使用 Docker 部署
准备配置 .env
1 2 3 4
| RUSTFS_ACCESS_KEY=rustfsadmin RUSTFS_SECRET_KEY=rustfsadmin RUSTFS_CONSOLE_ENABLE=true RUSTFS_SERVER_DOMAINS=s3.example.com
|
准备 Docker 启动脚本
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
| mkdir data logs
sudo chown -R 10001:10001 data logs
docker run -d \ --name rustfs \ -p 127.0.0.1:9000:9000 \ -p 127.0.0.1:9001:9001 \ -v ./data:/data \ -v ./logs:/logs \ --env-file .env \ rustfs/rustfs:latest \ /data
|
nginx 配置
API 接口
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39
| # rustfs Api endpoint server { listen 80; listen 443 ssl; server_name s3.example.com;
ssl_certificate ssl/example.com.crt; ssl_certificate_key ssl/example.com.key; ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3; ssl_ciphers EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5; ssl_prefer_server_ciphers on; ssl_session_cache shared:SSL:10m; ssl_session_timeout 10m; error_page 497 https://$host$request_uri;
ignore_invalid_headers off; client_max_body_size 0; proxy_buffering off; proxy_request_buffering off;
location / { proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme;
proxy_cache_convert_head off;
proxy_connect_timeout 300; proxy_http_version 1.1; proxy_set_header Connection ""; chunked_transfer_encoding off;
proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade";
proxy_pass http://127.0.0.1:9000; } }
|
控制台页面
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
| # rustfs Admin endpoint server { listen 80; listen 443 ssl; server_name s3-admin.example.com; client_max_body_size 0;
ssl_certificate ssl/example.com.crt; ssl_certificate_key ssl/example.com.key; ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3; ssl_ciphers EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5; ssl_prefer_server_ciphers on; ssl_session_cache shared:SSL:10m; ssl_session_timeout 10m; add_header Strict-Transport-Security "max-age=31536000"; error_page 497 https://$host$request_uri;
# 双向认证配置,按需开启 # ssl_client_certificate ssl/ca.crt; # 配置 CA 证书,用于验证客户端证书的签发者 # ssl_verify_client on; # 启用客户端证书验证 # ssl_crl ssl/crl.pem; # 配置 CRL 文件路径,用于检查吊销的证书
location / { proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_pass http://127.0.0.1:9001; } }
|
配置存储桶权限
默认权限为私有,需要用 apikey 才可以上传与下载。
先到访问密钥里面创建一个 APIKey

进入 存储桶 -> 设置 点击访问策略 旁边的编辑

选择自定义策略,私有写公有读 的 策略内容为:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34
| { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "AWS": [ "*" ] }, "Action": [ "s3:GetBucketLocation", "s3:ListBucket" ], "Resource": [ "arn:aws:s3:::mybucket" ] }, { "Effect": "Allow", "Principal": { "AWS": [ "*" ] }, "Action": [ "s3:GetObject" ], "Resource": [ "arn:aws:s3:::mybucket/*" ] } ] }
|
使用 CURL 操作对象存储
curl 操作对象存储,或者测试对象存储权限等。可以参考
使用cURL命令管理对象存储(s3)