sdgoij/rustfs
1
0
Fork 0
mirror of https://github.com/rustfs/rustfs.git synced 2026-01-17 01:30:33 +00:00
Code Issues Packages Projects Releases Wiki Activity

chore(docs): move root examples to docs/examples/docker and update README (#663)

Browse Source 
* chore(docs): move root `examples` to `docs/examples/docker` and update README

- Move root `examples/` contents into `docs/examples/docker/`.
- Update `docs/examples/README.md` to add migration note, new `docker/` entry and usage examples.
- Replace references from `examples/` to `docs/examples/docker/` where applicable.
- Reminder: verify CI and external links still point to the correct paths.

* fix
This commit is contained in:
houseme
2025-10-17 17:17:36 +08:00
committed by GitHub
parent 42d3645d6f
commit 4168e6c180
8 changed files with 142 additions and 86 deletions
Download Patch File Download Diff File Expand all files Collapse all files

282
docs/examples/docker/README.md Normal file
View File

@@ -0,0 +1,282 @@
# RustFS Docker Deployment Examples
This directory contains various deployment scripts and configuration files for RustFS with console and endpoint service
separation.
## Quick Start Scripts
### `docker-quickstart.sh`
The fastest way to get RustFS running with different configurations.
```bash
# Basic deployment (ports 9000-9001)
./docker-quickstart.sh basic
# Development environment (ports 9010-9011)
./docker-quickstart.sh dev
# Production-like deployment (ports 9020-9021)
./docker-quickstart.sh prod
# Check status of all deployments
./docker-quickstart.sh status
# Test health of all running services
./docker-quickstart.sh test
# Clean up all containers
./docker-quickstart.sh cleanup
```
### `enhanced-docker-deployment.sh`
Comprehensive deployment script with multiple scenarios and detailed logging.
```bash
# Deploy individual scenarios
./enhanced-docker-deployment.sh basic # Basic setup with port mapping
./enhanced-docker-deployment.sh dev # Development environment
./enhanced-docker-deployment.sh prod # Production-like with security
# Deploy all scenarios at once
./enhanced-docker-deployment.sh all
# Check status and test services
./enhanced-docker-deployment.sh status
./enhanced-docker-deployment.sh test
# View logs for specific container
./enhanced-docker-deployment.sh logs rustfs-dev
# Complete cleanup
./enhanced-docker-deployment.sh cleanup
```
### `enhanced-security-deployment.sh`
Production-ready deployment with enhanced security features including TLS, rate limiting, and secure credential
generation.
```bash
# Deploy with security hardening
./enhanced-security-deployment.sh
# Features:
# - Automatic TLS certificate generation
# - Secure credential generation
# - Rate limiting configuration
# - Console access restrictions
# - Health check validation
```
## Docker Compose Examples
### `docker-comprehensive.yml`
Complete Docker Compose configuration with multiple deployment profiles.
```bash
# Deploy specific profiles
docker-compose -f docker-comprehensive.yml --profile basic up -d
docker-compose -f docker-comprehensive.yml --profile dev up -d
docker-compose -f docker-comprehensive.yml --profile production up -d
docker-compose -f docker-comprehensive.yml --profile enterprise up -d
docker-compose -f docker-comprehensive.yml --profile api-only up -d
# Deploy with reverse proxy
docker-compose -f docker-comprehensive.yml --profile production --profile nginx up -d
```
#### Available Profiles:
- **basic**: Simple deployment for testing (ports 9000-9001)
- **dev**: Development environment with debug logging (ports 9010-9011)
- **production**: Production deployment with security (ports 9020-9021)
- **enterprise**: Full enterprise setup with TLS (ports 9030-9443)
- **api-only**: API endpoint without console (port 9040)
## Usage Examples by Scenario
### Development Setup
```bash
# Quick development start
./docker-quickstart.sh dev
# Or use enhanced deployment for more features
./enhanced-docker-deployment.sh dev
# Or use Docker Compose
docker-compose -f docker-comprehensive.yml --profile dev up -d
```
**Access Points:**
- API: http://localhost:9010 (or 9030 for enhanced)
- Console: http://localhost:9011/rustfs/console/ (or 9031 for enhanced)
- Credentials: dev-admin / dev-secret
### Production Deployment
```bash
# Security-hardened deployment
./enhanced-security-deployment.sh
# Or production profile
./enhanced-docker-deployment.sh prod
```
**Features:**
- TLS encryption for console
- Rate limiting enabled
- Restricted CORS policies
- Secure credential generation
- Console bound to localhost only
### Testing and CI/CD
```bash
# API-only deployment for testing
docker-compose -f docker-comprehensive.yml --profile api-only up -d
# Quick basic setup for integration tests
./docker-quickstart.sh basic
```
## Configuration Examples
### Environment Variables
All deployment scripts support customization via environment variables:
```bash
