Documentation

MinIO Console Settings

This page covers settings that manage access and behavior for the MinIO Console.

You can establish or modify settings by defining:

  • an environment variable on the host system prior to starting or restarting the MinIO Server. Refer to your operating system’s documentation for how to define an environment variable.

  • a configuration setting using mc admin config set.

  • a configuration setting using the MinIO Console’s Administrator > Settings pages.

If you define both an environment variable and the similar configuration setting, MinIO uses the environment variable value.

Some settings have only an environment variable or a configuration setting, but not both.

Important

Each configuration setting controls fundamental MinIO behavior and functionality. MinIO strongly recommends testing configuration changes in a lower environment, such as DEV or QA, before applying to production.

Browser Settings

The following settings control behavior for the embedded MinIO Console.

MinIO Console

Optional

MINIO_BROWSER

Specify off to disable the embedded MinIO Console.

This setting does not have a configuration variable setting. Use the Environment Variable instead.

Animation

Optional

MINIO_BROWSER_LOGIN_ANIMATION

New in version MinIO: Server RELEASE.2023-05-04T21-44-30Z

Specify off to disable the animated login screen for the MinIO Console. Defaults to on.

This setting does not have a configuration variable setting. Use the Environment Variable instead.

Browser Redirect

Optional

MINIO_BROWSER_REDIRECT

New in version MinIO: Server RELEASE.2023-09-16T01-01-47Z

Specify whether requests from a web browser automatically redirect to the Console address. Defaults to true.

This setting does not have a configuration variable setting. Use the Environment Variable instead.

Browser Redirect URL

Optional

MINIO_BROWSER_REDIRECT_URL

Specify the Fully Qualified Domain Name (FQDN) the MinIO Console listens for incoming connections on.

If you want to host the MinIO Console exclusively from a reverse-proxy service, you must specify the hostname managed by that service.

For example, consider a reverse proxy configured to route https://example.net/minio/ to the MinIO Console. You must set this environment variable to match that hostname for the Console to both listen and respond to requests using that hostname.

If you omit this variable, the Console listens and responds to all IP addresses or hostnames associated to the host machine on which the MinIO Server runs.

This setting does not have a configuration variable setting. Use the Environment Variable instead.

Session Duration

Optional

MINIO_BROWSER_SESSION_DURATION

New in version MinIO: Server RELEASE.2023-08-23T10-07-06Z

Specify the duration of a browser session for working with the MinIO Console.

MinIO supports the following units of time measurement:

  • s - seconds, “60s”

  • m - minutes, “60m”

  • h - hours, “24h”

  • d - days, “7d”

Defaults to 12h.

This setting does not have a configuration variable setting. Use the Environment Variable instead.

Log Query URL

Optional

MINIO_LOG_QUERY_URL

Specify the URL of a PostgreSQL service to which MinIO writes Audit logs. The embedded MinIO Console provides a Log Search tool that allows querying the PostgreSQL service for collected logs.

This setting does not have a configuration variable setting. Use the Environment Variable instead.

Content Security Policy

Optional

Configure MinIO Console to generate a Content-Security-Policy header in HTTP responses. Defaults to default-src 'self' 'unsafe-eval' 'unsafe-inline';

MINIO_BROWSER_CONTENT_SECURITY_POLICY
set MINIO_BROWSER_CONTENT_SECURITY_POLICY="default-src 'self' 'unsafe-eval' 'unsafe-inline';"
browser csp_policy
mc admin config set browser \
   csp_policy="default-src 'self' 'unsafe-eval' 'unsafe-inline';" \
   [ARGUMENT=VALUE ...]

Strict Transport Security

Optional

Configure MinIO console to generate a Strict-Transport-Security header in HTTP responses.

To generate the header, you must set a duration using either MINIO_BROWSER_HSTS_SECONDS or hsts_seconds. Other HSTS settings are optional.

