mc admin config
Table of Contents
The mc admin config
command manages configuration settings for the
minio
server.
Use mc admin
on MinIO Deployments Only
MinIO does not support using mc admin
commands with other
S3-compatible services, regardless of their claimed compatibility with MinIO
deployments.
Sets a configuration key on the MinIO deployment.
Gets a configuration key on the MinIO deployment.
The following configuration settings define runtime behavior of the
MinIO server
process:
The top-level configuration key for defining an HTTP webhook target for publishing MinIO logs.
Use mc admin config set
to set or update an HTTP webhook target.
Specify additional optional arguments as a whitespace (" "
)-delimited
list.
mc admin config set logger_webhook \
endpoint="http://webhook.example.net" [ARGUMENTS=VALUE ...]
You can specify multiple HTTP webhook targets by appending
[:name]
to the top-level key. For example, the following commands
set two distinct HTTP webhook targets as primary
and secondary
respectively:
mc admin config set logger_webhook:primary \
endpoint="http://webhook-01.example.net" [ARGUMENTS=VALUE ...]
mc admin config set logger_webhook:secondary \
endpoint="http://webhook-02.example.net" [ARGUMENTS=VALUE ...]
The logger_webhook
configuration key accepts the following
arguments:
Required
The HTTP endpoint of the webhook.
This setting corresponds to the
MINIO_LOGGER_WEBHOOK_ENDPOINT
environment variable.
Optional
The JSON Web Token (JWT) to use for authenticating to the HTTP webhook. Omit for webhooks which do not enforce authentication.
This setting corresponds to the
MINIO_LOGGER_WEBHOOK_AUTH_TOKEN
environment variable.
The top-level configuration key for defining an HTTP webhook target for publishing MinIO audit logs.
Use mc admin config set
to set or update an HTTP webhook target.
Specify additional optional arguments as a whitespace (" "
)-delimited
list.
mc admin config set audit_webhook \
endpoint="http://webhook.example.net" [ARGUMENTS=VALUE ...]
You can specify multiple HTTP webhook targets by appending
[:name]
to the top-level key. For example, the following commands
set two distinct HTTP webhook targets as primary
and secondary
respectively:
mc admin config set audit_webhook:primary \
endpoint="http://webhook-01.example.net" [ARGUMENTS=VALUE ...]
mc admin config set audit_webhook:secondary \
endpoint="http://webhook-02.example.net" [ARGUMENTS=VALUE ...]
The audit_webhook
configuration key accepts the following
arguments:
Required
The HTTP endpoint of the webhook.
This setting corresponds to the
MINIO_AUDIT_WEBHOOK_ENDPOINT
environment variable.
Optional
The JSON Web Token (JWT) to use for authenticating to the HTTP webhook. Omit for webhooks which do not enforce authentication.
This setting corresponds to the
MINIO_AUDIT_WEBHOOK_AUTH_TOKEN
environment variable.
Optional
The x.509 client certificate to present to the HTTP webhook. Omit for webhooks which do not require clients to present a known TLS certificate.
Requires specifying client_key
.
This setting corresponds to the
MINIO_AUDIT_WEBHOOK_CLIENT_CERT
environment variable.
Optional
The x.509 private key to present to the HTTP webhook. Omit for webhooks which do not require clients to present a known TLS certificate.
Requires specifying client_cert
.
This setting corresponds to the
MINIO_AUDIT_WEBHOOK_CLIENT_KEY
environment variable.
The following section documents settings for configuring an AMQP service as a target for MinIO Bucket Notifications. See Publish Events to AMQP (RabbitMQ) for a tutorial on using these environment variables.
The top-level configuration key for defining an AMQP service endpoint for use with MinIO bucket notifications.
Use mc admin config set
to set or update an AMQP service endpoint.
The url
argument is required for each target.
Specify additional optional arguments as a whitespace (" "
)-delimited
list.
mc admin config set notify_amqp \
url="amqp://user:password@endpoint:port" \
[ARGUMENT="VALUE"] ... \
You can specify multiple AMQP service endpoints by appending [:name]
to
the top level key. For example, the following commands set two distinct AMQP
service endpoints as primary
and secondary
respectively:
mc admin config set notify_amqp:primary \
url="user:password@amqp://endpoint:port" [ARGUMENT=VALUE ...]
mc admin config set notify_amqp:secondary \
url="user:password@amqp://endpoint:port" [ARGUMENT=VALUE ...]
The notify_amqp
configuration key supports the following
arguments:
Required
Specify the AMQP server endpoint to which MinIO publishes bucket events.
For example, amqp://myuser:mypassword@localhost:5672
.
This key corresponds to the MINIO_NOTIFY_AMQP_URL
environment
variable.
Optional
Specify the name of the AMQP exchange to use.
This field corresponds to the MINIO_NOTIFY_AMQP_EXCHANGE
environment variable.
Optional
Specify the type of the AMQP exchange.
This field corresponds to the MINIO_NOTIFY_AMQP_EXCHANGE_TYPE
environment variable.
Optional
Specify the routing key for publishing events.
This field corresponds to the MINIO_NOTIFY_AMQP_ROUTING_KEY
environment variable.
Optional
Specify off
to ignore undelivered messages errors. Defaults to on
.
This field corresponds to the MINIO_NOTIFY_AMQP_MANDATORY
environment variable.
Optional
Specify on
to persist the message queue across broker restarts. Defaults to
‘off’.
This field corresponds to the MINIO_NOTIFY_AMQP_DURABLE
environment variable.
Optional
Specify on
to enable non-blocking message delivery. Defaults to ‘off’.
This field corresponds to the MINIO_NOTIFY_AMQP_NO_WAIT
environment variable.
Optional
Specify on
to use the exchange only if it is bound to other exchanges. See
the RabbitMQ documentation on Exchange to Exchange Bindings for more information on AMQP exchange
binding.
