SeaweedFS is an open-source, distributed object storage system with an S3-compatible API, a filer for POSIX-style hierarchical access, and a small footprint. This guide deploys SeaweedFS using Docker Compose with the master, volume, filer, S3, and admin services behind Traefik for automatic HTTPS on separate admin and S3 domains. By the end, you'll have SeaweedFS serving S3-compatible object storage securely at your domains.
Prerequisite: Two DNS A records pointing at the server —
storage.example.com(admin dashboard) ands3.storage.example.com(S3 API). AWS CLI installed on your local machine for testing.
Set Up the Directory Structure
1. Create the project directory:
$ mkdir seaweedfs && cd seaweedfs
2. Generate an access key and a secret key (run twice and save both):
$ openssl rand -hex 16
3. Create the environment file:
$ nano .env
STORAGE_DOMAIN=storage.example.com
LETSENCRYPT_EMAIL=your-email@example.com
ADMIN_PASSWORD=yourpassword
4. Create the S3 identities file:
$ nano s3-config.json
{
"identities": [
{
"name": "admin",
"credentials": [
{
"accessKey": "YOUR_ACCESS_KEY",
"secretKey": "YOUR_SECRET_KEY"
}
],
"actions": [
"Admin",
"Read",
"Write",
"List",
"Tagging"
]
}
]
}
Deploy with Docker Compose
1. Create the Compose manifest:
$ nano docker-compose.yml
services:
traefik:
image: traefik:v3.7.0
container_name: traefik
restart: unless-stopped
ports:
- "80:80"
- "443:443"
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- ./letsencrypt:/letsencrypt
command:
- --providers.docker=true
- --providers.docker.exposedByDefault=false
- --entrypoints.web.address=:80
- --entrypoints.websecure.address=:443
- --entrypoints.web.http.redirections.entrypoint.to=websecure
- --entrypoints.web.http.redirections.entrypoint.scheme=https
- --entrypoints.web.http.redirections.entrypoint.permanent=true
- --certificatesresolvers.letsencrypt.acme.email=${LETSENCRYPT_EMAIL}
- --certificatesresolvers.letsencrypt.acme.storage=/letsencrypt/acme.json
- --certificatesresolvers.letsencrypt.acme.httpchallenge=true
- --certificatesresolvers.letsencrypt.acme.httpchallenge.entrypoint=web
master:
image: chrislusf/seaweedfs:latest
container_name: seaweed-master
command: master -ip.bind=0.0.0.0 -port=9333
volumes:
- ./master-data:/data
restart: unless-stopped
volume:
image: chrislusf/seaweedfs:latest
container_name: seaweed-volume
command: volume -mserver=master:9333 -port=8080 -ip.bind=0.0.0.0
volumes:
- ./volume-data:/data
depends_on:
- master
restart: unless-stopped
filer:
image: chrislusf/seaweedfs:latest
container_name: seaweed-filer
command: filer -master=master:9333 -port=8888 -ip.bind=0.0.0.0
volumes:
- ./filer-data:/data
depends_on:
- master
- volume
restart: unless-stopped
s3:
image: chrislusf/seaweedfs:latest
container_name: seaweed-s3
command: s3 -filer=filer:8888 -port=8333 -ip.bind=0.0.0.0 -config=/etc/seaweedfs/s3.json
volumes:
- ./s3-config.json:/etc/seaweedfs/s3.json
depends_on:
- filer
restart: unless-stopped
labels:
- "traefik.enable=true"
- "traefik.http.routers.s3.rule=Host(`s3.${STORAGE_DOMAIN}`)"
- "traefik.http.routers.s3.entrypoints=websecure"
- "traefik.http.routers.s3.tls.certresolver=letsencrypt"
- "traefik.http.services.s3.loadbalancer.server.port=8333"
admin:
image: chrislusf/seaweedfs:latest
container_name: seaweed-admin
command: 'admin -masters="master:9333" -port=23646 -adminUser=admin -adminPassword=${ADMIN_PASSWORD} -dataDir=/data'
volumes:
- ./admin-data:/data
depends_on:
- master
restart: unless-stopped
labels:
- "traefik.enable=true"
- "traefik.http.routers.admin.rule=Host(`${STORAGE_DOMAIN}`)"
- "traefik.http.routers.admin.entrypoints=websecure"
- "traefik.http.routers.admin.tls.certresolver=letsencrypt"
- "traefik.http.services.admin.loadbalancer.server.port=23646"
2. Add your user to the Docker group and start the stack:
$ sudo usermod -aG docker $USER
$ newgrp docker
$ docker compose up -d
$ docker compose ps
Test the S3 API with AWS CLI
1. Configure a named profile:
$ aws configure --profile seaweedfs
Use the accessKey / secretKey from s3-config.json. Press Enter for region, then enter json for output.
2. Create a bucket and round-trip a file:
$ aws --endpoint-url https://s3.storage.example.com --profile seaweedfs s3 mb s3://test-bucket
$ echo "This is test content." | aws --endpoint-url https://s3.storage.example.com --profile seaweedfs s3 cp - s3://test-bucket/test.txt
$ aws --endpoint-url https://s3.storage.example.com --profile seaweedfs s3 cp s3://test-bucket/test.txt downloaded.txt
$ cat downloaded.txt
A printout of This is test content. confirms upload and download work end-to-end.
Browse the Admin Dashboard
Open https://storage.example.com and sign in with admin / ADMIN_PASSWORD. Use the Buckets tab to manage buckets and the Browser to inspect files.
Next Steps
SeaweedFS is running with a separate admin dashboard and S3 API behind HTTPS. From here you can:
- Add more
volumeservices for horizontal capacity scaling - Mount the filer over WebDAV or FUSE for traditional file access
- Enable replication strategies (e.g.
replication=001) for fault tolerance
For the full guide with additional tips, visit the original article on Vultr Docs.
Top comments (0)