https://github.com/minio/object-browser

Simple UI for MinIO Object Storage :abacus:
https://github.com/minio/object-browser

console go golang k8s mc minio minio-client minio-console minio-server minio-storage operator tls

Last synced: 16 days ago
JSON representation

Simple UI for MinIO Object Storage :abacus:

• Host: GitHub
• URL: https://github.com/minio/object-browser
• Owner: minio
• License: agpl-3.0
• Created: 2020-04-02T04:55:44.000Z (almost 6 years ago)
• Default Branch: master
• Last Pushed: 2025-09-05T21:04:53.000Z (5 months ago)
• Last Synced: 2025-09-05T21:25:23.258Z (5 months ago)
• Topics: console, go, golang, k8s, mc, minio, minio-client, minio-console, minio-server, minio-storage, operator, tls
• Language: JavaScript
• Homepage: https://min.io/docs/minio/linux/index.html
• Size: 669 MB
• Stars: 1,070
• Watchers: 27
• Forks: 450
• Open Issues: 12
• Metadata Files:
  • Readme: README.md
  • Changelog: CHANGELOG.md
  • Contributing: CONTRIBUTING.md
  • License: LICENSE
  • Code of conduct: code_of_conduct.md
  • Security: SECURITY.md
  • Notice: NOTICE

Awesome Lists containing this project

README

          
# MinIO Console

![build](https://github.com/minio/object-browser/actions/workflows/jobs.yaml/badge.svg) ![license](https://img.shields.io/badge/license-AGPL%20V3-blue)

A graphical user interface for [MinIO](https://github.com/minio/minio)

| Object Browser                       | Creating a bucket                     | Object Details                  |

|--------------------------------------|-------------------------------|---------------------------------|

| ![Object Browser](images/pic1-a.png) | ![Dashboard](images/pic2-a.png) | ![Dashboard](images/pic3-a.png) |

| ![Object Browser](images/pic1-b.png) | ![Dashboard](images/pic2-b.png) | ![Dashboard](images/pic3-b.png) |

**Table of Contents**

- [MinIO Console](#minio-console)

  - [Install](#install)

    - [Build from source](#build-from-source)

  - [Setup](#setup)

    - [1. Create a user `console` using `mc`](#1-create-a-user-console-using-mc)

    - [2. Create a policy for `console` with admin access to all resources (for testing)](#2-create-a-policy-for-console-with-admin-access-to-all-resources-for-testing)

    - [3. Set the policy for the new `console` user](#3-set-the-policy-for-the-new-console-user)

  - [Start Console service:](#start-console-service)

  - [Start Console service with TLS:](#start-console-service-with-tls)

  - [Connect Console to a Minio using TLS and a self-signed certificate](#connect-console-to-a-minio-using-tls-and-a-self-signed-certificate)

- [Contribute to console Project](#contribute-to-console-project)

MinIO Console is a library that provides a management and browser UI overlay for the MinIO Server.

## Setup

All `console` needs is a MinIO user with admin privileges and URL pointing to your MinIO deployment.

> [!NOTE]

> We don't recommend using MinIO's Operator Credentials

### 1. Create a user `console` using `mc`

```bash

mc admin user add myminio/

Enter Access Key: console

Enter Secret Key: xxxxxxxx

```

### 2. Create a policy for `console` with admin access to all resources (for testing)

```sh

cat > admin.json << EOF

{

	"Version": "2012-10-17",

	"Statement": [{

			"Action": [

				"admin:*"

			],

			"Effect": "Allow",

			"Sid": ""

		},

		{

			"Action": [

                "s3:*"

			],

			"Effect": "Allow",

			"Resource": [

				"arn:aws:s3:::*"

			],

			"Sid": ""

		}

	]

}

EOF

```

```sh

mc admin policy create myminio/ consoleAdmin admin.json

```

### 3. Set the policy for the new `console` user

```sh

mc admin policy attach myminio consoleAdmin --user=console

```

> [!NOTE]

> Additionally, you can create policies to limit the privileges for other `console` users, for example, if you

