From 0f8e7281d5cbb9a8814cba100b7febf8bfa8ef39 Mon Sep 17 00:00:00 2001 From: z30001483 <37854724+dormanze@users.noreply.github.com> Date: Tue, 5 Aug 2025 11:33:10 +0800 Subject: [PATCH 1/3] add disable ssl flag for bucket replication --- cmd/replicate-add.go | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/cmd/replicate-add.go b/cmd/replicate-add.go index 8cb2695c21..864454b808 100644 --- a/cmd/replicate-add.go +++ b/cmd/replicate-add.go @@ -98,6 +98,10 @@ var replicateAddFlags = []cli.Flag{ Name: "disable-proxy", Usage: "disable proxying in active-active replication. If unset, default behavior is to proxy", }, + cli.BoolFlag{ + Name: "disable-ssl,ds", + Usage: "disable SSL certificate verification", + }, } var replicateAddCmd = cli.Command{ @@ -125,18 +129,22 @@ EXAMPLES: {{.Prompt}} {{.HelpName}} myminio/mybucket --remote-bucket https://foobar:foo12345@minio.siteb.example.com/targetbucket \ --priority 1 - 3. Add replication configuration rule on bucket "mybucket" for alias "myminio" to replicate all objects with tags + 3. Add replication configuration rule on bucket "mybucket" for alias "myminio" to replicate all operations in an active-active replication setup, with SSL disabled. + {{.Prompt}} {{.HelpName}} myminio/mybucket --remote-bucket https://foobar:foo12345@minio.siteb.example.com/targetbucket \ + --priority 1 --disable-ssl + + 4. Add replication configuration rule on bucket "mybucket" for alias "myminio" to replicate all objects with tags "key1=value1, key2=value2" to targetbucket synchronously with bandwidth set to 2 gigabits per second. {{.Prompt}} {{.HelpName}} myminio/mybucket --remote-bucket https://foobar:foo12345@minio.siteb.example.com/targetbucket \ --tags "key1=value1&key2=value2" --bandwidth "2G" --sync \ --priority 1 - 4. Disable a replication configuration rule on bucket "mybucket" for alias "myminio". + 5. Disable a replication configuration rule on bucket "mybucket" for alias "myminio". {{.Prompt}} {{.HelpName}} myminio/mybucket --remote-bucket https://foobar:foo12345@minio.siteb.example.com/targetbucket \ --tags "key1=value1&key2=value2" \ --priority 1 --disable - 5. Add replication configuration rule with existing object replication, delete marker replication and versioned deletes + 6. Add replication configuration rule with existing object replication, delete marker replication and versioned deletes enabled on bucket "mybucket" for alias "myminio". {{.Prompt}} {{.HelpName}} myminio/mybucket --remote-bucket https://foobar:foo12345@minio.siteb.example.com/targetbucket \ --replicate "existing-objects,delete,delete-marker" \ @@ -257,6 +265,7 @@ func fetchRemoteTarget(cli *cli.Context) (bktTarget *madmin.BucketTarget) { ReplicationSync: cli.Bool("sync"), DisableProxy: disableproxy, HealthCheckDuration: time.Duration(cli.Uint("healthcheck-seconds")) * time.Second, + DisableSSL: cli.Bool("disable-ssl"), } return bktTarget } From fbc31947c9a27fdf6b39836d978634f45d87f5e7 Mon Sep 17 00:00:00 2001 From: z30001483 <37854724+dormanze@users.noreply.github.com> Date: Mon, 11 Aug 2025 09:48:23 +0800 Subject: [PATCH 2/3] Update replicate-add.go --- cmd/replicate-add.go | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/cmd/replicate-add.go b/cmd/replicate-add.go index 864454b808..3fadcdc969 100644 --- a/cmd/replicate-add.go +++ b/cmd/replicate-add.go @@ -99,8 +99,8 @@ var replicateAddFlags = []cli.Flag{ Usage: "disable proxying in active-active replication. If unset, default behavior is to proxy", }, cli.BoolFlag{ - Name: "disable-ssl,ds", - Usage: "disable SSL certificate verification", + Name: "insecure-tls,it", + Usage: "disable TLS certificate verification during replicate", }, } @@ -129,9 +129,9 @@ EXAMPLES: {{.Prompt}} {{.HelpName}} myminio/mybucket --remote-bucket https://foobar:foo12345@minio.siteb.example.com/targetbucket \ --priority 1 - 3. Add replication configuration rule on bucket "mybucket" for alias "myminio" to replicate all operations in an active-active replication setup, with SSL disabled. + 3. Add replication configuration rule on bucket "mybucket" for alias "myminio" to replicate all operations in an active-active replication setup, with TLS disabled. {{.Prompt}} {{.HelpName}} myminio/mybucket --remote-bucket https://foobar:foo12345@minio.siteb.example.com/targetbucket \ - --priority 1 --disable-ssl + --priority 1 --insecure-tls 4. Add replication configuration rule on bucket "mybucket" for alias "myminio" to replicate all objects with tags "key1=value1, key2=value2" to targetbucket synchronously with bandwidth set to 2 gigabits per second. @@ -265,7 +265,7 @@ func fetchRemoteTarget(cli *cli.Context) (bktTarget *madmin.BucketTarget) { ReplicationSync: cli.Bool("sync"), DisableProxy: disableproxy, HealthCheckDuration: time.Duration(cli.Uint("healthcheck-seconds")) * time.Second, - DisableSSL: cli.Bool("disable-ssl"), + InsecureTLS: cli.Bool("insecure-tls"), } return bktTarget } From 65e4449b793b8e177ce1f2191813b6bbc9568555 Mon Sep 17 00:00:00 2001 From: z30001483 <37854724+dormanze@users.noreply.github.com> Date: Wed, 13 Aug 2025 14:29:52 +0800 Subject: [PATCH 3/3] support update tls config --- cmd/replicate-update.go | 22 +++++++++++++++++++++- 1 file changed, 21 insertions(+), 1 deletion(-) diff --git a/cmd/replicate-update.go b/cmd/replicate-update.go index 1ce2fe6a26..f62366f163 100644 --- a/cmd/replicate-update.go +++ b/cmd/replicate-update.go @@ -74,6 +74,11 @@ var replicateUpdateFlags = []cli.Flag{ Usage: "enable proxying in active-active replication, valid values are ['enable', 'disable']", Value: "enable", }, + cli.StringFlag{ + Name: "tls", + Usage: "enable tls in active-active replication, valid values are ['enable', 'disable']", + Value: "enable", + }, cli.StringFlag{ Name: "bandwidth", Usage: "Set bandwidth limit in bytes per second (K,B,G,T for metric and Ki,Bi,Gi,Ti for IEC units)", @@ -139,6 +144,10 @@ EXAMPLES: 10. Disable proxying and enable synchronous replication for remote target of bucket mybucket with rule ID kxYD.492 {{.Prompt}} {{.HelpName}} myminio/mybucket --id "kxYD.492" --remote-bucket https://foobar:newpassword@minio.siteb.example.com/targetbucket \ --sync "enable" --proxy "disable" + + 10. Disable tls replication for remote target of bucket mybucket with rule ID kxYD.492 + {{.Prompt}} {{.HelpName}} myminio/mybucket --id "kxYD.492" --remote-bucket https://foobar:newpassword@minio.siteb.example.com/targetbucket \ + --tls "disable" `, } @@ -149,7 +158,7 @@ func checkReplicateUpdateSyntax(ctx *cli.Context) { } } -// modifyRemoteTarget - modifies the dest credentials or updates sync , disable-proxy settings +// modifyRemoteTarget - modifies the dest credentials or updates sync , disable-proxy settings, enable TLS settings func modifyRemoteTarget(cli *cli.Context, targets []madmin.BucketTarget, arnStr string) (*madmin.BucketTarget, []madmin.TargetUpdateType) { args := cli.Args() foundIdx := -1 @@ -192,6 +201,17 @@ func modifyRemoteTarget(cli *cli.Context, targets []madmin.BucketTarget, arnStr fatalIf(errInvalidArgument().Trace(args...), "--proxy can be either [enable|disable]") } } + if cli.IsSet("tls") { + tlsState := strings.ToLower(cli.String("tls")) + switch tlsState { + case "enable", "disable": + bktTarget.InsecureTLS = tlsState == "disable" + ops = append(ops, madmin.InsecureTLSUpdateType) + + default: + fatalIf(errInvalidArgument().Trace(args...), "--tls can be either [enable|disable]") + } + } if len(args) == 1 { _, sourceBucket := url2Alias(args[0])