TLS Configuration

Configure TLS for secure access.

Configure TLS for secure access. Set the RUSTFS_TLS_PATH environment variable.

Configuration

Prerequisites

Note: Certificates must be named rustfs_cert.pem and rustfs_key.pem and placed in the specified path.

Linux

  1. Edit the RustFS instance configuration file (default /etc/default/rustfs) and add the RUSTFS_TLS_PATH environment variable.

    # Edit RustFS instance configuration file
    sudo vi /etc/default/rustfs
    
    # Add RUSTFS_TLS_PATH environment variable
    RUSTFS_TLS_PATH="/opt/tls"

Note: You can specify any path for RUSTFS_TLS_PATH, but it must contain both rustfs_cert.pem and rustfs_key.pem.

  1. Restart the RustFS instance.

    systemctl restart rustfs

Access via https://rustfs.example.com:9001.

Docker

  1. Mount the certificate path via -v and specify RUSTFS_TLS_PATH via -e.

        docker pull rustfs/rustfs:latest
        docker run -d \
        --name rustfs \
        -e RUSTFS_TLS_PATH="/opt/tls/"
        -v /opt/tls:/opt/tls \
        -p 9000:9000 \
        -p 9001:9001 \
        -v /data:/data \
        rustfs/rustfs:latest
  2. Restart the RustFS instance container, then access the instance through https://rustfs.example.com:9001.

Note: Since the RustFS instance container runs as rustfs user by default, you need to ensure that the certificate files (rustfs_key.pem and rustfs_cert.pem) belong to the rustfs user, otherwise the RustFS instance will fail to read the certificate files due to permission issues, causing TLS configuration to fail.

On this page