> want the user to only have access to dashboard, buckets, notifications and watch page, the policy should look like

> this:

> ```json

> {

>   "Version": "2012-10-17",

>   "Statement": [

>     {

>       "Action": [

> 	"admin:ServerInfo"

>       ],

>       "Effect": "Allow",

>       "Sid": ""

>     },

>     {

>       "Action": [

> 	"s3:ListenBucketNotification",

> 	"s3:PutBucketNotification",

> 	"s3:GetBucketNotification",

> 	"s3:ListMultipartUploadParts",

> 	"s3:ListBucketMultipartUploads",

> 	"s3:ListBucket",

> 	"s3:HeadBucket",

> 	"s3:GetObject",

> 	"s3:GetBucketLocation",

> 	"s3:AbortMultipartUpload",

> 	"s3:CreateBucket",

> 	"s3:PutObject",

> 	"s3:DeleteObject",

> 	"s3:DeleteBucket",

> 	"s3:PutBucketPolicy",

> 	"s3:DeleteBucketPolicy",

> 	"s3:GetBucketPolicy"

>       ],

>       "Effect": "Allow",

>       "Resource": [

> 	"arn:aws:s3:::*"

>       ],

>       "Sid": ""

>     }

>   ]

> }

> ```

## Start Console service:

Before running console service, following environment settings must be supplied

```sh

# Salt to encrypt JWT payload

export CONSOLE_PBKDF_PASSPHRASE=SECRET

# Required to encrypt JWT payload

export CONSOLE_PBKDF_SALT=SECRET

# MinIO Endpoint

export CONSOLE_MINIO_SERVER=http://localhost:9000

```

Now start the console service.

```

./console server

2021-01-19 02:36:08.893735 I | 2021/01/19 02:36:08 server.go:129: Serving console at http://localhost:9090

```

By default `console` runs on port `9090` this can be changed with `--port` of your choice.

## Start Console service with TLS:

Copy your `public.crt` and `private.key` to `~/.console/certs`, then:

```sh

./console server

2021-01-19 02:36:08.893735 I | 2021/01/19 02:36:08 server.go:129: Serving console at http://[::]:9090

2021-01-19 02:36:08.893735 I | 2021/01/19 02:36:08 server.go:129: Serving console at https://[::]:9443

```

For advanced users, `console` has support for multiple certificates to service clients through multiple domains.

Following tree structure is expected for supporting multiple domains:

```sh

 certs/

  │

  ├─ public.crt

  ├─ private.key

  │

  ├─ example.com/

  │   │

  │   ├─ public.crt

  │   └─ private.key

  └─ foobar.org/

     │

     ├─ public.crt

     └─ private.key

  ...

```

## Connect Console to a Minio using TLS and a self-signed certificate

Copy the MinIO `ca.crt` under `~/.console/certs/CAs`, then:

```sh

export CONSOLE_MINIO_SERVER=https://localhost:9000

./console server

```

You can verify that the apis work by doing the request on `localhost:9090/api/v1/...`

## Debug logging

In some cases it may be convenient to log all HTTP requests. This can be enabled by setting

the `CONSOLE_DEBUG_LOGLEVEL` environment variable to one of the following values:

 - `0` (default) uses no logging.

 - `1` log single line per request for server-side errors (status-code 5xx).

 - `2` log single line per request for client-side and server-side errors (status-code 4xx/5xx).

 - `3` log single line per request for all requests (status-code 4xx/5xx).

 - `4` log details per request for server-side errors (status-code 5xx).

 - `5` log details per request for client-side and server-side errors (status-code 4xx/5xx).

 - `6` log details per request for all requests (status-code 4xx/5xx).

 A single line logging has the following information:

 - Remote endpoint (IP + port) of the request. Note that reverse proxies may hide the actual remote endpoint of the client's browser.

 - HTTP method and URL

 - Status code of the response (websocket connections are hijacked, so no response is shown)

 - Duration of the request

The detailed logging also includes all request and response headers (if any).

 

# Contribute to console Project

Please follow console [Contributor's Guide](https://github.com/minio/console/blob/master/CONTRIBUTING.md)