Created
December 19, 2025 08:14
-
-
Save taufiqpsumarna/46ab9a0ba5d2c6a531ade277eda1bccf to your computer and use it in GitHub Desktop.
docker compose file RustFS S3 nginx proxy manager configuration
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| version: "3.9" | |
| services: | |
| # RustFS main service | |
| rustfs: | |
| image: rustfs/rustfs:1.0.0-alpha.76 | |
| container_name: rustfs-server | |
| security_opt: | |
| - "no-new-privileges:true" | |
| ports: | |
| - "9000:9000" # S3 API port | |
| - "9001:9001" # Console port | |
| environment: | |
| - RUSTFS_VOLUMES=/data/rustfs{0...3} | |
| - RUSTFS_ADDRESS=0.0.0.0:9000 | |
| - RUSTFS_CONSOLE_ADDRESS=0.0.0.0:9001 | |
| - RUSTFS_CONSOLE_ENABLE=true | |
| - RUSTFS_EXTERNAL_ADDRESS=:9000 | |
| - RUSTFS_CORS_ALLOWED_ORIGINS=* | |
| - RUSTFS_CONSOLE_CORS_ALLOWED_ORIGINS=* | |
| - RUSTFS_ACCESS_KEY=admin # CHANGEME | |
| - RUSTFS_SECRET_KEY=changeme # CHANGEME | |
| - RUSTFS_OBS_LOGGER_LEVEL=info | |
| - RUSTFS_TLS_PATH=/opt/tls | |
| - RUSTFS_SERVER_DOMAINS=rustfs.dev.example.com | |
| # Object Cache | |
| - RUSTFS_OBJECT_CACHE_ENABLE=true | |
| - RUSTFS_OBJECT_CACHE_TTL_SECS=300 | |
| volumes: | |
| - rustfs_data_0:/data/rustfs0 | |
| - rustfs_data_1:/data/rustfs1 | |
| - rustfs_data_2:/data/rustfs2 | |
| - rustfs_data_3:/data/rustfs3 | |
| - logs:/app/logs | |
| networks: | |
| - nginx | |
| - rustfs | |
| restart: unless-stopped | |
| healthcheck: | |
| test: | |
| [ | |
| "CMD", | |
| "sh", "-c", | |
| "curl -f http://localhost:9000/health && curl -f http://localhost:9001/rustfs/console/health" | |
| ] | |
| interval: 30s | |
| timeout: 10s | |
| retries: 3 | |
| start_period: 40s | |
| # RustFS volume permissions fixer service | |
| volume-permission-helper: | |
| image: alpine | |
| volumes: | |
| - rustfs_data_0:/data0 | |
| - rustfs_data_1:/data1 | |
| - rustfs_data_2:/data2 | |
| - rustfs_data_3:/data3 | |
| - logs:/logs | |
| command: > | |
| sh -c " | |
| chown -R 10001:10001 /data0 /data1 /data2 /data3 /logs && | |
| echo 'Volume Permissions fixed' && | |
| exit 0 | |
| " | |
| restart: "no" | |
| networks: | |
| - nginx | |
| - rustfs | |
| networks: | |
| nginx: | |
| driver: bridge | |
| external: true | |
| rustfs: | |
| driver: bridge | |
| volumes: | |
| rustfs_data_0: | |
| rustfs_data_1: | |
| rustfs_data_2: | |
| rustfs_data_3: | |
| logs: |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # ------------------------------------------------------------ | |
| # rustfs.dev.example.com, s3.dev.example.com | |
| # ------------------------------------------------------------ | |
| map $scheme $hsts_header { | |
| https "max-age=63072000; preload"; | |
| } | |
| server { | |
| set $forward_scheme http; | |
| set $server "rustfs"; | |
| set $port 9001; | |
| listen 80; | |
| listen [::]:80; | |
| listen 443 ssl; | |
| listen [::]:443 ssl; | |
| server_name rustfs.dev.example.com s3.dev.example.com; | |
| http2 on; | |
| # Let's Encrypt SSL | |
| include conf.d/include/letsencrypt-acme-challenge.conf; | |
| include conf.d/include/ssl-cache.conf; | |
| include conf.d/include/ssl-ciphers.conf; | |
| ssl_certificate /etc/letsencrypt/live/npm-2/fullchain.pem; | |
| ssl_certificate_key /etc/letsencrypt/live/npm-2/privkey.pem; | |
| # Block Exploits | |
| include conf.d/include/block-exploits.conf; | |
| # HSTS (ngx_http_headers_module is required) (63072000 seconds = 2 years) | |
| add_header Strict-Transport-Security $hsts_header always; | |
| # Force SSL | |
| include conf.d/include/force-ssl.conf; | |
| proxy_set_header Upgrade $http_upgrade; | |
| proxy_set_header Connection $http_connection; | |
| proxy_http_version 1.1; | |
| access_log /data/logs/proxy-host-1_access.log proxy; | |
| error_log /data/logs/proxy-host-1_error.log warn; | |
| # Allow any size file to be uploaded. Set to a specific value (e.g., 1000m) to restrict. | |
| client_max_body_size 0; | |
| # Disable buffering for better streaming performance | |
| proxy_buffering off; | |
| proxy_request_buffering off; | |
| location /api { | |
| # Allow any size file to be uploaded. Set to a specific value (e.g., 1000m) to restrict. | |
| client_max_body_size 0; | |
| # Disable buffering for better streaming performance | |
| proxy_buffering off; | |
| proxy_request_buffering off; | |
| proxy_set_header Host $host; | |
| proxy_set_header X-Forwarded-Scheme $scheme; | |
| proxy_set_header X-Forwarded-Proto $scheme; | |
| proxy_set_header X-Forwarded-For $remote_addr; | |
| proxy_set_header X-Real-IP $remote_addr; | |
| proxy_pass http://rustfs:9000; | |
| # Block Exploits | |
| include conf.d/include/block-exploits.conf; | |
| # Force SSL | |
| include conf.d/include/force-ssl.conf; | |
| # HSTS (ngx_http_headers_module is required) (63072000 seconds = 2 years) | |
| add_header Strict-Transport-Security $hsts_header always; | |
| proxy_set_header Upgrade $http_upgrade; | |
| proxy_set_header Connection $http_connection; | |
| proxy_http_version 1.1; | |
| } | |
| location / { | |
| # HSTS (ngx_http_headers_module is required) (63072000 seconds = 2 years) | |
| add_header Strict-Transport-Security $hsts_header always; | |
| proxy_set_header Upgrade $http_upgrade; | |
| proxy_set_header Connection $http_connection; | |
| proxy_http_version 1.1; | |
| # Proxy! | |
| include conf.d/include/proxy.conf; | |
| } | |
| # Custom | |
| include /data/nginx/custom/server_proxy[.]conf; | |
| } | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment