Configuring Nginx Reverse Proxy for MinIO Cluster
Environment Setup
A MinIO deployment consisting of three clustered servers requires load balancing through Nginx to enable reverse proxy access.
Location Block Configuration Issue
Symptom:
Accessing https://hcmminio.xxx.com/minio results in a 404 error and browser console shows what appears to be CORS-related issues:
Referrer Policy: strict-origin-when-cross-origin
The actual problem stems from incorrect Nginx configuration rather than cross-origin restrictions. Here's the problematic setup:
http {
...
upstream minioconsole {
server 192.10.16.203:9001;
server 192.10.16.204:9001;
server 192.10.16.210:9001;
}
server {
listen 443 ssl;
server_name hcmminio.xxx.com;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
ssl_certificate /etc/nginx/ssl/xxx.com.pem;
ssl_certificate_key /etc/nginx/ssl/xxx.com.key;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
# Incorrect path mapping - MinIO doesn't expect /minio prefix
location /minio {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_http_version 1.1;
proxy_pass http://minioconsole;
}
}
}
Solution: Change location /minio to location / to properly route requests to the MinIO console.
WebSocket Connection Problems
Symptom:
When browsing bucket contents over HTTPS, the interface remains stuck on loading screens. Browser developer tools reveal multiple WebSocket connection failures.
This issue occurs specifically with secure connections and relates to WebSocket upgrade handling. Similar problems are documented in referenced technical articles.
Solution: Add WebSocket support headers to the Nginx configuration:
http {
...
upstream minio_cluster_console {
server 192.10.16.203:9001;
server 192.10.16.204:9001;
server 192.10.16.210:9001;
}
server {
listen 443 ssl;
server_name hcmminio.xxx.com;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
ssl_certificate /etc/nginx/ssl/xxx.com.pem;
ssl_certificate_key /etc/nginx/ssl/xxx.com.key;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_http_version 1.1;
# WebSocket support headers
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_pass http://minio_cluster_console;
}
}
}
Apply changes by reloading Nginx configurasion (nginx -s reload) or restarting the service.
