Skip to content

add disable ssl flag for bucket replication #5240

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 3 commits into
base: master
Choose a base branch
from
Open

add disable ssl flag for bucket replication #5240

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
0f8e728
add disable ssl flag for bucket replication
dormanze Aug 5, 2025
fbc3194
Update replicate-add.go
dormanze Aug 11, 2025
65e4449
support update tls config
dormanze Aug 13, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
15 changes: 12 additions & 3 deletions cmd/replicate-add.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -98,6 +98,10 @@ var replicateAddFlags = []cli.Flag{
Name: "disable-proxy",
Usage: "disable proxying in active-active replication. If unset, default behavior is to proxy",
},
cli.BoolFlag{
Name: "insecure-tls,it",
Usage: "disable TLS certificate verification during replicate",
},
}

var replicateAddCmd = cli.Command{
Expand Down Expand Up @@ -125,18 +129,22 @@ EXAMPLES:
{{.Prompt}} {{.HelpName}} myminio/mybucket --remote-bucket https://foobar:[email protected]/targetbucket \
--priority 1

3. Add replication configuration rule on bucket "mybucket" for alias "myminio" to replicate all objects with tags
3. Add replication configuration rule on bucket "mybucket" for alias "myminio" to replicate all operations in an active-active replication setup, with TLS disabled.
{{.Prompt}} {{.HelpName}} myminio/mybucket --remote-bucket https://foobar:[email protected]/targetbucket \
--priority 1 --insecure-tls

4. Add replication configuration rule on bucket "mybucket" for alias "myminio" to replicate all objects with tags
"key1=value1, key2=value2" to targetbucket synchronously with bandwidth set to 2 gigabits per second.
{{.Prompt}} {{.HelpName}} myminio/mybucket --remote-bucket https://foobar:[email protected]/targetbucket \
--tags "key1=value1&key2=value2" --bandwidth "2G" --sync \
--priority 1

4. Disable a replication configuration rule on bucket "mybucket" for alias "myminio".
5. Disable a replication configuration rule on bucket "mybucket" for alias "myminio".
{{.Prompt}} {{.HelpName}} myminio/mybucket --remote-bucket https://foobar:[email protected]/targetbucket \
--tags "key1=value1&key2=value2" \
--priority 1 --disable

5. Add replication configuration rule with existing object replication, delete marker replication and versioned deletes
6. Add replication configuration rule with existing object replication, delete marker replication and versioned deletes
enabled on bucket "mybucket" for alias "myminio".
{{.Prompt}} {{.HelpName}} myminio/mybucket --remote-bucket https://foobar:[email protected]/targetbucket \
--replicate "existing-objects,delete,delete-marker" \
Expand Down Expand Up @@ -257,6 +265,7 @@ func fetchRemoteTarget(cli *cli.Context) (bktTarget *madmin.BucketTarget) {
ReplicationSync: cli.Bool("sync"),
DisableProxy: disableproxy,
HealthCheckDuration: time.Duration(cli.Uint("healthcheck-seconds")) * time.Second,
InsecureTLS: cli.Bool("insecure-tls"),
}
return bktTarget
}
Expand Down
22 changes: 21 additions & 1 deletion cmd/replicate-update.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -74,6 +74,11 @@ var replicateUpdateFlags = []cli.Flag{
Usage: "enable proxying in active-active replication, valid values are ['enable', 'disable']",
Value: "enable",
},
cli.StringFlag{
Name: "tls",
Usage: "enable tls in active-active replication, valid values are ['enable', 'disable']",
Value: "enable",
},
cli.StringFlag{
Name: "bandwidth",
Usage: "Set bandwidth limit in bytes per second (K,B,G,T for metric and Ki,Bi,Gi,Ti for IEC units)",
Expand Down Expand Up @@ -139,6 +144,10 @@ EXAMPLES:
10. Disable proxying and enable synchronous replication for remote target of bucket mybucket with rule ID kxYD.492
{{.Prompt}} {{.HelpName}} myminio/mybucket --id "kxYD.492" --remote-bucket https://foobar:[email protected]/targetbucket \
--sync "enable" --proxy "disable"

10. Disable tls replication for remote target of bucket mybucket with rule ID kxYD.492
{{.Prompt}} {{.HelpName}} myminio/mybucket --id "kxYD.492" --remote-bucket https://foobar:[email protected]/targetbucket \
--tls "disable"
`,
}

Expand All @@ -149,7 +158,7 @@ func checkReplicateUpdateSyntax(ctx *cli.Context) {
}
}

// modifyRemoteTarget - modifies the dest credentials or updates sync , disable-proxy settings
// modifyRemoteTarget - modifies the dest credentials or updates sync , disable-proxy settings, enable TLS settings
func modifyRemoteTarget(cli *cli.Context, targets []madmin.BucketTarget, arnStr string) (*madmin.BucketTarget, []madmin.TargetUpdateType) {
args := cli.Args()
foundIdx := -1
Expand Down Expand Up @@ -192,6 +201,17 @@ func modifyRemoteTarget(cli *cli.Context, targets []madmin.BucketTarget, arnStr
fatalIf(errInvalidArgument().Trace(args...), "--proxy can be either [enable|disable]")
}
}
if cli.IsSet("tls") {
tlsState := strings.ToLower(cli.String("tls"))
switch tlsState {
case "enable", "disable":
bktTarget.InsecureTLS = tlsState == "disable"
ops = append(ops, madmin.InsecureTLSUpdateType)

default:
fatalIf(errInvalidArgument().Trace(args...), "--tls can be either [enable|disable]")
}
}

if len(args) == 1 {
_, sourceBucket := url2Alias(args[0])
Expand Down