-
-
Notifications
You must be signed in to change notification settings - Fork 0
Docker
Refringe edited this page Mar 8, 2026
·
1 revision
Anchor LFS ships with a multi-stage Dockerfile and a Docker Compose file for easy container deployment.
The simplest way to run Anchor LFS in Docker:
# Copy and edit the configuration
cp config.toml.example config.toml
# Edit config.toml with your endpoints...
# Start the container
docker compose up -dservices:
anchor-lfs:
build: .
ports:
- "5420:5420"
volumes:
- ./data:/app/data
- ./config.toml:/app/config.toml:ro
environment:
- ANCHOR_LFS_LISTEN=:5420
restart: unless-stopped-
Config file is mounted read-only (
:ro) at/app/config.toml -
Data directory is mounted at
/app/datafor persistent storage (objects, locks, signing key) - The container runs as a non-root
anchoruser - The container automatically restarts unless explicitly stopped
| Command | Description |
|---|---|
make docker-build |
Build the Docker image |
make docker-up |
Start containers in the background |
make docker-down |
Stop and remove containers |
make docker-logs |
Tail container logs |
docker build \
--build-arg VERSION=$(git describe --tags --always) \
--build-arg COMMIT=$(git rev-parse --short HEAD) \
--build-arg DATE=$(date -u '+%Y-%m-%dT%H:%M:%SZ') \
-t anchor-lfs .docker run -d \
--name anchor-lfs \
-p 5420:5420 \
-v $(pwd)/data:/app/data \
-v $(pwd)/config.toml:/app/config.toml:ro \
--restart unless-stopped \
anchor-lfsWhen using S3 storage, you don't need the data volume for objects (but still need it for locks and the signing key):
services:
anchor-lfs:
build: .
ports:
- "5420:5420"
volumes:
- ./data:/app/data
- ./config.toml:/app/config.toml:ro
environment:
- ANCHOR_LFS_STORAGE_BACKEND=s3
- ANCHOR_LFS_S3_BUCKET=my-lfs-bucket
- ANCHOR_LFS_S3_REGION=us-east-1
- ANCHOR_LFS_S3_ACCESS_KEY_ID=${S3_ACCESS_KEY_ID}
- ANCHOR_LFS_S3_SECRET_ACCESS_KEY=${S3_SECRET_ACCESS_KEY}
restart: unless-stoppedStore credentials in a .env file alongside your docker-compose.yml:
S3_ACCESS_KEY_ID=your-access-key
S3_SECRET_ACCESS_KEY=your-secret-keySee the Reverse Proxy page for examples of running Anchor LFS behind Nginx or Caddy using Docker Compose.
The Dockerfile uses a two-stage build:
-
Build stage (
golang:1.26-alpine): Downloads dependencies, compiles a static binary withCGO_ENABLED=0 -
Runtime stage (
alpine:3.21): Minimal image with just the binary, running as a non-rootanchoruser
The final image is small and contains only the compiled binary and the Alpine base.
The /app/data directory inside the container holds:
| Path | Description |
|---|---|
/app/data/<endpoint>/ |
LFS objects (local storage backend only) |
/app/data/locks/<endpoint>/ |
File lock state (JSON) |
/app/data/signing.key |
Auto-generated HMAC signing key |
Always mount this as a volume to persist data across container restarts.
- Configuration: Full configuration reference
- Reverse Proxy: Proxy setup with Docker Compose
- Storage Backends: Local vs. S3 storage