This field corresponds to the MINIO_NOTIFY_AMQP_INTERNAL
environment variable.
Optional
Specify on
to automatically delete the message queue if there are no
consumers. Defaults to off
.
This field corresponds to the MINIO_NOTIFY_AMQP_AUTO_DELETED
environment variable.
Optional
Specify 1
for set the delivery mode to non-persistent queue.
Specify 2
to set the delivery mode to persistent queue.
This field corresponds to the MINIO_NOTIFY_AMQP_DELIVERY_MODE
environment variable.
Optional
Specify the directory path to enable MinIO’s persistent event store for
undelivered messages, such as /home/events
.
MinIO stores undelivered events in the specified store while the AMQP service is offline and replays the directory when connectivity resumes.
This field corresponds to the MINIO_NOTIFY_AMQP_QUEUE_DIR
environment variable.
Optional
Specify the maximum limit for undelivered messages. Defaults to 100000
.
This field corresponds to the MINIO_NOTIFY_AMQP_QUEUE_LIMIT
environment variable.
Optional
Specify a comment for the AMQP configuration.
This field corresponds to the MINIO_NOTIFY_AMQP_COMMENT
environment variable.
The following section documents settings for configuring an MQTT server/broker as a publishing target for MinIO Bucket Notifications. See Publish Events to MQTT for a tutorial on using these configuration settings.
The top-level configuration key for defining an MQTT server/broker endpoint for use with MinIO bucket notifications.
Use mc admin config set
to set or update an MQTT server/broker
endpoint. The following arguments are required for each endpoint:
username
Optional if MQTT server/broker does not enforce authentication/authorization
password
Optional if MQTT server/broker does not enforce authentication/authorization
Specify additional optional arguments as a whitespace (" "
)-delimited
list.
mc admin config set notify_mqtt \
broker="tcp://endpoint:port" \
topic="minio/bucket-name/events/" \
username="username" \
password="password" \
[ARGUMENT="VALUE"] ... \
You can specify multiple MQTT server/broker endpoints by appending
[:name]
to the top level key. For example, the following commands set two
distinct MQTT service endpoints as primary
and secondary
respectively:
mc admin config set notify_mqtt:primary \
broker="tcp://endpoint:port" \
topic="minio/bucket-name/events/" \
username="username" \
password="password" \
[ARGUMENT="VALUE"] ... \
mc admin config set notify_mqtt:secondary \
broker="tcp://endpoint:port" \
topic="minio/bucket-name/events/" \
username="username" \
password="password" \
[ARGUMENT="VALUE"] ... \
The notify_mqtt
configuration key supports the following
arguments:
Required
Specify the MQTT server/broker endpoint. MinIO supports TCP, TLS, or Websocket connections to the server/broker URL. For example:
tcp://mqtt.example.net:1883
tls://mqtt.example.net:1883
ws://mqtt.example.net:1883
This field corresponds to the MINIO_NOTIFY_MQTT_BROKER
environment variable.
Required
Specify the name of the MQTT topic to associate with events published by MinIO to the MQTT endpoint.
This field corresponds to the MINIO_NOTIFY_MQTT_TOPIC
environment variable.
Required if the MQTT server/broker enforces authentication/authorization
Specify the MQTT username with which MinIO authenticates to the MQTT server/broker.
This field corresponds to the MINIO_NOTIFY_MQTT_TOPIC
environment variable.
Required if the MQTT server/broker enforces authentication/authorization
Specify the password for the MQTT username with which MinIO authenticates to the MQTT server/broker.
This field corresponds to the MINIO_NOTIFY_MQTT_PASSWORD
environment variable.
Optional
Specify the Quality of Service priority for the published events.
Defaults to 0
.
This field corresponds to the MINIO_NOTIFY_MQTT_QOS
environment variable.
Optional
Specify the keep-alive interval for the MQTT connections. MinIO supports the following units of time measurement:
s
- seconds, “60s”
m
- minutes, “60m”
h
- hours, “24h”
d
- days, “7d”
This field corresponds to the MINIO_NOTIFY_MQTT_KEEP_ALIVE_INTERVAL
environment variable.
Optional
Specify the reconnect interval for the MQTT connections. MinIO supports the following units of time measurement:
s
- seconds, “60s”
m
- minutes, “60m”
h
- hours, “24h”
d
- days, “7d”
This field corresponds to the MINIO_NOTIFY_MQTT_RECONNECT_INTERVAL
environment variable.
Optional
Specify the directory path to enable MinIO’s persistent event store for
undelivered messages, such as /home/events
.
MinIO stores undelivered events in the specified store while the MQTT server/broker is offline and replays the directory when connectivity resumes.
This field corresponds to the MINIO_NOTIFY_MQTT_QUEUE_DIR
environment variable.
Optional
Specify the maximum limit for undelivered messages. Defaults to 100000
.
This field corresponds to the MINIO_NOTIFY_MQTT_QUEUE_LIMIT
environment variable.
Optional
Specify a comment to associate with the MQTT configuration.
This field corresponds to the MINIO_NOTIFY_MQTT_COMMENT
environment variable.
The following section documents settings for configuring an Elasticsearch service as a target for MinIO Bucket Notifications. See Publish Events to Elasticsearch for a tutorial on using these configuration settings.
The top-level configuration key for defining an Elasticsearch service endpoint for use with MinIO bucket notifications.
Use mc admin config set
to set or update an Elasticsearch service
endpoint. The following arguments are required for each target:
Specify additional optional arguments as a whitespace (" "
)-delimited
list.
mc admin config set notify_elasticsearch \
url="https://user:password@endpoint:port" \
[ARGUMENT="VALUE"] ... \
You can specify multiple Elasticsearch service endpoints by appending
[:name]
to the top level key. For example, the following commands set two
distinct Elasticsearch service endpoints as primary
and secondary
respectively:
mc admin config set notify_elasticsearch:primary \
url="user:password@https://endpoint:port" [ARGUMENT=VALUE ...]
mc admin config set notify_elasticsearch:secondary \
url="user:password@https://endpoint:port" [ARGUMENT=VALUE ...]
