# RustFS Comprehensive Docker Deployment Examples # This file demonstrates various deployment scenarios for RustFS with console separation version: "3.8" services: # Basic deployment with default settings rustfs-basic: image: rustfs/rustfs:latest container_name: rustfs-basic ports: - "9000:9000" # API endpoint - "9001:9001" # Console interface environment: - RUSTFS_ADDRESS=0.0.0.0:9000 - RUSTFS_CONSOLE_ADDRESS=0.0.0.0:9001 - RUSTFS_EXTERNAL_ADDRESS=:9000 - RUSTFS_CORS_ALLOWED_ORIGINS=http://localhost:9001 - RUSTFS_CONSOLE_CORS_ALLOWED_ORIGINS=* - RUSTFS_ACCESS_KEY=admin - RUSTFS_SECRET_KEY=password volumes: - rustfs-basic-data:/data networks: - rustfs-network restart: unless-stopped healthcheck: test: [ "CMD", "sh", "-c", "curl -f http://localhost:9000/health && curl -f http://localhost:9001/rustfs/console/health" ] interval: 30s timeout: 10s retries: 3 profiles: - basic # Development environment with debug logging rustfs-dev: image: rustfs/rustfs:latest container_name: rustfs-dev ports: - "9010:9000" # API endpoint - "9011:9001" # Console interface environment: - RUSTFS_ADDRESS=0.0.0.0:9000 - RUSTFS_CONSOLE_ADDRESS=0.0.0.0:9001 - RUSTFS_EXTERNAL_ADDRESS=:9010 - RUSTFS_CORS_ALLOWED_ORIGINS=* - RUSTFS_CONSOLE_CORS_ALLOWED_ORIGINS=* - RUSTFS_ACCESS_KEY=dev-admin - RUSTFS_SECRET_KEY=dev-password - RUST_LOG=debug - RUSTFS_OBS_LOGGER_LEVEL=debug volumes: - rustfs-dev-data:/data - rustfs-dev-logs:/logs networks: - rustfs-network restart: unless-stopped healthcheck: test: [ "CMD", "sh", "-c", "curl -f http://localhost:9000/health && curl -f http://localhost:9001/rustfs/console/health" ] interval: 30s timeout: 10s retries: 3 profiles: - dev # Production environment with security hardening rustfs-production: image: rustfs/rustfs:latest container_name: rustfs-production ports: - "9020:9000" # API endpoint (public) - "127.0.0.1:9021:9001" # Console (localhost only) environment: - RUSTFS_ADDRESS=0.0.0.0:9000 - RUSTFS_CONSOLE_ADDRESS=0.0.0.0:9001 - RUSTFS_EXTERNAL_ADDRESS=:9020 - RUSTFS_CORS_ALLOWED_ORIGINS=https://myapp.com,https://api.myapp.com - RUSTFS_CONSOLE_CORS_ALLOWED_ORIGINS=https://admin.myapp.com - RUSTFS_CONSOLE_RATE_LIMIT_ENABLE=true - RUSTFS_CONSOLE_RATE_LIMIT_RPM=60 - RUSTFS_CONSOLE_AUTH_TIMEOUT=1800 - RUSTFS_ACCESS_KEY_FILE=/run/secrets/rustfs_access_key - RUSTFS_SECRET_KEY_FILE=/run/secrets/rustfs_secret_key volumes: - rustfs-production-data:/data - rustfs-production-logs:/logs - rustfs-certs:/certs:ro networks: - rustfs-network secrets: - rustfs_access_key - rustfs_secret_key restart: unless-stopped healthcheck: test: [ "CMD", "sh", "-c", "curl -f http://localhost:9000/health && curl -f http://localhost:9001/rustfs/console/health" ] interval: 30s timeout: 10s retries: 3 profiles: - production # Enterprise deployment with TLS and full security rustfs-enterprise: image: rustfs/rustfs:latest container_name: rustfs-enterprise ports: - "9030:9000" # API endpoint - "127.0.0.1:9443:9001" # Console with TLS (localhost only) environment: - RUSTFS_ADDRESS=0.0.0.0:9000 - RUSTFS_CONSOLE_ADDRESS=0.0.0.0:9001 - RUSTFS_EXTERNAL_ADDRESS=:9030 - RUSTFS_TLS_PATH=/certs - RUSTFS_CORS_ALLOWED_ORIGINS=https://enterprise.com - RUSTFS_CONSOLE_CORS_ALLOWED_ORIGINS=https://admin.enterprise.com - RUSTFS_CONSOLE_RATE_LIMIT_ENABLE=true - RUSTFS_CONSOLE_RATE_LIMIT_RPM=30 - RUSTFS_CONSOLE_AUTH_TIMEOUT=900 volumes: - rustfs-enterprise-data:/data - rustfs-enterprise-logs:/logs - rustfs-enterprise-certs:/certs:ro networks: - rustfs-secure-network secrets: - rustfs_enterprise_access_key - rustfs_enterprise_secret_key restart: unless-stopped healthcheck: test: [ "CMD", "sh", "-c", "curl -f http://localhost:9000/health && curl -k -f https://localhost:9001/rustfs/console/health" ] interval: 30s timeout: 10s retries: 3 profiles: - enterprise # API-only deployment (console disabled) rustfs-api-only: image: rustfs/rustfs:latest container_name: rustfs-api-only ports: - "9040:9000" # API endpoint only environment: - RUSTFS_ADDRESS=0.0.0.0:9000 - RUSTFS_CONSOLE_ENABLE=false - RUSTFS_CORS_ALLOWED_ORIGINS=https://client-app.com - RUSTFS_ACCESS_KEY=api-only-key - RUSTFS_SECRET_KEY=api-only-secret volumes: - rustfs-api-data:/data networks: - rustfs-network restart: unless-stopped healthcheck: test: [ "CMD", "curl", "-f", "http://localhost:9000/health" ] interval: 30s timeout: 10s retries: 3 profiles: - api-only # Nginx reverse proxy for production nginx-proxy: image: nginx:alpine container_name: rustfs-nginx ports: - "80:80" - "443:443" volumes: - ./nginx/nginx.conf:/etc/nginx/nginx.conf:ro - ./nginx/ssl:/etc/nginx/ssl:ro networks: - rustfs-network restart: unless-stopped depends_on: - rustfs-production profiles: - production - enterprise networks: rustfs-network: driver: bridge ipam: config: - subnet: 172.20.0.0/16 rustfs-secure-network: driver: bridge internal: true ipam: config: - subnet: 172.21.0.0/16 volumes: rustfs-basic-data: driver: local rustfs-dev-data: driver: local rustfs-dev-logs: driver: local rustfs-production-data: driver: local rustfs-production-logs: driver: local rustfs-enterprise-data: driver: local rustfs-enterprise-logs: driver: local rustfs-enterprise-certs: driver: local rustfs-api-data: driver: local rustfs-certs: driver: local secrets: rustfs_access_key: external: true rustfs_secret_key: external: true rustfs_enterprise_access_key: external: true rustfs_enterprise_secret_key: external: true