mirror of
https://github.com/rustfs/rustfs.git
synced 2026-05-06 14:12:29 +08:00
94 lines
2.9 KiB
YAML
94 lines
2.9 KiB
YAML
# Copyright 2024 RustFS Team
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
# you may not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License.
|
|
|
|
version: "3.9"
|
|
|
|
services:
|
|
# RustFS main service
|
|
rustfs:
|
|
image: rustfs/rustfs:latest
|
|
container_name: rustfs-server
|
|
security_opt:
|
|
- "no-new-privileges:true"
|
|
ports:
|
|
- "9000:9000" # S3 API port
|
|
- "9001:9001" # Console port
|
|
environment:
|
|
- RUSTFS_VOLUMES=/data/rustfs{0...3}
|
|
- RUSTFS_ADDRESS=0.0.0.0:9000
|
|
- RUSTFS_CONSOLE_ADDRESS=0.0.0.0:9001
|
|
- RUSTFS_CONSOLE_ENABLE=true
|
|
- RUSTFS_CONSOLE_CORS_ALLOWED_ORIGINS=*
|
|
- RUSTFS_ACCESS_KEY=rustfsadmin # CHANGEME
|
|
- RUSTFS_SECRET_KEY=rustfsadmin # CHANGEME
|
|
- RUSTFS_OBS_LOGGER_LEVEL=info
|
|
- RUSTFS_TLS_PATH=/opt/tls
|
|
# Keep strict disk topology checks enabled by default.
|
|
# For local testing only, set `RUSTFS_UNSAFE_BYPASS_DISK_CHECK=true` explicitly.
|
|
- RUSTFS_UNSAFE_BYPASS_DISK_CHECK=${RUSTFS_UNSAFE_BYPASS_DISK_CHECK:-false}
|
|
|
|
volumes:
|
|
- rustfs_data_0:/data/rustfs0
|
|
- rustfs_data_1:/data/rustfs1
|
|
- rustfs_data_2:/data/rustfs2
|
|
- rustfs_data_3:/data/rustfs3
|
|
- logs:/app/logs
|
|
networks:
|
|
- rustfs-network
|
|
restart: unless-stopped
|
|
healthcheck:
|
|
# Production strict TLS example (SAN/FQDN aligned, no `-k`):
|
|
# curl -f --cacert /opt/tls/ca.crt --resolve rustfs-a.example.com:9000:127.0.0.1 https://rustfs-a.example.com:9000/health
|
|
# curl -f --cacert /opt/tls/ca.crt --resolve rustfs-a.example.com:9001:127.0.0.1 https://rustfs-a.example.com:9001/rustfs/console/health
|
|
test:
|
|
[
|
|
"CMD",
|
|
"sh", "-c",
|
|
"curl -f http://127.0.0.1:9000/health && curl -f http://127.0.0.1:9001/rustfs/console/health"
|
|
]
|
|
interval: 30s
|
|
timeout: 10s
|
|
retries: 3
|
|
start_period: 40s
|
|
|
|
# RustFS volume permissions fixer service
|
|
volume-permission-helper:
|
|
image: alpine
|
|
volumes:
|
|
- rustfs_data_0:/data0
|
|
- rustfs_data_1:/data1
|
|
- rustfs_data_2:/data2
|
|
- rustfs_data_3:/data3
|
|
- logs:/logs
|
|
command: >
|
|
sh -c "
|
|
chown -R 10001:10001 /data0 /data1 /data2 /data3 /logs &&
|
|
echo 'Volume Permissions fixed' &&
|
|
exit 0
|
|
"
|
|
# Permission baseline:
|
|
# - default RustFS runtime user is 10001:10001
|
|
# - alternatively, run rustfs service with host-matched `user: \"<uid>:<gid>\"`
|
|
restart: "no"
|
|
|
|
networks:
|
|
rustfs-network:
|
|
|
|
volumes:
|
|
rustfs_data_0:
|
|
rustfs_data_1:
|
|
rustfs_data_2:
|
|
rustfs_data_3:
|
|
logs:
|