sdgoij/rustfs
1
0
Fork 0
mirror of https://github.com/rustfs/rustfs.git synced 2026-01-17 01:30:33 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
chore/append-backup
rustfs/examples/README.md
Copilot 29c004d935 feat: enhance console separation with enterprise-grade security, monitoring, and advanced tower-http integration (#513) 
* Initial plan

* feat: implement console service separation from endpoint

Co-authored-by: houseme <4829346+houseme@users.noreply.github.com>

* feat: add console separation documentation and tests

Co-authored-by: houseme <4829346+houseme@users.noreply.github.com>

* feat: enhance console separation with configurable CORS and improved Docker support

Co-authored-by: houseme <4829346+houseme@users.noreply.github.com>

* feat: implement enhanced console separation with security hardening and monitoring

Co-authored-by: houseme <4829346+houseme@users.noreply.github.com>

* refactor: implement console TLS following endpoint logic and improve configuration

Co-authored-by: houseme <4829346+houseme@users.noreply.github.com>

* add tower-http feature "timeout|limit"

* add dependencies crates `axum-server`

* refactor: reconstruct console server with enhanced tower-http features and environment variables

Co-authored-by: houseme <4829346+houseme@users.noreply.github.com>

* upgrade dep

* improve code for dns and console port `:9001`

* improve code

* fix

* docs: comprehensive improvement of console separation documentation and Docker deployment standards

Co-authored-by: houseme <4829346+houseme@users.noreply.github.com>

* fmt

* add logs

* improve code for Config handler

* remove logs

* fix

---------

Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: houseme <4829346+houseme@users.noreply.github.com>
Co-authored-by: houseme <housemecn@gmail.com>
2025-09-13 14:48:14 +08:00

7.2 KiB
Raw Permalink Blame History

RustFS Docker Deployment Examples

This directory contains various deployment scripts and configuration files for RustFS with console and endpoint service separation.

Quick Start Scripts

docker-quickstart.sh

The fastest way to get RustFS running with different configurations.

# Basic deployment (ports 9000-9001)
./docker-quickstart.sh basic

# Development environment (ports 9010-9011) 
./docker-quickstart.sh dev

# Production-like deployment (ports 9020-9021)
./docker-quickstart.sh prod

# Check status of all deployments
./docker-quickstart.sh status

# Test health of all running services
./docker-quickstart.sh test

# Clean up all containers
./docker-quickstart.sh cleanup

enhanced-docker-deployment.sh

Comprehensive deployment script with multiple scenarios and detailed logging.

# Deploy individual scenarios
./enhanced-docker-deployment.sh basic    # Basic setup with port mapping
./enhanced-docker-deployment.sh dev      # Development environment  
./enhanced-docker-deployment.sh prod     # Production-like with security

# Deploy all scenarios at once
./enhanced-docker-deployment.sh all

# Check status and test services
./enhanced-docker-deployment.sh status
./enhanced-docker-deployment.sh test

# View logs for specific container
./enhanced-docker-deployment.sh logs rustfs-dev

# Complete cleanup
./enhanced-docker-deployment.sh cleanup

enhanced-security-deployment.sh

Production-ready deployment with enhanced security features including TLS, rate limiting, and secure credential generation.

# Deploy with security hardening
./enhanced-security-deployment.sh

# Features:
# - Automatic TLS certificate generation
# - Secure credential generation
# - Rate limiting configuration
# - Console access restrictions
# - Health check validation

Docker Compose Examples

docker-comprehensive.yml

Complete Docker Compose configuration with multiple deployment profiles.

