Unable to connect to MinIO instance with aws sdk

I have a free MinIO instance with mounted persitent volume to which I would like to connect with rails aws-sdk-s3 client. It looks like the instance is not responding at all, as the call is timing out each time. This is my config:

# MinIO Dockerfile

FROM minio/minio

CMD [ "server", "/data", "--console-address", ":9001"]
# MinIO fly.toml

app = "some-app"
primary_region = "waw"

  source = "miniodata"
  destination = "/data"

  protocol = "tcp"
  internal_port = 9000
  auto_stop_machines = true
  auto_start_machines = true
  processes = ["app"]

    port = 9000
    handlers = ["http"]

and this is how I try to conenct:

client = Aws::S3::Client.new(
  region: 'us-east-1',
  access_key_id: ENV['AWS_S3_ACCESS_KEY_ID'],
  secret_access_key: ENV['AWS_S3_ACCESS_KEY'],
  endpoint: "https://my-app.fly.dev",
  force_path_style: true

When I try to run something as simple as client.list_buckets, I receive error: [...] Connection reset by peer - SSL_connect (Seahorse::Client::NetworkingError)
Is there something that I’m missing in my config, or am I not understanding how the free plan works on fly.io? I would be really greatful for help, pointing to some good resource would also be much appreciated.

PS: Even fly logs for this machine look like the S3 API service is listening on 9000 port to which I’m trying to connect:

Hi @norbas

Connection reset by peer is a very common issue when the client cannot reach the server.

Can you confirm if you have both IPv6 and IPv4 IP addresses? Sometimes clients struggle to connect via IPv6.

If you’re missing an IPv4 you can run fly ips allocate-v4 --shared to get a shared IPv4.

Another option is looking at your Ruby client to see if there’s something needed to do to reach an URL via IPv6.

1 Like

Hm, looks like I don’t have either of those. As I understand these will be needed to connect to my instance from my local environment, however if I’d like my two fly.io instances (one of them being the MinIO instance) to talk to each other, I would need to follow this private network guide, is that right?

1 Like

Yea, our 6pn will do magic with minio-app-name.internal for you.

Assuming you don’t want your MinIO reachable from the outside internet for security reasons, you could remove public IPs so only apps in your org can talk to each other and when you want to connect via your personal machine you could use fly proxy command

1 Like

Thank you for your help @lubien. I know it’s not even a basic networking, but for future readers the solution was to just use internal 6PN and setting <app-name>.internal:9000 as an endpoint.

1 Like

Im glad it’s working and thanks for sharing the solution too

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.