add tls configuration guidance (#33)

Author: majinghe

docs/en/guide/configured/index.md

@@ -0,0 +1,10 @@
+---
+title: "RustFS configuration guidance"
+description: "Improving RustFS Security and Efficiency through Configuration"
+---
+
+# RustFS configuration overview
+
+This section outlines the configuration guide for RustFS instances, enabling more efficient and secure operation.
+
+- [TLS configuration](./tls-configured.md)

docs/en/guide/configured/tls-configured.md

@@ -0,0 +1,61 @@
+---
+title: "RustFS TLS Configuration Guide"
+description: "Configure TLS for RustFS instances to access RustFS via HTTPS, ensuring secure file storage and access."
+---
+
+# RustFS TLS Configuration
+
+RustFS supports [configuring TLS](../../installation/security-checklists.md#2-network-transport-encryption-tlsssl) to enable more secure access and usage of RustFS instances. You need to specify the certificate path required for TLS using the environment variable `RUSTFS_TLS_PATH`.
+
+## Configuration
+
+### Prerequisites
+
+- A working RustFS instance (see the [installation guide](../../en/installation/index.md) for details)
+- An available certificate pair (including the certificate file and the private key file)
+
+**Note**: The certificate pair must be named `rustfs_cert.pem` and `rustfs_key.pem`, and placed in the specified certificate path.
+
+### Configuration Steps
+
+* Linux Installation
+
+1. Edit the RustFS instance configuration file (the default file is `/etc/default/rustfs`) and add the `RUSTFS_TLS_PATH` environment variable.
+
+    ```bash
+    # Edit the RustFS instance configuration file
+    sudo vi /etc/default/rustfs
+
+    # Add the RUSTFS_TLS_PATH environment variable
+    RUSTFS_TLS_PATH="/opt/tls"
+    ```
+
+**Note**: You can specify any path for `RUSTFS_TLS_PATH`, but it must contain both `rustfs_cert.pem` and `rustfs_key.pem`.
+
+2. Restart the RustFS instance to apply the configuration.
+
+    ```bash
+    systemctl restart rustfs
+    ```
+
+Access the instance via `https://rustfs.example.com:9000`.
+
+
+* Docker Installation
+
+1. Mount the certificate path using the `-v` parameter and specify the `RUSTFS_TLS_PATH` environment variable using the `-e` parameter.
+
+    ```bash
+        docker pull rustfs/rustfs:latest
+        docker run -d \
+        --name rustfs \
+        -e RUSTFS_TLS_PATH="/opt/tls/"
+        -v /opt/tls:/opt/tls \
+        -p 9000:9000 \
+        -v /data:/data \
+        rustfs/rustfs:latest
+    ```
+
+2. Restart the RustFS instance container, then access the instance via `https://rustfs.example.com:9000`.
+
+**Note**: Since the RustFS instance container runs as the `rustfs` user by default, make sure the certificate files (`rustfs_key.pem` and `rustfs_cert.pem`) are owned by `rustfs`. Otherwise, the RustFS instance will fail to read the certificate files due to permission issues, causing the TLS configuration to fail.

docs/en/installation/docker.md

@@ -171,7 +171,7 @@ docker run -d \
 
 3. Environment variables and command line parameters can be used in a mixed manner, but command line parameters have higher priority
 
-4. If using TLS, additional certificate paths are required:
+4. If [using TLS](../guide/configured/tls-configured.md), additional certificate paths are required:
    ```bash
    -v /path/to/certs:/certs \
    -e RUSTFS_TLS_PATH=/certs \
@@ -206,7 +206,7 @@ docker run -d \
 1. Production environment recommendations:
 
 - Use multi-node deployment architecture
-* Enable TLS encrypted communication
+* [Enable TLS encrypted communication](../guide/configured/tls-configured.md)
 * Configure log rotation policies
 * Set up regular backup strategies
 

docs/en/sidebar.ts

@@ -94,6 +94,13 @@ export const enSidebar = [
           { text: 'Docker Installation', link: '/installation/docker' },
         ]
       },
+      {
+        text: 'Configuration Guides',
+        link: '/guide/configured',
+        items: [
+          { text: 'TLS configuration', link: '/guide/configured/tls-configured' },
+        ]
+      },
     ]
   },
   {
@@ -105,7 +112,7 @@ export const enSidebar = [
       { text: 'Object Management', link: '/guide/bucket/object-upload-and-delete' },
       { text: 'Access Keys', link: '/guide/access-token' },
       { text: 'MinIO Client (mc)', link: '/guide/mc' },
-      { text: 'MCP', link: '/guide/mcp' },
+      { text: 'MCP Server', link: '/guide/mcp' },
     ]
   },
   {

docs/zh/guide/configured/index.md

@@ -0,0 +1,10 @@
+---
+title: "RustFS 配置指南"
+description: "通过配置提升 RustFS 的安全性和高效性."
+---
+
+# RustFS 配置概览
+
+本章节分享 RustFS 实例的配置指南，以更高效、安全的方式运行 RustFS 实例。
+
+- [TLS 配置](./tls-configured.md)