# Custom image and ports
export RUSTFS_IMAGE="rustfs/rustfs:custom-tag"
export CONSOLE_PORT="8001"
export API_PORT="8000"
# Custom data directories
export DATA_DIR="/custom/data/path"
export CERTS_DIR="/custom/certs/path"
# Run with custom configuration
./enhanced-security-deployment.sh
```
### Common Configurations
```bash
# Development - permissive CORS
RUSTFS_CORS_ALLOWED_ORIGINS="*"
RUSTFS_CONSOLE_CORS_ALLOWED_ORIGINS="*"
# Production - restrictive CORS
RUSTFS_CORS_ALLOWED_ORIGINS="https://myapp.com,https://api.myapp.com"
RUSTFS_CONSOLE_CORS_ALLOWED_ORIGINS="https://admin.myapp.com"
# Security hardening
RUSTFS_CONSOLE_RATE_LIMIT_ENABLE="true"
RUSTFS_CONSOLE_RATE_LIMIT_RPM="60"
RUSTFS_CONSOLE_AUTH_TIMEOUT="1800"
```
## Monitoring and Health Checks
All deployments include health check endpoints:
```bash
# Test API health
curl http://localhost:9000/health
# Test console health
curl http://localhost:9001/health
# Test all deployments
./docker-quickstart.sh test
./enhanced-docker-deployment.sh test
```
## Network Architecture
### Port Mappings
| Deployment | API Port | Console Port | Description |
|------------|----------|--------------|-------------------------|
| Basic | 9000 | 9001 | Simple deployment |
| Dev | 9010 | 9011 | Development environment |
| Prod | 9020 | 9021 | Production-like setup |
| Enterprise | 9030 | 9443 | Enterprise with TLS |
| API-Only | 9040 | - | API endpoint only |
### Network Isolation
Production deployments use network isolation:
- **Public API Network**: Exposes API endpoints to external clients
- **Internal Console Network**: Restricts console access to internal networks
- **Secure Network**: Isolated network for enterprise deployments
## Security Considerations
### Development
- Permissive CORS policies for easy testing
- Debug logging enabled
- Default credentials for simplicity
### Production
- Restrictive CORS policies
- TLS encryption for console
- Rate limiting enabled
- Secure credential generation
- Console bound to localhost
- Network isolation
### Enterprise
- Complete TLS encryption
- Advanced rate limiting
- Authentication timeouts
- Secret management
- Network segregation
## Troubleshooting
### Common Issues
1. **Port Conflicts**: Use different ports via environment variables
2. **CORS Errors**: Check origin configuration and browser network tab
3. **Health Check Failures**: Verify services are running and ports are accessible
4. **Permission Issues**: Check volume mount permissions and certificate file permissions
### Debug Commands
```bash
# Check container logs
docker logs rustfs-container
# Check container environment
docker exec rustfs-container env | grep RUSTFS
# Test connectivity
docker exec rustfs-container curl http://localhost:9000/health
docker exec rustfs-container curl http://localhost:9001/health
# Check listening ports
docker exec rustfs-container netstat -tulpn | grep -E ':(9000|9001)'
```
## Migration from Previous Versions
See [docs/console-separation.md](../../console-separation.md) for detailed migration instructions from single-port
deployments to the separated architecture.
## Additional Resources
- [Console Separation Documentation](../../console-separation.md)
- [Docker Compose Configuration](../../../docker-compose.yml)
- [Main Dockerfile](../../../Dockerfile)
- [Security Best Practices](../../console-separation.md#security-hardening)

224
docs/examples/docker/docker-comprehensive.yml Normal file
View File

@@ -0,0 +1,224 @@
# RustFS Comprehensive Docker Deployment Examples
# This file demonstrates various deployment scenarios for RustFS with console separation
version: "3.8"
services:
# Basic deployment with default settings
rustfs-basic:
image: rustfs/rustfs:latest
container_name: rustfs-basic
ports:
- "9000:9000" # API endpoint
- "9001:9001" # Console interface
environment:
- RUSTFS_ADDRESS=0.0.0.0:9000
- RUSTFS_CONSOLE_ADDRESS=0.0.0.0:9001
- RUSTFS_EXTERNAL_ADDRESS=:9000
- RUSTFS_CORS_ALLOWED_ORIGINS=http://localhost:9001
- RUSTFS_CONSOLE_CORS_ALLOWED_ORIGINS=*
- RUSTFS_ACCESS_KEY=admin
- RUSTFS_SECRET_KEY=password
volumes:
- rustfs-basic-data:/data
networks:
- rustfs-network
restart: unless-stopped
healthcheck:
test: ["CMD", "sh", "-c", "curl -f http://localhost:9000/health && curl -f http://localhost:9001/health"]
interval: 30s
timeout: 10s
retries: 3
profiles:
- basic
# Development environment with debug logging
rustfs-dev:
image: rustfs/rustfs:latest
container_name: rustfs-dev
ports:
- "9010:9000" # API endpoint
- "9011:9001" # Console interface
environment:
- RUSTFS_ADDRESS=0.0.0.0:9000
- RUSTFS_CONSOLE_ADDRESS=0.0.0.0:9001
- RUSTFS_EXTERNAL_ADDRESS=:9010
- RUSTFS_CORS_ALLOWED_ORIGINS=*
- RUSTFS_CONSOLE_CORS_ALLOWED_ORIGINS=*
- RUSTFS_ACCESS_KEY=dev-admin
- RUSTFS_SECRET_KEY=dev-password
- RUST_LOG=debug
- RUSTFS_LOG_LEVEL=debug
volumes:
- rustfs-dev-data:/data
- rustfs-dev-logs:/logs
networks:
- rustfs-network
restart: unless-stopped
healthcheck:
test: ["CMD", "sh", "-c", "curl -f http://localhost:9000/health && curl -f http://localhost:9001/health"]
interval: 30s
timeout: 10s
retries: 3
profiles:
- dev
# Production environment with security hardening
rustfs-production:
image: rustfs/rustfs:latest
container_name: rustfs-production
ports:
- "9020:9000" # API endpoint (public)
- "127.0.0.1:9021:9001" # Console (localhost only)
environment:
- RUSTFS_ADDRESS=0.0.0.0:9000
- RUSTFS_CONSOLE_ADDRESS=0.0.0.0:9001
- RUSTFS_EXTERNAL_ADDRESS=:9020
- RUSTFS_CORS_ALLOWED_ORIGINS=https://myapp.com,https://api.myapp.com
- RUSTFS_CONSOLE_CORS_ALLOWED_ORIGINS=https://admin.myapp.com
- RUSTFS_CONSOLE_RATE_LIMIT_ENABLE=true
- RUSTFS_CONSOLE_RATE_LIMIT_RPM=60
- RUSTFS_CONSOLE_AUTH_TIMEOUT=1800
- RUSTFS_ACCESS_KEY_FILE=/run/secrets/rustfs_access_key
- RUSTFS_SECRET_KEY_FILE=/run/secrets/rustfs_secret_key
volumes:
- rustfs-production-data:/data
- rustfs-production-logs:/logs
- rustfs-certs:/certs:ro
networks:
- rustfs-network
secrets:
- rustfs_access_key
- rustfs_secret_key
restart: unless-stopped
healthcheck:
test: ["CMD", "sh", "-c", "curl -f http://localhost:9000/health && curl -f http://localhost:9001/health"]
interval: 30s
timeout: 10s
retries: 3
profiles:
- production
# Enterprise deployment with TLS and full security
rustfs-enterprise:
image: rustfs/rustfs:latest
container_name: rustfs-enterprise
ports:
- "9030:9000" # API endpoint
- "127.0.0.1:9443:9001" # Console with TLS (localhost only)
environment:
- RUSTFS_ADDRESS=0.0.0.0:9000
- RUSTFS_CONSOLE_ADDRESS=0.0.0.0:9001
- RUSTFS_EXTERNAL_ADDRESS=:9030
- RUSTFS_TLS_PATH=/certs
- RUSTFS_CORS_ALLOWED_ORIGINS=https://enterprise.com
- RUSTFS_CONSOLE_CORS_ALLOWED_ORIGINS=https://admin.enterprise.com
- RUSTFS_CONSOLE_RATE_LIMIT_ENABLE=true
- RUSTFS_CONSOLE_RATE_LIMIT_RPM=30
- RUSTFS_CONSOLE_AUTH_TIMEOUT=900
volumes:
- rustfs-enterprise-data:/data
- rustfs-enterprise-logs:/logs
- rustfs-enterprise-certs:/certs:ro
networks:
- rustfs-secure-network
secrets:
- rustfs_enterprise_access_key
- rustfs_enterprise_secret_key
restart: unless-stopped
healthcheck:
test: ["CMD", "sh", "-c", "curl -f http://localhost:9000/health && curl -k -f https://localhost:9001/health"]
interval: 30s
timeout: 10s
retries: 3
profiles:
- enterprise
# API-only deployment (console disabled)
rustfs-api-only:
image: rustfs/rustfs:latest
container_name: rustfs-api-only
ports:
- "9040:9000" # API endpoint only
environment:
- RUSTFS_ADDRESS=0.0.0.0:9000
- RUSTFS_CONSOLE_ENABLE=false
- RUSTFS_CORS_ALLOWED_ORIGINS=https://client-app.com
- RUSTFS_ACCESS_KEY=api-only-key
- RUSTFS_SECRET_KEY=api-only-secret
volumes:
- rustfs-api-data:/data
networks:
- rustfs-network
restart: unless-stopped
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost:9000/health"]
interval: 30s
timeout: 10s
retries: 3
profiles:
- api-only
# Nginx reverse proxy for production
nginx-proxy:
image: nginx:alpine
container_name: rustfs-nginx
ports:
- "80:80"
- "443:443"
volumes:
- ./nginx/nginx.conf:/etc/nginx/nginx.conf:ro
- ./nginx/ssl:/etc/nginx/ssl:ro
networks:
- rustfs-network
restart: unless-stopped
depends_on:
- rustfs-production
profiles:
- production
- enterprise
networks:
rustfs-network:
driver: bridge
ipam:
config:
- subnet: 172.20.0.0/16
rustfs-secure-network:
driver: bridge
internal: true
ipam:
config:
- subnet: 172.21.0.0/16
volumes:
rustfs-basic-data:
driver: local
rustfs-dev-data:
driver: local
rustfs-dev-logs:
driver: local
rustfs-production-data:
driver: local
rustfs-production-logs:
driver: local
rustfs-enterprise-data:
driver: local
rustfs-enterprise-logs:
driver: local
rustfs-enterprise-certs:
driver: local
rustfs-api-data:
driver: local
rustfs-certs:
driver: local
secrets:
rustfs_access_key:
external: true
rustfs_secret_key:
external: true
rustfs_enterprise_access_key:
external: true
rustfs_enterprise_secret_key:
external: true

295
docs/examples/docker/docker-quickstart.sh Executable file
View File

@@ -0,0 +1,295 @@
#!/bin/bash
# RustFS Docker Quick Start Script
# This script provides easy deployment commands for different scenarios
set -e
# Colors for output
GREEN='\033[0;32m'
BLUE='\033[0;34m'
YELLOW='\033[1;33m'
RED='\033[0;31m'
NC='\033[0m' # No Color
log() {
echo -e "${GREEN}[RustFS]${NC} $1"
}
info() {
echo -e "${BLUE}[INFO]${NC} $1"
}
warn() {
echo -e "${YELLOW}[WARN]${NC} $1"
}
error() {
echo -e "${RED}[ERROR]${NC} $1"
}
# Print banner
print_banner() {
echo -e "${BLUE}"
echo "=================================================="
echo " RustFS Docker Quick Start"
echo " Console & Endpoint Separation"
echo "=================================================="
echo -e "${NC}"
}
# Check Docker availability
check_docker() {
if ! command -v docker &> /dev/null; then
error "Docker is not installed or not available in PATH"
exit 1
fi
info "Docker is available: $(docker --version)"
}
# Quick start - basic deployment
quick_basic() {
log "Starting RustFS basic deployment..."
