|
|
|
@ -79,3 +79,12 @@ script in the following Linux distributions:
|
|
|
|
|
> ``/usr/local/share/ca-certificates/``, otherwise one of these
|
|
|
|
|
> https://golang.org/src/crypto/x509/root_linux.go
|
|
|
|
|
|
|
|
|
|
### Drawbacks
|
|
|
|
|
|
|
|
|
|
- [operational] it requires self-signed CA certs shared when running multiple
|
|
|
|
|
Minio servers;
|
|
|
|
|
- [operational] every X years it requires updating the CA certificate in the
|
|
|
|
|
Traefik's (or any other reverse proxy) container;
|
|
|
|
|
- [security] the CA key will have to be spread all over the environment.
|
|
|
|
|
Theoretically, this could be solved by HashiCorp's Vault, but that won't be
|
|
|
|
|
nice & small way of running things;
|
|
|
|
|