certSecret: "" publicCrt: public.crt privateKey: private.key ## Trusted Certificates Settings for MinIO. Ref: https://docs.minio.io/docs/how-to-secure-access-to-minio-server-with-tls#install-certificates-from-third-party-cas ## Bundle multiple trusted certificates into one secret and pass that here. Ref: https://github.com/minio/minio/tree/master/docs/tls/kubernetes#2-create-kubernetes-secret ## When using self-signed certificates, remember to include MinIO's own certificate in the bundle with key public.crt....

Il est intégré à Let's Encrypt. Ainsi, il peut gérer toutes les parties HTTPS, y compris l'acquisition et le renouvellement des certificats.

Il est également intégré à Docker. Ainsi, vous pouvez déclarer vos domaines dans les configurations de chaque application et faire en sorte qu'elles lisent ces configurations, génèrent les certificats HTTPS et servent via HTTPS à votre application automatiquement, sans nécessiter aucune modification de leurs configurations.

# AssumeRoleWithCertificate [![Slack](https://slack.min.io/slack?type=svg)](https://slack.min.io)

## Introduction

MinIO provides a custom STS API that allows authentication with client X.509 / TLS certificates.

    follow-ups. It independently shares connections when the IP addresses and certificates match,
    even if the host names do not. In 4.4.0 we introduced a regression where we shared a connection
    when certificates matched but the DNS addresses did not. This would only occur when following a
    redirect from one hostname to another, and where both hosts had common certificates.

      sslSocket.startHandshake()
      // block for session establishment
      val sslSocketSession = sslSocket.session
      val unverifiedHandshake = sslSocketSession.handshake()

      // Verify that the socket's certificates are acceptable for the target host.
      if (!address.hostnameVerifier!!.verify(address.url.host, sslSocketSession)) {
        val peerCertificates = unverifiedHandshake.peerCertificates

//              .addPlatformTrustedCertificates()
              .build();

      builder.sslSocketFactory(certificates.sslSocketFactory(), certificates.trustManager());
    }

    OkHttpClient client = builder.build();

    sendRequest(client, "https://valid-isrgrootx1.letsencrypt.org/robots.txt");

    try {
      sendRequest(client, "https://google.com/robots.txt");
      if (androidMorEarlier) {

  /** Returns a possibly-empty list of certificates that identify this peer. */
  @get:JvmName("localCertificates") val localCertificates: List<Certificate>,
  // Delayed provider of peerCertificates, to allow lazy cleaning.
  peerCertificatesFn: () -> List<Certificate>,
) {
  /** Returns a possibly-empty list of certificates that identify the remote peer. */
  @get:JvmName("peerCertificates")

# Packages needed to build devtoolset
file
flex
g++
make
patch
rpm2cpio
unar
wget
xz-utils
cpio

# Other build-related tools
apt-transport-https
autoconf
automake
build-essential
ca-certificates
llvm-18
clang-18
clang-tidy-18
lld-18
clang-format-12
curl
git
parallel
sudo
swig
unzip
zip
openjdk-21-jdk
vim

certSecret: "" publicCrt: public.crt privateKey: private.key ## Trusted Certificates Settings for MinIO. Ref: https://docs.minio.io/docs/how-to-secure-access-to-minio-server-with-tls#install-certificates-from-third-party-cas ## Bundle multiple trusted certificates into one secret and pass that here. Ref: https://github.com/minio/minio/tree/master/docs/tls/kubernetes#2-create-kubernetes-secret ## When using self-signed certificates, remember to include MinIO's own certificate in the bundle with key public.crt....

# Prevent apt install tzinfo from asking our location (assumes UTC)
export DEBIAN_FRONTEND=noninteractive

# Set up shared custom sources
apt-get update
apt-get install -y gnupg ca-certificates

# Deadsnakes: https://launchpad.net/~deadsnakes/+archive/ubuntu/ppa
apt-key adv --keyserver keyserver.ubuntu.com --recv-keys F23C5A6CF475977595C89F51BA6932366A755776

# LLVM/Clang: https://apt.llvm.org/