Single Node Garage Setup

Download

Dowload the latest Garage release.

Copy the binary to /usr/local/bin/

Configuration

Create config file

cat > garage.toml <<EOF
metadata_dir = "/websites/example.in/meta"
data_dir = "/websites/example.in/data"
db_engine = "sled"

block_size = 1048576
replication_factor = 1

# RPC Configuration
# Use localhost for local access. In multinode setup, this is used to communicate with other nodes. Interface and public IP could be different, setup IP accordingly.
rpc_bind_addr = "127.0.0.1:3901"
rpc_public_addr = "127.0.0.1:3901"

rpc_secret = "$(openssl rand -hex 32)"

[s3_api]
s3_region = "in"
api_bind_addr = "[::]:3900"
root_domain = ".s3.example.in"

[s3_web]
bind_addr = "[::]:3902"
root_domain = ".web.example.in"
index = "index.html"

[admin]
api_bind_addr = "[::]:3903"
admin_token = "$(openssl rand -base64 32)"
metrics_token = "$(openssl rand -base64 32)"
EOF

systemd service

NOTE: System user and group is garage.

cat > /etc/systemd/system/garage.service <<EOF
[Unit]
Description=Garage S3-compatible object storage
After=network.target

[Service]
Type=simple
User=garage
Group=garage
ExecStart=/usr/local/bin/garage -c /etc/garage.toml server
Restart=always
RestartSec=10
LimitNOFILE=1048576

[Install]
WantedBy=multi-user.target
EOF

Start Service

systemctl daemon-reload
systemctl enable garage
systemctl start garage

Verify Service

systemctl status garage

Caddy Configuration


s3.example.in {
        tls /websites/example.in/example.in.crt /websites/example.in/example.in.key
        reverse_proxy 127.0.0.1:3900 {
                header_up Host {host}
                header_up X-Real-IP {remote_host}
                header_up X-Forwarded-For {remote_host}
                header_up X-Forwarded-Proto {scheme}
        }
}

*.web.example.in {
        tls /websites/example.in/example.in.crt /websites/example.in/example.in.key
        reverse_proxy 127.0.0.1:3902 {
                header_up Host {host}
                header_up X-Real-IP {remote_host}
                header_up X-Forwarded-For {remote_host}
                header_up X-Forwarded-Proto {scheme}
        }
}

NOTE: Get free SSL certificates from Let’s Encrypt. Use dns-challenge for wildcard domains.

Configure Garage

Run:

sudo -u garage garage status

Find the ID from the command.

sudo -u garage garage layout assign -z <ZONE_ID> -c <SIZE_IN_GB>G <NODE_ID>
sudo -u garage garage layout apply --version 1

For single node, ZONE_ID could be dc1.

Garage administration

User creation

sudo -u garage garage key create <USERNAME>

Bucket creation

sudo -u garage garage bucket create <BUCKET_NAME>

Set bucket policy

sudo -u garage garage bucket policy set <BUCKET_NAME> <POLICY_FILE>

Allow user to access bucket

sudo -u garage garage bucket allow --read --write --owner <BUCKET_NAME> --key <USERNAME>

Allow public read

sudo -u garage garage bucket website <BUCKET_NAME> --allow

Configure clients

rclone

$ cat ~/.config/rclone/rclone.conf
[example.in]
type = s3
provider = Other
access_key_id = _ACCESS_KEY_ID_
secret_access_key = _SECRET_ACCESS_KEY_
endpoint = https://s3.example.in
region = in
force_path_style = true

Other browsing tools