docker run -d \
--name rustfs-quick \
-p 9000:9000 \
-p 9001:9001 \
-e RUSTFS_EXTERNAL_ADDRESS=":9000" \
-e RUSTFS_CORS_ALLOWED_ORIGINS="http://localhost:9001" \
-v rustfs-quick-data:/data \
rustfs/rustfs:latest
echo
info "✅ RustFS deployed successfully!"
info "🌐 API Endpoint: http://localhost:9000"
info "🖥️ Console UI: http://localhost:9001/rustfs/console/"
info "🔐 Credentials: rustfsadmin / rustfsadmin"
info "🏥 Health Check: curl http://localhost:9000/health"
echo
info "To stop: docker stop rustfs-quick"
info "To remove: docker rm rustfs-quick && docker volume rm rustfs-quick-data"
}
# Development deployment with debug logging
quick_dev() {
log "Starting RustFS development environment..."
docker run -d \
--name rustfs-dev \
-p 9010:9000 \
-p 9011:9001 \
-e RUSTFS_EXTERNAL_ADDRESS=":9010" \
-e RUSTFS_CORS_ALLOWED_ORIGINS="*" \
-e RUSTFS_CONSOLE_CORS_ALLOWED_ORIGINS="*" \
-e RUSTFS_ACCESS_KEY="dev-admin" \
-e RUSTFS_SECRET_KEY="dev-secret" \
-e RUST_LOG="debug" \
-v rustfs-dev-data:/data \
rustfs/rustfs:latest
echo
info "✅ RustFS development environment ready!"
info "🌐 API Endpoint: http://localhost:9010"
info "🖥️ Console UI: http://localhost:9011/rustfs/console/"
info "🔐 Credentials: dev-admin / dev-secret"
info "📊 Debug logging enabled"
echo
info "To stop: docker stop rustfs-dev"
}
# Production-like deployment
quick_prod() {
log "Starting RustFS production-like deployment..."
# Generate secure credentials
ACCESS_KEY="prod-$(openssl rand -hex 8)"
SECRET_KEY="$(openssl rand -hex 24)"
docker run -d \
--name rustfs-prod \
-p 9020:9000 \
-p 127.0.0.1:9021:9001 \
-e RUSTFS_EXTERNAL_ADDRESS=":9020" \
-e RUSTFS_CORS_ALLOWED_ORIGINS="https://myapp.com" \
-e RUSTFS_CONSOLE_CORS_ALLOWED_ORIGINS="https://admin.myapp.com" \
-e RUSTFS_CONSOLE_RATE_LIMIT_ENABLE="true" \
-e RUSTFS_CONSOLE_RATE_LIMIT_RPM="60" \
-e RUSTFS_ACCESS_KEY="$ACCESS_KEY" \
-e RUSTFS_SECRET_KEY="$SECRET_KEY" \
-v rustfs-prod-data:/data \
rustfs/rustfs:latest
# Save credentials
echo "RUSTFS_ACCESS_KEY=$ACCESS_KEY" > rustfs-prod-credentials.txt
echo "RUSTFS_SECRET_KEY=$SECRET_KEY" >> rustfs-prod-credentials.txt
chmod 600 rustfs-prod-credentials.txt
echo
info "✅ RustFS production deployment ready!"
info "🌐 API Endpoint: http://localhost:9020 (public)"
info "🖥️ Console UI: http://127.0.0.1:9021/rustfs/console/ (localhost only)"
info "🔐 Credentials saved to rustfs-prod-credentials.txt"
info "🔒 Console restricted to localhost for security"
echo
warn "⚠️ Change default CORS origins for production use"
}
# Stop and cleanup
cleanup() {
log "Cleaning up RustFS deployments..."
