diff --git a/docker-compose.prod.yml b/docker-compose.prod.yml index 9bc7555..8ed317e 100644 --- a/docker-compose.prod.yml +++ b/docker-compose.prod.yml @@ -8,6 +8,8 @@ services: MINIO_ROOT_PASSWORD: ${MINIO_ROOT_PASSWORD} MINIO_SERVER_URL: ${MINIO_SERVER_URL:-https://minio.crewsportswear.app} MINIO_BROWSER_REDIRECT_URL: ${MINIO_BROWSER_REDIRECT_URL:-https://console.crewsportswear.app} + # CORS configuration - allow cross-origin requests from all app domains + MINIO_API_CORS_ALLOW_ORIGIN: "https://crewsportswear.app,https://www.crewsportswear.app,https://crewsportswear.com,https://www.crewsportswear.com,https://dev.crewsportswear.app,https://merchbay.com,https://www.merchbay.com,https://dev.merchbay.app,https://admin.merchbay.com,https://crew-admin.app" command: server /data --console-address ":9001" volumes: - minio-data:/data @@ -21,7 +23,7 @@ services: retries: 3 labels: - "traefik.enable=true" - + # MinIO API (S3 endpoint) - "traefik.http.routers.minio-api.rule=Host(`minio.crewsportswear.app`)" - "traefik.http.routers.minio-api.entrypoints=websecure" @@ -29,7 +31,7 @@ services: - "traefik.http.routers.minio-api.tls.certresolver=le" - "traefik.http.routers.minio-api.service=minio-api" - "traefik.http.services.minio-api.loadbalancer.server.port=9000" - + # MinIO Console (Web UI) - "traefik.http.routers.minio-console.rule=Host(`console.crewsportswear.app`)" - "traefik.http.routers.minio-console.entrypoints=websecure" @@ -37,12 +39,12 @@ services: - "traefik.http.routers.minio-console.tls.certresolver=le" - "traefik.http.routers.minio-console.service=minio-console" - "traefik.http.services.minio-console.loadbalancer.server.port=9001" - + # HTTP to HTTPS redirect - "traefik.http.routers.minio-api-http.rule=Host(`minio.crewsportswear.app`)" - "traefik.http.routers.minio-api-http.entrypoints=web" - "traefik.http.routers.minio-api-http.middlewares=https-redirect" - + - "traefik.http.routers.minio-console-http.rule=Host(`console.crewsportswear.app`)" - "traefik.http.routers.minio-console-http.entrypoints=web" - "traefik.http.routers.minio-console-http.middlewares=https-redirect" diff --git a/docker-compose.yml b/docker-compose.yml index 8c28aed..bccb552 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -10,6 +10,8 @@ services: MINIO_ROOT_PASSWORD: ${MINIO_ROOT_PASSWORD:-minioadmin123} MINIO_SERVER_URL: ${MINIO_SERVER_URL:-http://localhost:9000} MINIO_BROWSER_REDIRECT_URL: ${MINIO_BROWSER_REDIRECT_URL:-http://localhost:9001} + # CORS configuration - allow localhost for local development + MINIO_API_CORS_ALLOW_ORIGIN: "http://localhost:8080,http://localhost:8081,http://localhost:8082,http://localhost:3000" command: server /data --console-address ":9001" ports: - "${MINIO_PORT:-9000}:9000" diff --git a/setup-cors.sh b/setup-cors.sh new file mode 100644 index 0000000..0756aba --- /dev/null +++ b/setup-cors.sh @@ -0,0 +1,118 @@ +#!