The notify_elasticsearch
configuration key supports the following
arguments:
Required
Specify the Elasticsearch service endpoint to which MinIO publishes bucket
events. For example, https://elasticsearch.example.com:9200
.
MinIO supports passing authentication information using as URL parameters
using the format PROTOCOL://USERNAME:PASSWORD@HOSTNAME:PORT
.
This field corresponds to the
MINIO_NOTIFY_ELASTICSEARCH_URL
environment variable.
Required
Specify the name of the Elasticsearch index in which to store or update MinIO bucket events. Elasticsearch automatically creates the index if it does not exist.
This field corresponds to the
MINIO_NOTIFY_ELASTICSEARCH_INDEX
environment variable.
Required
Specify the format of event data written to the Elasticsearch index. MinIO supports the following values:
namespace
For each bucket event, the MinIO creates a JSON document with the bucket and object name from the event as the document ID and the actual event as part of the document body. Additional updates to that object modify the existing index entry for that object. Similarly, deleting the object also deletes the corresponding index entry.
access
For each bucket event, MinIO creates a JSON document with the event details and appends it to the index with an Elasticsearch-generated random ID. Additional updates to an object result in new index entries, and existing entries remain unmodified.
This field corresponds to the
MINIO_NOTIFY_ELASTICSEARCH_FORMAT
environment variable.
Optional
The username for connecting to an Elasticsearch service endpoint which enforces authentication.
This field corresponds to the
MINIO_NOTIFY_ELASTICSEARCH_USERNAME
environment variable.
Optional
The password for connecting to an Elasticsearch service endpoint which enforces authentication.
This field corresponds to the
MINIO_NOTIFY_ELASTICSEARCH_PASSWORD
environment variable.
Optional
Specify the directory path to enable MinIO’s persistent event store for
undelivered messages, such as /home/events
.
MinIO stores undelivered events in the specified store while the Elasticsearch service is offline and replays the directory when connectivity resumes.
This field corresponds to the
MINIO_NOTIFY_ELASTICSEARCH_QUEUE_DIR
environment variable.
Optional
Specify the maximum limit for undelivered messages. Defaults to 100000
.
This field corresponds to the
MINIO_NOTIFY_ELASTICSEARCH_QUEUE_LIMIT
environment variable.
Optional
Specify a comment to associate with the Elasticsearch configuration.
This field corresponds to the MINIO_NOTIFY_ELASTICSEARCH_COMMENT
environment variable.
The following section documents settings for configuring an NSQ server/broker as a publishing target for MinIO Bucket Notifications. See Publish Events to NSQ for a tutorial on using these configuration settings.
The top-level configuration key for defining an NSQ server/broker endpoint for use with MinIO bucket notifications.
Use mc admin config set
to set or update an NSQ server/broker
endpoint. The following arguments are required for each endpoint:
Specify additional optional arguments as a whitespace (" "
)-delimited
list.
mc admin config set notify_nsq \
nsqd_address="ENDPOINT" \
topic="<string>" \
[ARGUMENT="VALUE"] ... \
You can specify multiple NSQ server/broker endpoints by appending
[:name]
to the top level key. For example, the following commands set two
distinct NSQ service endpoints as primary
and secondary
respectively:
mc admin config set notify_nsq:primary \
nsqd_address="ENDPOINT" \
topic="<string>" \
[ARGUMENT="VALUE"] ... \
mc admin config set notify_nsq:secondary \
nsqd_address="ENDPOINT" \
topic="<string>" \
[ARGUMENT="VALUE"] ... \
The notify_nsq
configuration key supports the following
arguments:
Required
Specify the NSQ server address. For example:
https://nsq-endpoing.example.net:4150
This configuration setting corresponds to the
MINIO_NOTIFY_NSQ_NSQD_ADDRESS
environment variable.
Required
Specify the name of the NSQ topic MinIO uses when publishing events to the broker.
This configuration setting corresponds to the
MINIO_NOTIFY_NSQ_TOPIC
environment variable.
Optional
Specify on
to enable TLS connectivity to the NSQ service broker.
This configuration setting corresponds to the
MINIO_NOTIFY_NSQ_TLS
environment variable.
Optional
Enables or disables TLS verification of the NSQ service broker TLS certificates.
Specify on
to disable TLS verification (Default).
Specify off
to enable TLS verification.
This configuration setting corresponds to the
MINIO_NOTIFY_NSQ_TLS_SKIP_VERIFY
environment variable.
Optional
Specify the directory path to enable MinIO’s persistent event store for
undelivered messages, such as /home/events
.
MinIO stores undelivered events in the specified store while the NSQ server/broker is offline and replays the directory when connectivity resumes.
This configuration setting corresponds to the
MINIO_NOTIFY_NSQ_QUEUE_DIR
environment variable.
Optional
Specify the maximum limit for undelivered messages. Defaults to 100000
.
This configuration setting corresponds to the
MINIO_NOTIFY_NSQ_QUEUE_LIMIT
environment variable.
Optional
Specify a comment to associate with the NSQ configuration.
This configuration setting corresponds to the
MINIO_NOTIFY_NSQ_COMMENT
environment variable.
The following section documents settings for configuring an Redis server/broker as a publishing target for MinIO Bucket Notifications. See Publish Events to Redis for a tutorial on using these configuration settings.
The top-level configuration key for defining an Redis server/broker endpoint for use with MinIO bucket notifications.