MINIO_BROWSER_HSTS_SECONDS

The max_age the configured policy remains in effect, in seconds. Defaults to 0, disabled. You must configure a non-zero duration to enable the Strict-Transport-Security header.

set MINIO_BROWSER_HSTS_SECONDS=31536000
MINIO_BROWSER_HSTS_INCLUDE_SUB_DOMAINS

Set to on to also apply the configured HSTS policy to all MinIO Console subdomains. Defaults to off.

set MINIO_BROWSER_HSTS_INCLUDE_SUB_DOMAINS="on"
MINIO_BROWSER_HSTS_PRELOAD

Set to on to direct the client browser to add the MinIO Console domain to its HSTS preload list. Defaults to off.

set MINIO_BROWSER_HSTS_INCLUDE_SUB_DOMAINS="on"

The following configuration settings require a service restart to take effect. To restart the service, use mc admin service restart.

browser hsts_seconds

The max_age the configured policy remains in effect, in seconds. Defaults to 0, disabled. You must configure a non-zero duration to enable the Strict-Transport-Security header.

mc admin config set browser \
   hsts_seconds="31536000" \
   [ARGUMENT=VALUE ...]
browser hsts_include_subdomains

Set to on to also apply the configured HSTS policy to all MinIO Console subdomains. Defaults to off.

mc admin config set browser \
   hsts_include_subdomains="on" \
   hsts_seconds="31536000" \
   [ARGUMENT=VALUE ...]
browser hsts_preload

Set to on to direct the client browser to add the MinIO Console domain to its HSTS preload list. Defaults to off.

mc admin config set browser \
   hsts_preload="on" \
   hsts_seconds="31536000" \
   [ARGUMENT=VALUE ...]

Examples

The following examples show the rendered header for the given configuration settings. The equivalent environment variables generate the same result. All examples use a value of 31536000, which is the number of seconds in a calendar year (365 days).

hsts_seconds

mc admin config set ALIAS browser hsts_seconds=31536000
Strict-Transport-Security: max-age=31536000

hsts_include_subdomains

mc admin config set ALIAS browser hsts_seconds=31536000 hsts_include_subdomains=on
Strict-Transport-Security: max-age=31536000; includeSubDomains

hsts_preload

mc admin config set ALIAS browser hsts_seconds=31536000 hsts_include_subdomains=on hsts_preload=on
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload

Referrer Policy

Optional

Configure MinIO Console to generate a Referrer-Policy header in HTTP responses. Defaults to strict-origin-when-cross-origin.

MINIO_BROWSER_REFERRER_POLICY
set MINIO_BROWSER_REFERRER_POLICY="strict-origin-when-cross-origin"
browser referrer_policy
mc admin config set browser \
   referrer_policy="strict-origin-when-cross-origin" \
   [ARGUMENT=VALUE ...]

Prometheus Settings

The following settings manage how MinIO interacts with your Prometheus service.

Prometheus URL

Optional

MINIO_PROMETHEUS_URL

Specify the URL for a Prometheus service configured to scrape MinIO metrics.

The MinIO Console populates the Dashboard with cluster metrics using the minio-job Prometheus scraping job.

If you are using a standalone MinIO Console process, this variable corresponds with CONSOLE_PROMETHEUS_URL.

This setting does not have a configuration variable setting. Use the Environment Variable instead.

Prometheus Job ID

Optional

MINIO_PROMETHEUS_JOB_ID

Specify the custom Prometheus job ID used for scraping MinIO metrics.

MinIO defaults to minio-job.

If you are using a standalone MinIO Console process, this variable corresponds with CONSOLE_PROMETHEUS_JOB_ID.

This setting does not have a configuration variable setting. Use the Environment Variable instead.

Prometheus Auth Token

Optional

MINIO_PROMETHEUS_AUTH_TOKEN

Specify the basic auth token the Console should use to connect to a Prometheus service.

For example, a basic auth token you might use could resemble the following:

eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJwcm9tZXRoZXVzIiwic3ViIjoibWluaW8iLCJleHAiOjQ4NTAwMzg0MDJ9.GZCKR3d0FH2TCvNHSd39HaVfSuQVVV0s8glICBDmhT51V6CQ_hw8gTYlKHJmcpR8aHkqiJwCqcYJhaMmqwe00XY

If you are using a standalone MinIO Console process, this variable corresponds with CONSOLE_PROMETHEUS_AUTH_TOKEN.

This setting does not have a configuration variable setting. Use the Environment Variable instead.