Hi,
i try a local backup with minio and S3 compatible provider.
So i installed minio over the software center an uses the manual MinIO — NS8 documentation.
The login over the web front end https://minio-ui.nethserver.local works fine.
When i try to setup the backup repository S3 compatible provider, i get always “Cannot authenticate Check repository settings”.
So i do not understand, what i make wrong.
Is a step for step manual available?
Regards
Hi @Mastermind
If I recall correctly, your S3 implementation needs a valid SSL cert…
My 2 cents
Andy
Hi @Andy_Wismer ,
thanks for your answer.
I think the documentation reads like it’s optional.
Maybe I misunderstood that.
It runs on the same system.
So is there really a need for a certificate?
Regards
Hi @Andy_Wismer ,
i will use the server only in a local domain.
The server should not be reachable from the internet directly.
Only over VPN.
So is it possible to get a valid certificate for this environment that the connection for backup to minio on the same mashine works?
Regards
Let’s Encrypt is optional for MinIO configuration but the Restic backup client requires a valid certificate.
I think they are both right, but we need to find an agreement!
With little modifications to the MinIO module probably a good compromise can be found!
Thank you for testing it (and also for reading the docs)!
Added card Trello
Hi @davidep ,
“the Restic backup client requires a valid certificate”
is it at the moment possible to get or generate an valid certificate, wich works for my descriptive enviroment?
Regards
Giacomo did some research with Restic and Rclone: they both hardly accept a clear-text connection and they do not accept invalid certificates.
It seems using a MinIO instance as backup target can work effectively only with a valid certificate, and this does not make it eligible for a local backup.
For a generic local backup scenario, let’s go on with this discussion:
Hello @davidep ,
thanks for your Answer.
Sorry, But I am not sure if my question is answered.
At the moment S3 is the only possible way.
So is it possible to get or generate an valid certificate (without an public domain)?
I can not read it out of the answers.
Can you simply say yes or no?
And wehn yes, how this is possipble?
For the general diskussion about the local backup i will use the other feature request.
Regards
No, it isn’t. To obtain a LE certificate a public domain is required.
I’m not aware of the policy adopted by other public Certification Authorities, but I guess it is the same.
An alternative approach could be overriding the Restic image (derived from Alpine). That means
IMO it is safer and easier to use MinIO only for public domains, and use a different protocol for internal/local backups.