Use mc admin config set
to set or update an Redis server/broker
endpoint. The following arguments are required for each endpoint:
Specify additional optional arguments as a whitespace (" "
)-delimited
list.
mc admin config set notify_redis \
address="ENDPOINT" \
key="<string>" \
format="<string>" \
[ARGUMENT="VALUE"] ... \
You can specify multiple Redis server/broker endpoints by appending
[:name]
to the top level key. For example, the following commands set two
distinct Redis service endpoints as primary
and secondary
respectively:
mc admin config set notify_redis:primary \
address="ENDPOINT" \
key="<string>" \
format="<string>" \
[ARGUMENT="VALUE"] ... \
mc admin config set notify_redis:secondary \
address="ENDPOINT" \
key="<string>" \
format="<string>" \
[ARGUMENT="VALUE"] ... \
The notify_redis
configuration key supports the following
arguments:
Required
Specify the Redis service endpoint to which MinIO publishes bucket events.
For example, https://redis.example.com:6369
.
This configuration setting corresponds to the
MINIO_NOTIFY_REDIS_ADDRESS
environment variable.
Required
Specify the Redis key to use for storing and updating events. Redis auto-creates the key if it does not exist.
This configuration setting corresponds to the
MINIO_NOTIFY_REDIS_KEY
environment variable.
Required
Specify the format of event data written to the Redis service endpoint. MinIO supports the following values:
namespace
For each bucket event, the MinIO creates a JSON document with the bucket and object name from the event as the document ID and the actual event as part of the document body. Additional updates to that object modify the existing index entry for that object. Similarly, deleting the object also deletes the corresponding index entry.
access
For each bucket event, MinIO creates a JSON document with the event details and appends it to the key with a Redis-generated random ID. Additional updates to an object result in new index entries, and existing entries remain unmodified.
This configuration setting corresponds to the
MINIO_NOTIFY_REDIS_FORMAT
environment variable.
This configuration setting corresponds to the
MINIO_NOTIFY_REDIS_PASSWORD
environment variable.
Optional
Specify the directory path to enable MinIO’s persistent event store for
undelivered messages, such as /home/events
.
MinIO stores undelivered events in the specified store while the Redis server/broker is offline and replays the directory when connectivity resumes.
This configuration setting corresponds to the
MINIO_NOTIFY_REDIS_QUEUE_DIR
environment variable.
Optional
Specify the maximum limit for undelivered messages. Defaults to 100000
.
This configuration setting corresponds to the
MINIO_NOTIFY_REDIS_QUEUE_LIMIT
environment variable.
Optional
Specify a comment to associate with the Redis configuration.
This configuration setting corresponds to the
MINIO_NOTIFY_REDIS_COMMENT
environment variable.
The following section documents settings for configuring an NATS service as a target for MinIO Bucket Notifications. See Publish Events to NATS for a tutorial on using these environment variables.
The top-level configuration key for defining an NATS service endpoint for use with MinIO bucket notifications.
Use mc admin config set
to set or update an NATS service endpoint.
The address
and
subject
arguments are required for each target.
Specify additional optional arguments as a whitespace (" "
)-delimited
list.
mc admin config set notify_nats \
address="htpps://nats-endpoint.example.com:4222" \
subject="minioevents" \
[ARGUMENT="VALUE"] ... \
You can specify multiple NATS service endpoints by appending [:name]
to
the top level key. For example, the following commands set two distinct NATS
service endpoints as primary
and secondary
respectively:
mc admin config set notify_nats:primary \
address="htpps://nats-endpoint.example.com:4222" \
subject="minioevents" \
[ARGUMENT=VALUE ...]
mc admin config set notify_nats:secondary \
address="htpps://nats-endpoint.example.com:4222" \
subject="minioevents" \
[ARGUMENT=VALUE ...]
The notify_nats
configuration key supports the following
arguments:
Required
Specify the NATS service endpoint to which MinIO publishes bucket events.
For example, https://nats-endpoint.example.com:4222
.
This configuration setting corresponds with the environment variable
MINIO_NOTIFY_NATS_ADDRESS
.
Required
Specify the subscription to which MinIO associates events published to the NATS endpoint.
This configuration setting corresponds with the environment variable
MINIO_NOTIFY_NATS_SUBJECT
.
Optional
Specify the username for connecting to the NATS service endpoint.
This configuration setting corresponds with the environment variable
MINIO_NOTIFY_NATS_USERNAME
.
Optional
Specify the passport for connecting to the NATS service endpoint.
This configuration setting corresponds with the environment variable
MINIO_NOTIFY_NATS_PASSWORD
.
Optional
Specify the token for connecting to the NATS service endpoint.
This configuration setting corresponds with the environment variable
MINIO_NOTIFY_NATS_TOKEN
.
Optional”
Specify on
to enable TLS connectivity to the NATS service endpoint.
This configuration setting corresponds with the environment variable
MINIO_NOTIFY_NATS_TLS
.
Optional
Enables or disables TLS verification of the NATS service endpoint TLS certificates.
Specify on
to disable TLS verification (Default).
Specify off
to enable TLS verification.
This configuration setting corresponds with the environment variable
MINIO_NOTIFY_NATS_TLS_SKIP_VERIFY
.
Optional
Specify the duration interval for client pings to the NATS server. MinIO supports the following time units:
s
- seconds, "60s"
m
- minutes, "5m"
h
- hours, "1h"
d
- days, "1d"
This configuration setting corresponds with the environment variable
MINIO_NOTIFY_NATS_PING_INTERVAL
.
Optional
Specify on
to enable streaming events to the NATS service endpoint.
This configuration setting corresponds with the environment variable
MINIO_NOTIFY_NATS_STREAMING
.
Optional
Specify on
to enable asynchronous publishing of events to the NATS service
endpoint.
This configuration setting corresponds with the environment variable
MINIO_NOTIFY_NATS_STREAMING_ASYNC
.
Optional
Specify the number of messages to publish without waiting for an ACK response from the NATS service endpoint.
This configuration setting corresponds with the environment variable
MINIO_NOTIFY_NATS_STREAMING_MAX_PUB_ACKS_IN_FLIGHT
.
Optional
Specify the unique ID for the NATS streaming cluster.
