*
     * @param repositories The repositories into which to inject the authentication information, may be {@code null}.
     * @param servers The available servers, may be {@code null}.
     */
    void injectAuthentication(List<ArtifactRepository> repositories, List<Server> servers);

    void injectMirror(RepositorySystemSession session, List<ArtifactRepository> repositories);

 * `RESTRICTED_TLS` is a secure configuration, intended to meet stricter compliance requirements.
 * `MODERN_TLS` is a secure configuration that connects to modern HTTPS servers.
 * `COMPATIBLE_TLS` is a secure configuration that connects to secure–but not current–HTTPS servers.
 * `CLEARTEXT` is an insecure configuration that is used for `http://` URLs.

browser("Browser")
proxy["Proxy on http://0.0.0.0:9999/api/v1/app"]
server["Server on http://127.0.0.1:8000/app"]

browser --> proxy
proxy --> server
```

/// tip | 提示

IP `0.0.0.0` 常用于指程序监听本机或服务器上的所有有效 IP。

///

API 文档还需要 OpenAPI 概图声明 API `server` 位于 `/api/v1`（使用代理时的 URL）。例如：

```JSON hl_lines="4-8"
{
    "openapi": "3.0.2",
    // More stuff here
    "servers": [
        {
            "url": "/api/v1"
        }

   * requests on the same socket, and server-push. HTTP/1.1 semantics are layered on HTTP/2.
   *
   * HTTP/2 requires deployments of HTTP/2 that use TLS 1.2 support
   * [CipherSuite.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256], present in Java 8+ and Android 5+.
   * Servers that enforce this may send an exception message including the string
   * `INADEQUATE_SECURITY`.
   */

# Distributed Server Design Guide [![Slack](https://slack.min.io/slack?type=svg)](https://slack.min.io)

This document explains the design, architecture and advanced use cases of the MinIO distributed server.

## Command-line

```
NAME:
  minio server - start object storage server

USAGE:
  minio server [FLAGS] DIR1 [DIR2..]
  minio server [FLAGS] DIR{1...64}
  minio server [FLAGS] DIR{1...64} DIR{65...128}

DIR:

     * and any parent directories that do not exist. This method will fail
     * when used with <code>smb://</code>, <code>smb://workgroup/</code>,
     * <code>smb://server/</code>, or <code>smb://server/share/</code> URLs
     * because workgroups, servers, and shares cannot be dynamically created
     * (although in the future it may be possible to create shares).
     *

```

### TLS (FTP)

Unlike SFTP server, FTP server is insecure by default. To operate under TLS mode, you need to provide certificates via

```
--ftp="tls-private-key=path/to/private.key" --ftp="tls-public-cert=path/to/public.crt"
```

> NOTE: if MinIO distributed setup is already configured to run under TLS, FTP will automatically use the relevant

time="2020-07-12T20:45:50Z" level=info msg="listening (http) on 0.0.0.0:5556"
```

### Configure MinIO server with Dex

```
~ export MINIO_IDENTITY_OPENID_CLAIM_NAME=name
~ export MINIO_IDENTITY_OPENID_CONFIG_URL=http://127.0.0.1:5556/dex/.well-known/openid-configuration
~ minio server ~/test
```

### Run the `web-identity.go`

```
~ go run web-identity.go -cid example-app -csec ZXhhbXBsZS1hcHAtc2VjcmV0 \

		# remove mc source.
		purge "${MC_BUILD_DIR}"
	fi

	"${MINIO[@]}" --address ":$start_port" "${WORK_DIR}/disk{1...4}" >"${WORK_DIR}/server1.log" 2>&1 &
	pid=$!
	disown $pid
	sleep 5

	if ! ps -p ${pid} 1>&2 >/dev/null; then
		echo "server1 log:"
		cat "${WORK_DIR}/server1.log"
		echo "FAILED"
		purge "$WORK_DIR"
		exit 1
	fi

	"${PWD}/mc" mb --with-versioning minio/bucket

	for i in $(seq 1 4); do

net` to ensure the browser receives a valid reachable URL. Similarly, if your TLS certificates do not have the IP SAN for the MinIO server host, the MinIO Console may fail to validate the connection to the server. Use the `MINIO_SERVER_URL` environment variable and specify the proxy-accessible hostname of the MinIO server to allow the Console to use the MinIO server API using the TLS certificate. For example: `export MINIO_SERVER_URL="https://minio.example.net"` | Dashboard | Creating a bucket |...