docker stop rustfs-quick rustfs-dev rustfs-prod 2>/dev/null || true
docker rm rustfs-quick rustfs-dev rustfs-prod 2>/dev/null || true
info "Containers stopped and removed"
echo
info "To also remove data volumes, run:"
info "docker volume rm rustfs-quick-data rustfs-dev-data rustfs-prod-data"
}
# Show status of all deployments
status() {
log "RustFS deployment status:"
echo
if docker ps --format "table {{.Names}}\t{{.Status}}\t{{.Ports}}" | grep -q rustfs; then
docker ps --format "table {{.Names}}\t{{.Status}}\t{{.Ports}}" | head -n1
docker ps --format "table {{.Names}}\t{{.Status}}\t{{.Ports}}" | grep rustfs
else
info "No RustFS containers are currently running"
fi
echo
info "Available endpoints:"
if docker ps --filter "name=rustfs-quick" --format "{{.Names}}" | grep -q rustfs-quick; then
echo " Basic: http://localhost:9000 (API) | http://localhost:9001/rustfs/console/ (Console)"
fi
if docker ps --filter "name=rustfs-dev" --format "{{.Names}}" | grep -q rustfs-dev; then
echo " Dev: http://localhost:9010 (API) | http://localhost:9011/rustfs/console/ (Console)"
fi
if docker ps --filter "name=rustfs-prod" --format "{{.Names}}" | grep -q rustfs-prod; then
echo " Prod: http://localhost:9020 (API) | http://127.0.0.1:9021/rustfs/console/ (Console)"
fi
}
# Test deployments
test_deployments() {
log "Testing RustFS deployments..."
echo
# Test basic deployment
if docker ps --filter "name=rustfs-quick" --format "{{.Names}}" | grep -q rustfs-quick; then
info "Testing basic deployment..."
if curl -s -f http://localhost:9000/health | grep -q "ok"; then
echo " ✅ API health check: PASS"
else
echo " ❌ API health check: FAIL"
fi
if curl -s -f http://localhost:9001/health | grep -q "console"; then
echo " ✅ Console health check: PASS"
else
echo " ❌ Console health check: FAIL"
fi
fi
# Test dev deployment
if docker ps --filter "name=rustfs-dev" --format "{{.Names}}" | grep -q rustfs-dev; then
info "Testing development deployment..."
if curl -s -f http://localhost:9010/health | grep -q "ok"; then
echo " ✅ Dev API health check: PASS"
else
echo " ❌ Dev API health check: FAIL"
fi
if curl -s -f http://localhost:9011/health | grep -q "console"; then
echo " ✅ Dev Console health check: PASS"
else
echo " ❌ Dev Console health check: FAIL"
fi
fi
# Test prod deployment
if docker ps --filter "name=rustfs-prod" --format "{{.Names}}" | grep -q rustfs-prod; then
info "Testing production deployment..."
if curl -s -f http://localhost:9020/health | grep -q "ok"; then
echo " ✅ Prod API health check: PASS"
else
echo " ❌ Prod API health check: FAIL"
fi
if curl -s -f http://127.0.0.1:9021/health | grep -q "console"; then
echo " ✅ Prod Console health check: PASS"
else
echo " ❌ Prod Console health check: FAIL"
fi
fi
}
# Show help
show_help() {
print_banner
echo "Usage: $0 [command]"
echo
echo "Commands:"
echo " basic Start basic RustFS deployment (ports 9000-9001)"
echo " dev Start development deployment with debug logging (ports 9010-9011)"
echo " prod Start production-like deployment with security (ports 9020-9021)"
echo " status Show status of running deployments"
echo " test Test health of all running deployments"
echo " cleanup Stop and remove all RustFS containers"
echo " help Show this help message"
echo
echo "Examples:"
echo " $0 basic # Quick start with default settings"
echo " $0 dev # Development environment with debug logs"
echo " $0 prod # Production-like setup with security"
echo " $0 status # Check what's running"
echo " $0 test # Test all deployments"
echo " $0 cleanup # Clean everything up"
echo
echo "For more advanced deployments, see:"
echo " - examples/enhanced-docker-deployment.sh"
echo " - examples/enhanced-security-deployment.sh"
echo " - examples/docker-comprehensive.yml"
echo " - docs/console-separation.md"
echo
}
# Main execution
case "${1:-help}" in
"basic")
print_banner
check_docker
quick_basic
;;
"dev")
print_banner
check_docker
quick_dev
;;
"prod")
print_banner
check_docker
quick_prod
;;
"status")
print_banner
status
;;
"test")
print_banner
test_deployments
;;
"cleanup")
print_banner
cleanup
;;
"help"|*)
show_help
;;
esac

321
docs/examples/docker/enhanced-docker-deployment.sh Executable file
View File

@@ -0,0 +1,321 @@
#!/bin/bash
# RustFS Enhanced Docker Deployment Examples
# This script demonstrates various deployment scenarios for RustFS with console separation
set -e
# Colors for output
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
BLUE='\033[0;34m'
NC='\033[0m' # No Color
log_info() {
echo -e "${GREEN}[INFO]${NC} $1"
}
log_warn() {
echo -e "${YELLOW}[WARN]${NC} $1"
}
log_error() {
echo -e "${RED}[ERROR]${NC} $1"
}
log_section() {
echo -e "\n${BLUE}========================================${NC}"
echo -e "${BLUE}$1${NC}"
echo -e "${BLUE}========================================${NC}\n"
}
# Function to clean up existing containers
cleanup() {
log_info "Cleaning up existing RustFS containers..."
docker stop rustfs-basic rustfs-dev rustfs-prod 2>/dev/null || true
docker rm rustfs-basic rustfs-dev rustfs-prod 2>/dev/null || true
}
# Function to wait for service to be ready
wait_for_service() {
local url=$1
local service_name=$2
local max_attempts=30
local attempt=0
log_info "Waiting for $service_name to be ready at $url..."
while [ $attempt -lt $max_attempts ]; do
if curl -s -f "$url" > /dev/null 2>&1; then
log_info "$service_name is ready!"