This configuration setting corresponds with the environment variable
MINIO_NOTIFY_NATS_STREAMING_CLUSTER_ID
.
Optional
Specify the path to the Certificate Authority chain used to sign the NATS service endpoint TLS certificates.
This configuration setting corresponds with the environment variable
MINIO_NOTIFY_NATS_CERT_AUTHORITY
.
Optional
Specify the path to the client certificate to use for performing mTLS authentication to the NATS service endpoint.
This configuration setting corresponds with the environment variable
MINIO_NOTIFY_NATS_CLIENT_CERT
.
Optional
Specify the path to the client private key to use for performing mTLS authentication to the NATS service endpoint.
This configuration setting corresponds with the environment variable
MINIO_NOTIFY_NATS_CLIENT_KEY
.
Optional
Specify the directory path to enable MinIO’s persistent event store for
undelivered messages, such as /home/events
.
MinIO stores undelivered events in the specified store while the NATS server/broker is offline and replays the directory when connectivity resumes.
This configuration setting corresponds to the
MINIO_NOTIFY_NATS_QUEUE_DIR
environment variable.
Optional
Specify the maximum limit for undelivered messages. Defaults to 100000
.
This configuration setting corresponds to the
MINIO_NOTIFY_NATS_QUEUE_LIMIT
environment variable.
Optional
Specify a comment to associate with the NATS configuration.
This configuration setting corresponds to the
MINIO_NOTIFY_NATS_COMMENT
environment variable.
The following section documents settings for configuring an PostgreSQL service as a target for MinIO Bucket Notifications. See Publish Events to PostgreSQL for a tutorial on using these environment variables.
The top-level configuration key for defining an PostgreSQL service endpoint for use with MinIO bucket notifications.
Use mc admin config set
to set or update an PostgreSQL service endpoint.
The following arguments are required for each target:
Specify additional optional arguments as a whitespace (" "
)-delimited
list.
mc admin config set notify_postgresql \
connection_string="host=postgresql.example.com port=5432..."
table="minioevents" \
format="namespace" \
[ARGUMENT="VALUE"] ... \
You can specify multiple PostgreSQL service endpoints by appending [:name]
to
the top level key. For example, the following commands set two distinct PostgreSQL
service endpoints as primary
and secondary
respectively:
mc admin config set notify_postgresql:primary \
connection_string="host=postgresql.example.com port=5432..."
table="minioevents" \
format="namespace" \
[ARGUMENT=VALUE ...]
mc admin config set notify_postgresql:secondary \
connection_string="host=postgresql.example.com port=5432..."
table="minioevents" \
format="namespace" \
[ARGUMENT=VALUE ...]
The notify_postgresql
configuration key supports the following
arguments:
Required
Specify the URI connection string
of the PostgreSQL service endpoint. MinIO supports key=value
format for
the PostgreSQL connection string. For example:
"host=https://postgresql.example.com port=5432 ..."
For more complete documentation on supported PostgreSQL connection string parameters, see the PostgreSQL COnnection Strings documentation .
This configuration setting corresponds to the
MINIO_NOTIFY_POSTGRESQL_CONNECTION_STRING
environment
variable.
Required
Specify the name of the PostgreSQL table to which MinIO publishes event notifications.
This configuration setting corresponds to the
MINIO_NOTIFY_POSTGRESQL_TABLE
environment
variable.
Required
Specify the format of event data written to the PostgreSQL service endpoint. MinIO supports the following values:
namespace
For each bucket event, the MinIO creates a JSON document with the bucket and object name from the event as the document ID and the actual event as part of the document body. Additional updates to that object modify the existing table entry for that object. Similarly, deleting the object also deletes the corresponding table entry.
access
For each bucket event, MinIO creates a JSON document with the event details and appends it to the table with a PostgreSQL-generated random ID. Additional updates to an object result in new index entries, and existing entries remain unmodified.
This configuration setting corresponds to the
MINIO_NOTIFY_POSTGRESQL_FORMAT
environment
variable.
Optional
Specify the maximum number of open connections to the PostgreSQL database.
Defaults to 2
.
This configuration setting corresponds to the
MINIO_NOTIFY_POSTGRESQL_MAX_OPEN_CONNECTIONS
environment
variable.
Optional
Specify the directory path to enable MinIO’s persistent event store for
undelivered messages, such as /home/events
.
MinIO stores undelivered events in the specified store while the PostgreSQL server/broker is offline and replays the directory when connectivity resumes.
This configuration setting corresponds to the
MINIO_NOTIFY_POSTGRESQL_QUEUE_DIR
environment variable.
Optional
Specify the maximum limit for undelivered messages. Defaults to 100000
.
This configuration setting corresponds to the
MINIO_NOTIFY_POSTGRESQL_QUEUE_LIMIT
environment variable.
Optional
Specify a comment to associate with the PostgreSQL configuration.
This configuration setting corresponds to the
MINIO_NOTIFY_POSTGRESQL_COMMENT
environment variable.
The following section documents settings for configuring an MySQL service as a target for MinIO Bucket Notifications. See Publish Events to MySQL for a tutorial on using these environment variables.
The top-level configuration key for defining an MySQL service endpoint for use with MinIO bucket notifications.
Use mc admin config set
to set or update an MySQL service endpoint.
The following arguments are required for each target:
Specify additional optional arguments as a whitespace (" "
)-delimited
list.
mc admin config set notify_mysql \
dsn_string="username:password@tcp(mysql.example.com:3306)/miniodb"
table="minioevents" \
format="namespace" \
[ARGUMENT="VALUE"] ... \
You can specify multiple MySQL service endpoints by appending [:name]
to
the top level key. For example, the following commands set two distinct MySQL
service endpoints as primary
and secondary
respectively:
mc admin config set notify_mysql:primary \
dsn_string="username:password@tcp(mysql.example.com:3306)/miniodb"
table="minioevents" \
format="namespace" \
[ARGUMENT=VALUE ...]
mc admin config set notify_mysql:secondary \
dsn_string="username:password@tcp(mysql.example.com:3306)/miniodb"
table="minioevents" \
format="namespace" \
[ARGUMENT=VALUE ...]