docs/zh/guide/configured/tls-configured.md

@@ -0,0 +1,61 @@
+---
+title: "RustFS TLS 配置指南"
+description: "为 RustFS 实例配置 TLS,通过 HTTPS 访问 RustFS,实现安全的文件存储和访问."
+---
+
+# RustFS TLS 配置
+
+RustFS 支持通过[配置 TLS](../../../zh/installation/security-checklists.md#2-网络传输加密tlsssl)来以更加安全的方式访问和使用 RustFS 实例。需要通过环境变量 `RUSTFS_TLS_PATH` 指定 TLS 所需证书路径。
+
+## 配置
+
+### 前提条件
+
+- 一个可用的 RustFS 实例（安装详情可查看[安装指南](../../../zh/installation/index.md)）
+- 可用的证书对（包含证书文件和私钥文件）
+
+**注意**：证书对的名称必须为 `rustfs_cert.pem` 和 `rustfs_key.pem`，并放置在指定的证书路径中。
+
+### 配置步骤
+
+* Linux 安装
+
+1.  编辑 RustFS 实例的配置文件（默认文件为 `/etc/default/rustfs`），添加 `RUSTFS_TLS_PATH` 环境变量。
+
+    ```bash
+    # 编辑 RustFS 实例的配置文件
+    sudo vi /etc/default/rustfs
+
+    # 添加 RUSTFS_TLS_PATH 环境变量
+    RUSTFS_TLS_PATH="/opt/tls"
+    ```
+
+**注意**：可以为 `RUSTFS_TLS_PATH` 指定任意路径，但是必须包含 `rustfs_cert.pem` 和 `rustfs_key.pem` 两个文件。
+
+2.  重启 RustFS 实例，使配置生效。
+
+    ```bash
+    systemctl restart rustfs
+    ```
+
+通过 `https://rustfs.example.com:9000` 访问实例。
+
+
+* Docker 安装
+
+1. 通过 `-v` 参数挂载证书路径，并通过 `-e` 参数指定 `RUSTFS_TLS_PATH` 环境变量。
+
+    ```bash
+        docker pull rustfs/rustfs:latest
+        docker run -d \
+        --name rustfs \
+        -e RUSTFS_TLS_PATH="/opt/tls/"
+        -v /opt/tls:/opt/tls \
+        -p 9000:9000 \
+        -v /data:/data \
+        rustfs/rustfs:latest
+    ```
+
+1. 重启 RustFS 实例容器，然后通过 `https://rustfs.example.com:9000` 访问实例。
+
+**注意**：由于 RustFS 实例容器默认以 `rustfs` 用户运行，因此需要确保证书文件（`rustfs_key.pem` 和 `rustfs_cert.pem`）的用户为 `rustfs`，否则会出现 RustFS 实例因为权限问题而无法读取证书文件，导致 TLS 配置失败。

docs/zh/installation/docker.md

@@ -172,7 +172,7 @@ docker run -d \
 
 3. 环境变量和命令行参数可以混合使用，但命令行参数优先级更高
 
-4. 如果使用 TLS，需要额外挂载证书路径：
+4. 如果[使用 TLS](../guide/configured/tls-configured.md)，需要额外挂载证书路径：
    ```bash
    -v /path/to/certs:/certs \
    -e RUSTFS_TLS_PATH=/certs \
@@ -205,7 +205,7 @@ docker run -d \
 
 1. 生产环境建议：
 - 使用多节点部署架构
-- 启用 TLS 加密通信
+- [启用 TLS 加密通信](../guide/configured/tls-configured.md)
 - 配置日志轮转策略
 - 设置定期备份策略
 

docs/zh/sidebar.ts

@@ -85,14 +85,23 @@ export const zhSidebar = [
       },
       {
         text: '安装指南',
-        link: '/zh/installation/linux',
+        link: '/zh/installation/index',
         items: [
           { text: 'Linux 安装', link: '/zh/installation/linux' },
           { text: 'macOS 安装', link: '/zh/installation/macos/' },
           { text: 'Windows 安装', link: '/zh/installation/windows/' },
           { text: 'Docker 安装', link: '/zh/installation/docker' },
         ]
       },
+      {
+        text: '配置指南',
+        link: '/zh/guide/configured',
+        collapsed: true,
+        home: true,
+        items: [
+          { text: 'TLS 配置', link: '/zh/guide/configured/tls-configured' },
+        ]
+      }
     ]
   },
     {
@@ -104,7 +113,7 @@ export const zhSidebar = [
       { text: '对象管理', link: '/zh/guide/bucket/object-upload-and-delete' },
       { text: '访问密钥管理', link: '/zh/guide/access-token' },
       { text: 'mc（MinIO Client） 使用', link: '/zh/guide/mc' },
-      { text: 'MCP', link: '/zh/guide/mcp' },
+      { text: 'MCP 使用指南', link: '/zh/guide/mcp' },
     ]
   },
   {