Another solution to invalid login error although the credentials are correct when behind a reverse proxy. #21222
Replies: 2 comments 2 replies
-
|
MINIO_SERVER_URL is deprecated anyway, just don't set it. |
Beta Was this translation helpful? Give feedback.
-
|
Interesting, because only setting it to the local domain solved the invalid login problem for me. |
Beta Was this translation helpful? Give feedback.
-
|
I ran into the same issue where MinIO loads fine through Coolify but always returns βinvalid loginβ on the console, even with correct credentials and valid SSL. My setup
Root causeMinIO console β API communication happens over your HTTPS domain. That means: If UFW doesnβt allow traffic from the container subnet to port 443, the login request never reaches MinIO internally β the console reports βinvalid login.β I confirmed this in This showed UFW was blocking 10.0.6.0/24, which was the MinIO appβs Docker network. Fix
docker network ls
docker network inspect <network-name>
sudo ufw allow from <docker-subnet>/24
sudo ufw reloadIn my case: sudo ufw allow from 10.0.6.0/24I already had 10.0.1.0/24 allowed (Coolifyβs own network), but MinIO was running on a different Docker bridge. ResultAs soon as I allowed the missing Docker subnet β MinIO console login worked instantly over HTTPS. Hopefully this helps someone else running MinIO behind Coolify + UFW! |
Beta Was this translation helpful? Give feedback.
-
|
Thank you for the solution. It fixed the issue on my coolify-deployed MinIO. |
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
Uh oh!
There was an error while loading. Please reload this page.
-
I newly deployed the latest version as of this writing on Caprover which uses nginx as a reserve proxy for the containers.
Although
MINIO_ROOT_USERandMINIO_ROOT_PASSWORDare set and correctly entered, and althoughMINIO_SERVER_URLis set correctly, MinIO panel says invalid login. Checking the browser console, it has HTTP 401 errors sometimes accompanied with HTTP 500.This is caused by being behind a reverse proxy and the MinIO docs already have a configuration guide on the particular case of nginx. But if you are using this reverse proxy for serving other things too, like in the case of Caprover, or a similar self-hosted PaaS (like Coolify, Dokploy etc.), you wouldn't want to mess around the nginx config files. Instead, you could change the environment variable for the API URL to match the local domain instead of its public domain.
For example your public FQDN for the API is
https://minio-api.example.comand this will be set toMINIO_SERVER_URLby default. Instead, use the local domain likehttp://minio-api.local-domain(along with the port if you need). (In my case of Caprover, it is something likehttp://srv-captain--minio-api) Mind that not only the domain changed but also the protocol did. I usedhttpand nothttps, as it is locally served on the host.Also on the API container, the
UPSTREAM_HTTP_ADDRESSvar should be local too. Instead ofhttps://minio.example.com, in my case it is something likehttp://srv-captain--minio:9000. This resolves the invalid login error without having to edit any ngnix config.Beta Was this translation helpful? Give feedback.
All reactions