The notify_mysql
configuration key supports the following
arguments:
Required
Specify the data source name (DSN) connection string for the MySQL service endpoint. MinIO expects the following format:
<user>:<password>@tcp(<host>:<port>)/<database>
For example:
"username:password@tcp(mysql.example.com:3306)/miniodb"
This configuration setting corresponds to the
MINIO_NOTIFY_MYSQL_DSN_STRING
environment
variable.
Required
Specify the name of the MySQL table to which MinIO publishes event notifications.
This configuration setting corresponds to the
MINIO_NOTIFY_MYSQL_TABLE
environment
variable.
Required
Specify the format of event data written to the MySQL service endpoint. MinIO supports the following values:
namespace
For each bucket event, the MinIO creates a JSON document with the bucket and object name from the event as the document ID and the actual event as part of the document body. Additional updates to that object modify the existing table entry for that object. Similarly, deleting the object also deletes the corresponding table entry.
access
For each bucket event, MinIO creates a JSON document with the event details and appends it to the table with a MySQL-generated random ID. Additional updates to an object result in new index entries, and existing entries remain unmodified.
This configuration setting corresponds to the
MINIO_NOTIFY_MYSQL_FORMAT
environment
variable.
Optional
Specify the maximum number of open connections to the MySQL database.
Defaults to 2
.
This configuration setting corresponds to the
MINIO_NOTIFY_MYSQL_MAX_OPEN_CONNECTIONS
environment
variable.
Optional
Specify the directory path to enable MinIO’s persistent event store for
undelivered messages, such as /home/events
.
MinIO stores undelivered events in the specified store while the MySQL server/broker is offline and replays the directory when connectivity resumes.
This configuration setting corresponds to the
MINIO_NOTIFY_MYSQL_QUEUE_DIR
environment variable.
Optional
Specify the maximum limit for undelivered messages. Defaults to 100000
.
This configuration setting corresponds to the
MINIO_NOTIFY_MYSQL_QUEUE_LIMIT
environment variable.
Optional
Specify a comment to associate with the MySQL configuration.
This configuration setting corresponds to the
MINIO_NOTIFY_MYSQL_COMMENT
environment variable.
The following section documents settings for configuring an Kafka service as a target for MinIO Bucket Notifications. See Publish Events to Kafka for a tutorial on using these environment variables.
The top-level configuration key for defining an Kafka service endpoint for use with MinIO bucket notifications.
Use mc admin config set
to set or update an Kafka service endpoint.
The brokers
argument is required for each target.
Specify additional optional arguments as a whitespace (" "
)-delimited
list.
mc admin config set notify_kafka \
brokers="https://kafka1.example.net:9200, https://kafka2.example.net:9200"
[ARGUMENT="VALUE"] ... \
You can specify multiple Kafka service endpoints by appending [:name]
to
the top level key. For example, the following commands set two distinct Kafka
service endpoints as primary
and secondary
respectively:
mc admin config set notify_kafka:primary \
brokers="https://kafka1.example.net:9200, https://kafka2.example.net:9200"
[ARGUMENT=VALUE ...]
mc admin config set notify_kafka:secondary \
brokers="https://kafka1.example.net:9200, https://kafka2.example.net:9200"
[ARGUMENT=VALUE ...]
The notify_kafka
configuration key supports the following
arguments:
Required
Specify a comma-separated list of Kafka broker addresses. For example:
"kafka1.example.com:2021,kafka2.example.com:2021"
This configuration setting corresponds to the
MINIO_NOTIFY_KAFKA_BROKERS
environment variable.
Optional
Specify the name of the Kafka topic to which MinIO publishes bucket events.
This configuration setting corresponds to the
MINIO_NOTIFY_KAFKA_TOPIC
environment variable.
Optional
Specify on
to enable SASL authentication.
This configuration setting corresponds to the
MINIO_NOTIFY_KAFKA_SASL
environment variable.
Optional
Specify the username for performing SASL/PLAIN or SASL/SCRAM authentication to the Kafka broker(s).
This configuration setting corresponds to the
MINIO_NOTIFY_KAFKA_SASL_USERNAME
environment variable.
Optional
Specify the password for performing SASL/PLAIN or SASL/SCRAM authentication to the Kafka broker(s).
This configuration setting corresponds to the
MINIO_NOTIFY_KAFKA_SASL_PASSWORD
environment variable.
Optional
Specify the SASL mechanism to use for authenticating to the Kafka broker(s). MinIO supports the following mechanisms:
PLAIN
(Default)
SHA256
SHA512
This configuration setting corresponds to the
MINIO_NOTIFY_KAFKA_SASL_MECHANISM
environment variable.
Optional
Specify the client authentication policy of the Kafka broker(s). See ClientAuthType for more information on possible values for this field.
This configuration setting corresponds to the
MINIO_NOTIFY_KAFKA_TLS_CLIENT_AUTH
environment variable.
Optional
Specify on
to enable TLS connectivity to the Kafka broker(s)
This configuration setting corresponds to the
MINIO_NOTIFY_KAFKA_TLS
environment variable.
Optional
Enables or disables TLS verification of the NATS service endpoint TLS certificates.
Specify on
to disable TLS verification (Default).
Specify off
to enable TLS verification.
This configuration setting corresponds to the
MINIO_NOTIFY_KAFKA_TLS_SKIP_VERIFY
environment variable.
Optional
Specify the path to the client certificate to use for performing mTLS authentication to the Kafka broker(s).
This configuration setting corresponds to the
MINIO_NOTIFY_KAFKA_CLIENT_TLS_CERT
environment variable.
Optional
Specify the path to the client private key to use for performing mTLS authentication to the Kafka broker(s).