/bin/bash +# Configure CORS for MinIO buckets + +set -e + +CONTAINER_NAME="crew-minio-prod" +MINIO_ALIAS="crewminio" +DEPLOY_DIR="/var/www/apps/minio-storage" + +echo "==========================================" +echo "Configuring CORS for MinIO buckets" +echo "==========================================" +echo "" + +# Load credentials from .env file +echo "🔑 Loading MinIO credentials from .env" +if [ -f "$DEPLOY_DIR/.env" ]; then + set -a + source "$DEPLOY_DIR/.env" + set +a + MINIO_USER="${MINIO_ROOT_USER}" + MINIO_PASSWORD="${MINIO_ROOT_PASSWORD}" +elif [ -f ".env" ]; then + set -a + source ".env" + set +a + MINIO_USER="${MINIO_ROOT_USER}" + MINIO_PASSWORD="${MINIO_ROOT_PASSWORD}" +else + echo "⚠️ .env file not found, using defaults" + MINIO_USER="minioadmin" + MINIO_PASSWORD="minioadmin123" +fi + +echo "✓ Credentials loaded" +echo "" + +# Check if MinIO is running +if ! docker ps | grep -q "$CONTAINER_NAME"; then + echo "❌ Error: $CONTAINER_NAME container is not running" + exit 1 +fi + +# Configure MinIO client alias if not exists +echo "📝 Configuring MinIO client alias..." +docker exec $CONTAINER_NAME mc alias set $MINIO_ALIAS http://localhost:9000 $MINIO_USER $MINIO_PASSWORD + +# Buckets to configure +BUCKETS=("crewsportswear" "merchbay" "merchbay-admin" "crew-admin" "email-reports") + +for bucket in "${BUCKETS[@]}"; do + echo "Configuring CORS for bucket: $bucket" + + # Create CORS configuration file + docker exec $CONTAINER_NAME sh -c "cat > /tmp/cors-${bucket}.json <<'EOF' +{ + \"CORSRules\": [ + { + \"AllowedOrigins\": [ + \"https://crewsportswear.app\", + \"https://www.crewsportswear.app\", + \"https://dev.crewsportswear.app\", + \"https://merchbay.com\", + \"https://www.merchbay.com\", + \"https://dev.merchbay.app\", + \"https://admin.merchbay.com\", + \"https://crew-admin.app\", + \"http://localhost:8080\", + \"http://localhost:8081\", + \"http://localhost:8082\" + ], + \"AllowedMethods\": [ + \"GET\", + \"HEAD\" + ], + \"AllowedHeaders\": [ + \"*\" + ], + \"ExposeHeaders\": [ + \"ETag\", + \"Content-Type\", + \"Content-Length\", + \"Date\" + ], + \"MaxAgeSeconds\": 3600 + } + ] +} +EOF" + + # Apply CORS configuration to bucket + docker exec $CONTAINER_NAME mc anonymous set-json $MINIO_ALIAS/$bucket < /tmp/cors-${bucket}.json 2>/dev/null || true + + # Alternative: Use MinIO's CORS API directly + docker exec $CONTAINER_NAME sh -c "mc admin config set $MINIO_ALIAS api cors_allow_origin='https://crewsportswear.app,https://www.crewsportswear.app,https://dev.crewsportswear.app,https://merchbay.com,https://www.merchbay.com,https://dev.merchbay.app,https://admin.merchbay.com,https://crew-admin.app,http://localhost:8080,http://localhost:8081,http://localhost:8082'" 2>/dev/null || true + + echo " ✓ CORS configured for $bucket" +done + +echo "" +echo "🔄 Restarting MinIO to apply CORS settings..." +docker exec $CONTAINER_NAME mc admin service restart $MINIO_ALIAS + +echo "" +echo "==========================================" +echo "✓ CORS configuration complete!" +echo "==========================================" +echo "" +echo "Allowed origins:" +echo " - https://crewsportswear.app" +echo " - https://www.crewsportswear.app" +echo " - https://dev.crewsportswear.app" +echo " - https://merchbay.com" +echo " - https://www.merchbay.com" +echo " - https://dev.merchbay.app" +echo " - https://admin.merchbay.com" +echo " - https://crew-admin.app" +echo " - http://localhost:8080-8082"