return 0
fi
attempt=$((attempt + 1))
sleep 1
done
log_error "$service_name failed to start within ${max_attempts}s"
return 1
}
# Scenario 1: Basic deployment with port mapping
deploy_basic() {
log_section "Scenario 1: Basic Docker Deployment with Port Mapping"
log_info "Starting RustFS with port mapping 9020:9000 and 9021:9001"
docker run -d \
--name rustfs-basic \
-p 9020:9000 \
-p 9021:9001 \
-e RUSTFS_EXTERNAL_ADDRESS=":9020" \
-e RUSTFS_CORS_ALLOWED_ORIGINS="http://localhost:9021,http://127.0.0.1:9021" \
-e RUSTFS_CONSOLE_CORS_ALLOWED_ORIGINS="*" \
-e RUSTFS_ACCESS_KEY="basic-access" \
-e RUSTFS_SECRET_KEY="basic-secret" \
-v rustfs-basic-data:/data \
rustfs/rustfs:latest
# Wait for services to be ready
wait_for_service "http://localhost:9020/health" "API Service"
wait_for_service "http://localhost:9021/health" "Console Service"
log_info "Basic deployment ready!"
log_info "🌐 API endpoint: http://localhost:9020"
log_info "🖥️ Console UI: http://localhost:9021/rustfs/console/"
log_info "🔐 Credentials: basic-access / basic-secret"
log_info "🏥 Health checks:"
log_info " API: curl http://localhost:9020/health"
log_info " Console: curl http://localhost:9021/health"
}
# Scenario 2: Development environment
deploy_development() {
log_section "Scenario 2: Development Environment"
log_info "Starting RustFS development environment"
docker run -d \
--name rustfs-dev \
-p 9030:9000 \
-p 9031:9001 \
-e RUSTFS_EXTERNAL_ADDRESS=":9030" \
-e RUSTFS_CORS_ALLOWED_ORIGINS="*" \
-e RUSTFS_CONSOLE_CORS_ALLOWED_ORIGINS="*" \
-e RUSTFS_ACCESS_KEY="dev-access" \
-e RUSTFS_SECRET_KEY="dev-secret" \
-e RUST_LOG="debug" \
-v rustfs-dev-data:/data \
rustfs/rustfs:latest
# Wait for services to be ready
wait_for_service "http://localhost:9030/health" "Dev API Service"
wait_for_service "http://localhost:9031/health" "Dev Console Service"
log_info "Development deployment ready!"
log_info "🌐 API endpoint: http://localhost:9030"
log_info "🖥️ Console UI: http://localhost:9031/rustfs/console/"
log_info "🔐 Credentials: dev-access / dev-secret"
log_info "📊 Debug logging enabled"
log_info "🏥 Health checks:"
log_info " API: curl http://localhost:9030/health"
log_info " Console: curl http://localhost:9031/health"
}
# Scenario 3: Production-like environment with security
deploy_production() {
log_section "Scenario 3: Production-like Deployment"
log_info "Starting RustFS production-like environment with security"
# Generate secure credentials
ACCESS_KEY=$(openssl rand -hex 16)
SECRET_KEY=$(openssl rand -hex 32)
# Save credentials for reference
cat > rustfs-prod-credentials.env << EOF
# RustFS Production Deployment Credentials
# Generated: $(date)
RUSTFS_ACCESS_KEY=$ACCESS_KEY
RUSTFS_SECRET_KEY=$SECRET_KEY
EOF
chmod 600 rustfs-prod-credentials.env
docker run -d \
--name rustfs-prod \
-p 9040:9000 \
-p 127.0.0.1:9041:9001 \
-e RUSTFS_ADDRESS="0.0.0.0:9000" \
-e RUSTFS_CONSOLE_ADDRESS="0.0.0.0:9001" \
-e RUSTFS_EXTERNAL_ADDRESS=":9040" \
-e RUSTFS_CORS_ALLOWED_ORIGINS="https://myapp.example.com" \
-e RUSTFS_CONSOLE_CORS_ALLOWED_ORIGINS="https://admin.example.com" \
-e RUSTFS_ACCESS_KEY="$ACCESS_KEY" \
-e RUSTFS_SECRET_KEY="$SECRET_KEY" \
-v rustfs-prod-data:/data \
rustfs/rustfs:latest
# Wait for services to be ready
wait_for_service "http://localhost:9040/health" "Prod API Service"
wait_for_service "http://127.0.0.1:9041/health" "Prod Console Service"
log_info "Production deployment ready!"
log_info "🌐 API endpoint: http://localhost:9040 (public)"
log_info "🖥️ Console UI: http://127.0.0.1:9041/rustfs/console/ (localhost only)"
log_info "🔐 Credentials: $ACCESS_KEY / $SECRET_KEY"
log_info "🔒 Security: Console restricted to localhost"
log_info "🏥 Health checks:"
log_info " API: curl http://localhost:9040/health"
log_info " Console: curl http://127.0.0.1:9041/health"
log_warn "⚠️ Console is restricted to localhost for security"
log_warn "⚠️ Credentials saved to rustfs-prod-credentials.env file"
}
# Function to show service status
show_status() {
log_section "Service Status"
echo "Running containers:"
docker ps --filter "name=rustfs-" --format "table {{.Names}}\t{{.Status}}\t{{.Ports}}"
echo -e "\nService endpoints:"
if docker ps --filter "name=rustfs-basic" --format "{{.Names}}" | grep -q rustfs-basic; then
echo " Basic API: http://localhost:9020"
echo " Basic Console: http://localhost:9021/rustfs/console/"
fi
if docker ps --filter "name=rustfs-dev" --format "{{.Names}}" | grep -q rustfs-dev; then
echo " Dev API: http://localhost:9030"
echo " Dev Console: http://localhost:9031/rustfs/console/"
fi
if docker ps --filter "name=rustfs-prod" --format "{{.Names}}" | grep -q rustfs-prod; then
echo " Prod API: http://localhost:9040"
echo " Prod Console: http://127.0.0.1:9041/rustfs/console/"
fi
}
# Function to test services
test_services() {
log_section "Testing Services"
# Test basic deployment
if docker ps --filter "name=rustfs-basic" --format "{{.Names}}" | grep -q rustfs-basic; then
log_info "Testing basic deployment..."
