Boost Your Storage Performance: Deploy RustFS Object Store with Docker in Minutes

Why Choose RustFS + Docker?

RustFS is an object‑storage service written in Rust, inheriting Rust’s memory‑safety and zero‑GC pause advantages. It delivers faster response for large‑file uploads and high‑concurrency reads, making it ideal for log storage, video assets, and backup archives. Docker provides containerization that eliminates dependency‑hell and guarantees identical environments across machines.

Prerequisites (3‑Minute Setup)

Docker ≥ 20.10 installed

At least 4 GB RAM (8 GB+ recommended)

SSD or NVMe storage for optimal I/O

Ports 9000 (S3 API) and 9001 (management console) open

One‑Click Deployment

Pull the official RustFS image and start a container with a few commands:

# Pull RustFS official image
docker pull rustfs/rustfs:latest

# Start RustFS container (simplest form)
docker run -d \
  --name rustfs \
  -p 9000:9000 \
  -p 9001:9001 \
  -v /data:/data \
  rustfs/rustfs:latest

Key parameters: -p 9000:9000 – maps the S3 API port -p 9001:9001 – maps the management console port -v /data:/data – mounts a persistent data volume

Optional Docker‑Compose Configuration

If you prefer Compose, create docker-compose.yml:

version: "3.8"

services:
  rustfs:
    image: rustfs/rustfs:latest
    container_name: rustfs-server
    security_opt:
      - "no-new-privileges:true"
    ports:
      - "9000:9000"   # S3 API
      - "9001:9001"   # Console
    environment:
      - RUSTFS_VOLUMES=/data/rustfs0
      - RUSTFS_ADDRESS=0.0.0.0:9000
      - RUSTFS_CONSOLE_ADDRESS=0.0.0.0:9001
      - RUSTFS_CONSOLE_ENABLE=true
      - RUSTFS_CORS_ALLOWED_ORIGINS=*
      - RUSTFS_CONSOLE_CORS_ALLOWED_ORIGINS=*
      - RUSTFS_ACCESS_KEY=rustfsadmin
      - RUSTFS_SECRET_KEY=rustfsadmin
      - RUSTFS_OBS_LOGGER_LEVEL=info
    volumes:
      - ./deploy/data/pro:/data
      - ./deploy/logs:/app/logs
    networks:
      - rustfs-network
    restart: unless-stopped
    healthcheck:
      test: ["CMD", "sh", "-c", "curl -f http://localhost:9000/health && curl -f http://localhost:9001/health"]
      interval: 30s
      timeout: 10s
      retries: 3
      start_period: 40s

networks:
  rustfs-network:
    driver: bridge
    ipam:
      config:
        - subnet: 172.20.0.0/16

Launch with docker compose up -d.

Nginx Reverse‑Proxy Configuration

S3 API Proxy

# S3 API upstream
upstream rustfs_api {
    server 127.0.0.1:9000; # Docker‑mapped S3 port
}

# HTTP → HTTPS redirect
server {
    listen 80;
    server_name s3.yourdomain.com;
    return 301 https://$host$request_uri;
}

# HTTPS server
server {
    listen 443 ssl;
    server_name s3.yourdomain.com;

    ssl_certificate /path/to/fullchain.pem;
    ssl_certificate_key /path/to/privkey.pem;
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:!MD5;
    ssl_prefer_server_ciphers on;

    # Important: disable HEAD‑to‑GET conversion for S3 V4 signatures
    proxy_cache_convert_head off;

    location / {
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Forwarded-Port $server_port;
        proxy_connect_timeout 300;
        proxy_http_version 1.1;
        proxy_set_header Connection "";
        proxy_pass http://rustfs_api;
    }
}

Management Console Proxy

# Console upstream
upstream rustfs_console {
    server 127.0.0.1:9001; # Docker‑mapped console port
}

# HTTP → HTTPS redirect
server {
    listen 80;
    server_name console.yourdomain.com;
    return 301 https://$host$request_uri;
}

# HTTPS server
server {
    listen 443 ssl;
    server_name console.yourdomain.com;

    ssl_certificate /path/to/console/fullchain.pem;
    ssl_certificate_key /path/to/console/privkey.pem;
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:!MD5;
    ssl_prefer_server_ciphers on;

    proxy_cache_convert_head off;

    location / {
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Forwarded-Port $server_port;
        proxy_connect_timeout 300;
        proxy_http_version 1.1;
        proxy_set_header Connection "";
        proxy_pass http://rustfs_console;
    }
}

After editing, test and reload Nginx:

nginx -t && nginx -s reload

Validate Deployment

Open https://console.yourdomain.com and log in with the configured credentials.

Test S3 API with MinIO client:

mc alias set rustfs https://s3.yourdomain.com rustfsadmin your_strong_password
mc mb rustfs/test-bucket
mc ls rustfs

Check container status and health endpoints:

docker ps | grep rustfs
curl http://localhost:9000/health
curl http://localhost:9001/health

Production Recommendations

Security : replace default credentials with strong passwords, restrict CORS origins, allow only Nginx to reach container ports, enable TLS 1.3 with modern cipher suites.

Performance : use SSD/NVMe, allocate sufficient CPU/memory, avoid NFS as backend storage.

Operations : configure log rotation, schedule regular backups, set up monitoring and alerts, use firewall rules to limit access.

Who Should Use RustFS + Docker?

Backend developers needing a fast, testable storage service without waiting for ops.

Small teams or solo developers lacking dedicated ops staff.

Operations engineers who want a reproducible, one‑click deployment.

Data‑management scenarios requiring high‑concurrency or large‑file handling (logs, backups, media).

In summary, Docker solves the environment‑dependency problem while RustFS provides the performance backbone, making this combination a practical solution for anyone facing storage‑related pain points.