# Deploy specific profiles
docker-compose -f docker-comprehensive.yml --profile basic up -d
docker-compose -f docker-comprehensive.yml --profile dev up -d
docker-compose -f docker-comprehensive.yml --profile production up -d
docker-compose -f docker-comprehensive.yml --profile enterprise up -d
docker-compose -f docker-comprehensive.yml --profile api-only up -d

# Deploy with reverse proxy
docker-compose -f docker-comprehensive.yml --profile production --profile nginx up -d

Available Profiles:

  • basic: Simple deployment for testing (ports 9000-9001)
  • dev: Development environment with debug logging (ports 9010-9011)
  • production: Production deployment with security (ports 9020-9021)
  • enterprise: Full enterprise setup with TLS (ports 9030-9443)
  • api-only: API endpoint without console (port 9040)

Usage Examples by Scenario

Development Setup

# Quick development start
./docker-quickstart.sh dev

# Or use enhanced deployment for more features
./enhanced-docker-deployment.sh dev

# Or use Docker Compose
docker-compose -f docker-comprehensive.yml --profile dev up -d

Access Points:

Production Deployment

# Security-hardened deployment
./enhanced-security-deployment.sh

# Or production profile
./enhanced-docker-deployment.sh prod

Features:

  • TLS encryption for console
  • Rate limiting enabled
  • Restricted CORS policies
  • Secure credential generation
  • Console bound to localhost only

Testing and CI/CD

# API-only deployment for testing
docker-compose -f docker-comprehensive.yml --profile api-only up -d

# Quick basic setup for integration tests
./docker-quickstart.sh basic

Configuration Examples

Environment Variables

All deployment scripts support customization via environment variables:

# Custom image and ports
export RUSTFS_IMAGE="rustfs/rustfs:custom-tag"
export CONSOLE_PORT="8001"
export API_PORT="8000"

# Custom data directories
export DATA_DIR="/custom/data/path"
export CERTS_DIR="/custom/certs/path"

# Run with custom configuration
./enhanced-security-deployment.sh

Common Configurations

# Development - permissive CORS
RUSTFS_CORS_ALLOWED_ORIGINS="*"
RUSTFS_CONSOLE_CORS_ALLOWED_ORIGINS="*"

# Production - restrictive CORS  
RUSTFS_CORS_ALLOWED_ORIGINS="https://myapp.com,https://api.myapp.com"
RUSTFS_CONSOLE_CORS_ALLOWED_ORIGINS="https://admin.myapp.com"

# Security hardening
RUSTFS_CONSOLE_RATE_LIMIT_ENABLE="true"
RUSTFS_CONSOLE_RATE_LIMIT_RPM="60"
RUSTFS_CONSOLE_AUTH_TIMEOUT="1800"

Monitoring and Health Checks

All deployments include health check endpoints:

# Test API health
curl http://localhost:9000/health

# Test console health  
curl http://localhost:9001/health

# Test all deployments
./docker-quickstart.sh test
./enhanced-docker-deployment.sh test

Network Architecture

Port Mappings

Deployment API Port Console Port Description
Basic 9000 9001 Simple deployment
Dev 9010 9011 Development environment
Prod 9020 9021 Production-like setup
Enterprise 9030 9443 Enterprise with TLS
API-Only 9040 - API endpoint only

Network Isolation

Production deployments use network isolation:

  • Public API Network: Exposes API endpoints to external clients
  • Internal Console Network: Restricts console access to internal networks
  • Secure Network: Isolated network for enterprise deployments

Security Considerations

Development

  • Permissive CORS policies for easy testing
  • Debug logging enabled
  • Default credentials for simplicity

Production

  • Restrictive CORS policies
  • TLS encryption for console
  • Rate limiting enabled
  • Secure credential generation
  • Console bound to localhost
  • Network isolation

Enterprise

  • Complete TLS encryption
  • Advanced rate limiting
  • Authentication timeouts
  • Secret management
  • Network segregation

Troubleshooting

Common Issues

  1. Port Conflicts: Use different ports via environment variables
  2. CORS Errors: Check origin configuration and browser network tab
  3. Health Check Failures: Verify services are running and ports are accessible
  4. Permission Issues: Check volume mount permissions and certificate file permissions

Debug Commands

# Check container logs
docker logs rustfs-container

# Check container environment
docker exec rustfs-container env | grep RUSTFS

# Test connectivity
docker exec rustfs-container curl http://localhost:9000/health
docker exec rustfs-container curl http://localhost:9001/health

# Check listening ports
docker exec rustfs-container netstat -tulpn | grep -E ':(9000|9001)'

Migration from Previous Versions

See docs/console-separation.md for detailed migration instructions from single-port deployments to the separated architecture.

Additional Resources

Reference in New Issue View Git Blame Copy Permalink