if curl -s http://localhost:9020/health | grep -q "ok"; then
log_info "✓ Basic API health check passed"
else
log_error "✗ Basic API health check failed"
fi
if curl -s http://localhost:9021/health | grep -q "console"; then
log_info "✓ Basic Console health check passed"
else
log_error "✗ Basic Console health check failed"
fi
fi
# Test development deployment
if docker ps --filter "name=rustfs-dev" --format "{{.Names}}" | grep -q rustfs-dev; then
log_info "Testing development deployment..."
if curl -s http://localhost:9030/health | grep -q "ok"; then
log_info "✓ Dev API health check passed"
else
log_error "✗ Dev API health check failed"
fi
if curl -s http://localhost:9031/health | grep -q "console"; then
log_info "✓ Dev Console health check passed"
else
log_error "✗ Dev Console health check failed"
fi
fi
# Test production deployment
if docker ps --filter "name=rustfs-prod" --format "{{.Names}}" | grep -q rustfs-prod; then
log_info "Testing production deployment..."
if curl -s http://localhost:9040/health | grep -q "ok"; then
log_info "✓ Prod API health check passed"
else
log_error "✗ Prod API health check failed"
fi
if curl -s http://127.0.0.1:9041/health | grep -q "console"; then
log_info "✓ Prod Console health check passed"
else
log_error "✗ Prod Console health check failed"
fi
fi
}
# Function to show logs
show_logs() {
log_section "Service Logs"
if [ -n "$1" ]; then
docker logs "$1"
else
echo "Available containers:"
docker ps --filter "name=rustfs-" --format "{{.Names}}"
echo -e "\nUsage: $0 logs <container-name>"
fi
}
# Main menu
case "${1:-menu}" in
"basic")
cleanup
deploy_basic
;;
"dev")
cleanup
deploy_development
;;
"prod")
cleanup
deploy_production
;;
"all")
cleanup
deploy_basic
deploy_development
deploy_production
show_status
;;
"status")
show_status
;;
"test")
test_services
;;
"logs")
show_logs "$2"
;;
"cleanup")
cleanup
docker volume rm rustfs-basic-data rustfs-dev-data rustfs-prod-data 2>/dev/null || true
log_info "Cleanup completed"
;;
"menu"|*)
echo "RustFS Enhanced Docker Deployment Examples"
echo ""
echo "Usage: $0 [command]"
echo ""
echo "Commands:"
echo " basic - Deploy basic RustFS with port mapping"
echo " dev - Deploy development environment"
echo " prod - Deploy production-like environment"
echo " all - Deploy all scenarios"
echo " status - Show status of running containers"
echo " test - Test all running services"
echo " logs - Show logs for specific container"
echo " cleanup - Clean up all containers and volumes"
echo ""
echo "Examples:"
echo " $0 basic # Deploy basic setup"
echo " $0 status # Check running services"
echo " $0 logs rustfs-dev # Show dev container logs"
echo " $0 cleanup # Clean everything up"
;;
esac

207
docs/examples/docker/enhanced-security-deployment.sh Executable file
View File

@@ -0,0 +1,207 @@
#!/bin/bash
# RustFS Enhanced Security Deployment Script
# This script demonstrates production-ready deployment with enhanced security features
set -e
# Configuration
RUSTFS_IMAGE="${RUSTFS_IMAGE:-rustfs/rustfs:latest}"
CONTAINER_NAME="${CONTAINER_NAME:-rustfs-secure}"
DATA_DIR="${DATA_DIR:-./data}"
CERTS_DIR="${CERTS_DIR:-./certs}"
CONSOLE_PORT="${CONSOLE_PORT:-9443}"
API_PORT="${API_PORT:-9000}"
# Colors for output
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
BLUE='\033[0;34m'
NC='\033[0m' # No Color
log() {
echo -e "${BLUE}[INFO]${NC} $1"
}
warn() {
echo -e "${YELLOW}[WARN]${NC} $1"
}
error() {
echo -e "${RED}[ERROR]${NC} $1"
exit 1
}
success() {
echo -e "${GREEN}[SUCCESS]${NC} $1"
}
# Check if Docker is available
check_docker() {
if ! command -v docker &> /dev/null; then
error "Docker is not installed or not in PATH"
fi
log "Docker is available"
}
# Generate TLS certificates for console
generate_certs() {
if [[ ! -d "$CERTS_DIR" ]]; then
mkdir -p "$CERTS_DIR"
log "Created certificates directory: $CERTS_DIR"
fi
if [[ ! -f "$CERTS_DIR/console.crt" ]] || [[ ! -f "$CERTS_DIR/console.key" ]]; then
log "Generating TLS certificates for console..."