This configuration setting corresponds to the
MINIO_NOTIFY_KAFKA_CLIENT_TLS_KEY
environment variable.
Optional
Specify the version of the Kafka cluster to assume when performing operations against that cluster. See the sarama reference documentation for more information on this field’s behavior.
This configuration setting corresponds to the
MINIO_NOTIFY_KAFKA_VERSION
environment variable.
Optional
Specify the directory path to enable MinIO’s persistent event store for
undelivered messages, such as /home/events
.
MinIO stores undelivered events in the specified store while the Kafka server/broker is offline and replays the directory when connectivity resumes.
This configuration setting corresponds to the
MINIO_NOTIFY_KAFKA_QUEUE_DIR
environment variable.
Optional
Specify the maximum limit for undelivered messages. Defaults to 100000
.
This configuration setting corresponds to the
MINIO_NOTIFY_KAFKA_QUEUE_LIMIT
environment variable.
Optional
Specify a comment to associate with the Kafka configuration.
This configuration setting corresponds to the
MINIO_NOTIFY_KAFKA_COMMENT
environment variable.
The following section documents settings for configuring an Webhook service as a target for MinIO Bucket Notifications. See Publish Events to Webhook for a tutorial on using these environment variables.
The top-level configuration key for defining an Webhook service endpoint for use with MinIO bucket notifications.
Use mc admin config set
to set or update an Webhook service endpoint.
The endpoint
argument is required for each target.
Specify additional optional arguments as a whitespace (" "
)-delimited
list.
mc admin config set notify_webhook \
endpoint="https://webhook.example.net"
[ARGUMENT="VALUE"] ... \
You can specify multiple Webhook service endpoints by appending [:name]
to
the top level key. For example, the following commands set two distinct Webhook
service endpoints as primary
and secondary
respectively:
mc admin config set notify_webhook:primary \
endpoint="https://webhook1.example.net"
[ARGUMENT=VALUE ...]
mc admin config set notify_webhook:secondary \
endpoint="https://webhook2.example.net
[ARGUMENT=VALUE ...]
The notify_webhook
configuration key supports the following
arguments:
Required
Specify the URL for the webhook service.
This configuration setting corresponds with the
MINIO_NOTIFY_WEBHOOK_ENDPOINT
environment variable.
Optional
Specify the opaque string or JWT authorization token to use for authenticating to the webhook service.
This configuration setting corresponds with the
MINIO_NOTIFY_WEBHOOK_AUTH_TOKEN
environment variable.
Optional
Specify the directory path to enable MinIO’s persistent event store for
undelivered messages, such as /home/events
.
MinIO stores undelivered events in the specified store while the webhook service is offline and replays the directory when connectivity resumes.
This configuration setting corresponds with the
MINIO_NOTIFY_WEBHOOK_QUEUE_DIR
environment variable.
Optional
Specify the maximum limit for undelivered messages. Defaults to 100000
.
This configuration setting corresponds with the
MINIO_NOTIFY_WEBHOOK_QUEUE_LIMIT
environment variable.
Optional
Specify the path to the client certificate to use for performing mTLS authentication to the webhook service.
This configuration setting corresponds with the
MINIO_NOTIFY_WEBHOOK_CLIENT_CERT
environment variable.
Optional
Specify the path to the client private key to use for performing mTLS authentication to the webhook service.
This configuration setting corresponds with the
MINIO_NOTIFY_WEBHOOK_CLIENT_KEY
environment variable.
Optional
Specify a comment to associate with the Webhook configuration.
This configuration setting corresponds with the
MINIO_NOTIFY_WEBHOOK_COMMENT
environment variable.
The following section documents settings for enabling external identity management using an Active Directory or LDAP service. See Active Directory / LDAP External Identity Management for a tutorial on using these configuration settings.
The top-level key for configuring external identity management using Active Directory or LDAP.
Use the mc admin config set
to set or update the
AD/LDAP configuration. The following arguments are required:
mc admin config set identity_ldap \
server_addr="https://ad-ldap.example.net/" \
lookup_bind_dn="cn=miniolookupuser,dc=example,dc=net" \
lookup_bind_dn_password="userpassword" \
user_dn_search_base_dn="dc=example,dc=net" \
user_dn_search_filter="(&(objectCategory=user)(sAMAccountName=%s))"
The identity_ldap
configuration key supports the following
arguments:
Required
Specify the hostname for the Active Directory / LDAP server. For example:
https://ldapserver.com:636
This environment configuration setting with the
MINIO_IDENTITY_LDAP_SERVER_ADDR
environment variable.
Optional
Specify the duration for which the credentials are valid as <int><unit>
.
Valid time units are as follows:
s
- seconds.
m
- minutes.
h
- hours.
d
- days
The default is 1h
or 1 hour.
This environment configuration setting with the
MINIO_IDENTITY_LDAP_STS_EXPIRY
environment variable.
Required
Specify the Distinguished Name (DN) for an AD/LDAP account MinIO uses when querying the AD/LDAP server. Enables Lookup-Bind authentication to the AD/LDAP server.
The DN account should be a read-only service account with sufficient privileges to support querying performing user and group lookups.
This environment configuration setting with the
MINIO_IDENTITY_LDAP_LOOKUP_BIND_DN
environment variable.
Required
Specify the password for the Lookup-Bind user account.
This environment variable configuration setting the
MINIO_IDENTITY_LDAP_LOOKUP_BIND_PASSWORD
environment variable.
Required
Specify the base Distinguished name (DN) MinIO uses when querying for user credentials matching those provided by an authenticating client. For example:
cn=miniousers,dc=myldapserver,dc=net
Supports Lookup-Bind mode.
This environment variable configuration setting the
MINIO_IDENTITY_LDAP_USER_DN_SEARCH_BASE_DN
environment variable.
Required
Specify the AD/LDAP search filter MinIO uses when querying for user credentials matching those provided by an authenticating client.
