I can no longer connect to Minio from Arq or duplicacy (CLI). I can still log into the Minio Web UI after having set the root username and password. It does show the previous buckets and such, so no data is lost. When trying to connect from Arq, I get 

 

 

From duplicacy

 

 

Mind you, no changes have been made and the access and secret key are the same as always. I changed docker network type to 'Host' to get access to the GUI working again.

 

Any suggestions about what to try next would be greatly appreciated. This used to work so well, it'd be a real bummer if I had to move to a different backup system:(

 

Thanks

I’ll have a poke in my system tonight as I haven’t updated mine yet. I did make a change to the template to fall inline with changes minio made to the env variables so maybe I cocked that up. Could you send a screenshot of your minio docker setup page in the unbraid ui? Thanks 

Link to comment

Thanks for looking into this. Would be super if this could be resolved. I am wondering if the container actually uses the as-defined access and secret keys. Screenshot attached. Please let me know if there's anything I can help with or if you see anything I should change about the configuration. Thanks

CLMediaServer-UpdateContainer.jpg

Link to comment
4 hours ago, langrock said:

Thanks for looking into this. Would be super if this could be resolved. I am wondering if the container actually uses the as-defined access and secret keys. Screenshot attached. Please let me know if there's anything I can help with or if you see anything I should change about the configuration. Thanks

CLMediaServer-UpdateContainer.jpg

 

Easy fix. You're using the env variables that minio has depreciated. I updated the template but they don't seem to have pulled through to you. Remove your container and create it again from community apps. Just don't delete your minio appdata as well!!!! @pervel This should also fix your issue.

 

I have just done the above as well and had no issues. Just make sure to fill in your same user and password as before.

  • Thanks 2
Link to comment

I'm a bit confused if both MINIO_ACCESS_KEY and MINIO_SECRET_KEY have been depreciated. How do you authenticate when you're connecting from a minio client since they require the access key and secret key?  I'm using restic under windows to backup to unraid minio but you can't connect unless you have both the access and secret key, same for FreeNAS since their cloud task (S3 in my case) requires both to authenticate

Edited by sickb0y
Link to comment
14 minutes ago, sickb0y said:

I'm a bit confused if both MINIO_ACCESS_KEY and MINIO_SECRET_KEY have been depreciated. How do you authenticate when you're connecting from a minio client since they require the access key and secret key?  I'm using restic under windows to backup to unraid minio but you can't connect unless you have both the access and secret key, same for FreeNAS since their cloud task (S3 in my case) requires both to authenticate

 

Those two variables still exist. What appears to be gone is the separate key pair used to access the web GUI. Right now it defaults to the ROOT access and secret key. You can define users and group within the web UI, though, which may then also allow those users with their separate keys to back up to the server, but I haven't tried that, yet. There's probably some document that explains how to generate compatible keys in case these need to fulfill certain requirements.

  • Like 1
Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.