openssl req -x509 -newkey rsa:4096 \
-keyout "$CERTS_DIR/console.key" \
-out "$CERTS_DIR/console.crt" \
-days 365 -nodes \
-subj "/C=US/ST=CA/L=SF/O=RustFS/CN=localhost"
chmod 600 "$CERTS_DIR/console.key"
chmod 644 "$CERTS_DIR/console.crt"
success "TLS certificates generated"
else
log "TLS certificates already exist"
fi
}
# Create data directory
create_data_dir() {
if [[ ! -d "$DATA_DIR" ]]; then
mkdir -p "$DATA_DIR"
log "Created data directory: $DATA_DIR"
fi
}
# Generate secure credentials
generate_credentials() {
if [[ -z "$RUSTFS_ACCESS_KEY" ]]; then
export RUSTFS_ACCESS_KEY="admin-$(openssl rand -hex 8)"
log "Generated access key: $RUSTFS_ACCESS_KEY"
fi
if [[ -z "$RUSTFS_SECRET_KEY" ]]; then
export RUSTFS_SECRET_KEY="$(openssl rand -hex 32)"
log "Generated secret key: [HIDDEN]"
fi
# Save credentials to .env file
cat > .env << EOF
RUSTFS_ACCESS_KEY=$RUSTFS_ACCESS_KEY
RUSTFS_SECRET_KEY=$RUSTFS_SECRET_KEY
EOF
chmod 600 .env
success "Credentials saved to .env file"
}
# Stop existing container
stop_existing() {
if docker ps -a --format "table {{.Names}}" | grep -q "^$CONTAINER_NAME\$"; then
log "Stopping existing container: $CONTAINER_NAME"
docker stop "$CONTAINER_NAME" 2>/dev/null || true
docker rm "$CONTAINER_NAME" 2>/dev/null || true
fi
}
# Deploy RustFS with enhanced security
deploy_rustfs() {
log "Deploying RustFS with enhanced security..."
docker run -d \
--name "$CONTAINER_NAME" \
--restart unless-stopped \
-p "$CONSOLE_PORT:9001" \
-p "$API_PORT:9000" \
-v "$(pwd)/$DATA_DIR:/data" \
-v "$(pwd)/$CERTS_DIR:/certs:ro" \
-e RUSTFS_CONSOLE_TLS_ENABLE=true \
-e RUSTFS_CONSOLE_TLS_CERT=/certs/console.crt \
-e RUSTFS_CONSOLE_TLS_KEY=/certs/console.key \
-e RUSTFS_CONSOLE_RATE_LIMIT_ENABLE=true \
-e RUSTFS_CONSOLE_RATE_LIMIT_RPM=60 \
-e RUSTFS_CONSOLE_AUTH_TIMEOUT=1800 \
-e RUSTFS_CONSOLE_CORS_ALLOWED_ORIGINS="https://localhost:$CONSOLE_PORT" \
-e RUSTFS_CORS_ALLOWED_ORIGINS="http://localhost:$API_PORT" \
-e RUSTFS_ACCESS_KEY="$RUSTFS_ACCESS_KEY" \
-e RUSTFS_SECRET_KEY="$RUSTFS_SECRET_KEY" \
-e RUSTFS_EXTERNAL_ADDRESS=":$API_PORT" \
"$RUSTFS_IMAGE" /data
# Wait for container to start
sleep 5
if docker ps --format "table {{.Names}}" | grep -q "^$CONTAINER_NAME\$"; then
success "RustFS deployed successfully"
else
error "Failed to deploy RustFS"
fi
}
# Check service health
check_health() {
log "Checking service health..."
# Check console health
if curl -k -s "https://localhost:$CONSOLE_PORT/health" | jq -e '.status == "ok"' > /dev/null 2>&1; then
success "Console service is healthy"
else
warn "Console service health check failed"
fi
# Check API health
if curl -s "http://localhost:$API_PORT/health" | jq -e '.status == "ok"' > /dev/null 2>&1; then
success "API service is healthy"
else
warn "API service health check failed"
fi
}
# Display access information
show_access_info() {
echo
echo "=========================================="
echo " RustFS Access Information"
echo "=========================================="
echo
echo "🌐 Console (HTTPS): https://localhost:$CONSOLE_PORT/rustfs/console/"
echo "🔧 API Endpoint: http://localhost:$API_PORT"
echo "🏥 Console Health: https://localhost:$CONSOLE_PORT/health"
echo "🏥 API Health: http://localhost:$API_PORT/health"
echo
echo "🔐 Credentials:"
echo " Access Key: $RUSTFS_ACCESS_KEY"
echo " Secret Key: [Check .env file]"
echo
echo "📝 Logs: docker logs $CONTAINER_NAME"
echo "🛑 Stop: docker stop $CONTAINER_NAME"
echo
echo "⚠️ Note: Console uses self-signed certificate"
echo " Accept the certificate warning in your browser"
echo
}
# Main deployment flow
main() {
log "Starting RustFS Enhanced Security Deployment"
check_docker
create_data_dir
generate_certs
generate_credentials
stop_existing
deploy_rustfs
# Wait a bit for services to start
sleep 10
check_health
show_access_info
success "Deployment completed successfully!"
}
# Run main function
main "$@"