Use the %s
substitution character to insert the client-specified
username into the search string. For example:
(userPrincipalName=%s)
This environment variable configuration setting the
MINIO_IDENTITY_LDAP_USER_DN_SEARCH_FILTER
environment variable.
Optional
Specify a comma-separated list of Distinguished Name templates used for querying the AD/LDAP server. MinIO attempts to login to the AD/LDAP server by applying the user credentials specified by the authenticating client to each DN template.
Use the %s
substitution character to insert the client-specified username
into the search string. For example:
uid=%s,cn=miniousers,dc=myldapserver,dc=net,userPrincipalName=%s,cn=miniousers,dc=myldapserver,dc=net
MinIO uses the first DN template that results in successful login to perform a group lookup for that user.
This environment configuration setting with the
MINIO_IDENTITY_LDAP_USERNAME_FORMAT
environment variable.
Optional
Specify an AD/LDAP search filter for performing group lookups for the authenticated user
Use the %s
substitution character to insert the client-specified username
into the search string. Use the %d
substitution character to insert the
Distinguished Name of the client-specified username into the search string.
For example:
(&(objectclass=groupOfNames)(memberUid=%s))
This environment variable configuration setting the
MINIO_IDENTITY_LDAP_GROUP_SEARCH_FILTER
environment variable.
Optional
Specify a comma-separated list of group search base Distinguished Names MinIO uses when performing group lookups.
For example:
cn=miniogroups,dc=myldapserver,dc=net"
This environment variable configuration setting the
MINIO_IDENTITY_LDAP_GROUP_SEARCH_BASE_DN
environment variable.
Optional
Specify on
to trust the AD/LDAP server TLS certificates without
verification. This option may be required if the AD/LDAP server TLS certificates
are signed by an untrusted Certificate Authority (e.g. self-signed).
Defaults to off
This environment configuration setting with the
MINIO_IDENTITY_LDAP_TLS_SKIP_VERIFY
environment variable.
Optional
Specify on
to allow unsecured (non-TLS encrypted) connections to
the AD/LDAP server.
MinIO sends AD/LDAP user credentials in plain text to the AD/LDAP server, such that enabling TLS is required to prevent reading credentials over the wire. Using this option presents a security risk where any user with access to network traffic can observe the unencrypted plaintext credentials.
Defaults to off
.
This environment configuration setting with the
MINIO_IDENTITY_LDAP_SERVER_INSECURE
environment variable.
Optional
Specify on
to enable
StartTLS connections to AD/LDAP server.
Defaults to off
This environment configuration setting with the
MINIO_IDENTITY_LDAP_SERVER_STARTTLS
environment variable.
Optional
Specify a comment to associate to the AD/LDAP configuration.
This configuration setting corresponds with the
MINIO_IDENTITY_LDAP_COMMENT
environment variable.
The following section documents settings for enabling external identity management using an OpenID Connect (OIDC)-compatible provider. See OpenID External Identity Management for a tutorial on using these configuration settings.
The top-level configuration key for configuring external identity management using OpenID.
Use mc admin config set
to set or update the OpenID configuration.
The config_url
argument is required. Specify
additional optional arguments as a whitespace (" "
)-delimited list.
mc admin config set identity_openid \
config_url="https://openid-provider.example.net/.well-known/openid-configuration"
[ARGUMENT="VALUE"] ... \
The identity_openid
configuration key supports the following
arguments:
Required
Specify the URL for the OIDC compatible provider discovery document.
The OIDC Discovery URL typically resembles the following:
https://openid-provider.example.net/.well-known/openid-configuration
This configuration setting corresponds with the
MINIO_IDENTITY_OPENID_CONFIG_URL
environment variable.
Specify the unique public identifier MinIO uses when authenticating user credentials against the OIDC compatible provider.
This configuration setting corresponds with the
MINIO_IDENTITY_OPENID_CLIENT_ID
environment variable.
Specify the client secret MinIO uses when authenticating user credentials against the OIDC compatible provider. This field may be optional depending on the provider.
This configuration setting corresponds with the
MINIO_IDENTITY_OPENID_CLIENT_SECRET
environment variable.
Specify the name of the JWT Claim MinIO uses to identify the policies to attach to the authenticated user.
The claim can contain one or more comma-separated policy names to attach to the user. The claim must contain at least one policy for the user to have any permissions on the MinIO server.
Defaults to policy
.
This configuration setting corresponds with the
MINIO_IDENTITY_OPENID_CLAIM_NAME
environment variable.
Specify the JWT Claim namespace prefix to apply to the specified claim name.
This configuration setting corresponds with the
MINIO_IDENTITY_OPENID_CLAIM_PREFIX
environment variable.
Specify a comma-separated list of scopes. Defaults to those scopes advertised in the discovery document.
This configuration setting corresponds with the
MINIO_IDENTITY_OPENID_SCOPES
environment variable.
Optional
Specify the redirect URI the MinIO Console uses when authenticating against the
configured provider. Include the console port and /oauth_callback
as part of the URL:
http://minio.example.net:consoleport/oauth_callback
MinIO defaults to using the hostname of the node making the authentication request. MinIO deployments behind a load balancer or reverse proxy may need to specify this field to ensure the OIDC provider returns the authentication response to the correct URL.
The specified URI must match one of the approved redirect / callback URIs on the provider. See the OpenID Authentication Request for more information.
Note
The embedded MinIO Console by default uses a random port number selected at
server startup. Start the MinIO server process with the
--console-address
option to specify a static
port number.
This configuration setting corresponds with the
MINIO_IDENTITY_OPENID_REDIRECT_URI
environment variable.
Specify a comment to associate with the OIDC compatible provider configuration.
This configuration setting corresponds with the
MINIO_IDENTITY_OPENID_COMMENT
environment variable.
This work is licensed under a Creative Commons Attribution 4.0 International License.
©2020-Present, MinIO, Inc.