self-hosted/dockerfiles
1
0
Fork 0
mirror of https://github.com/vimagick/dockerfiles.git synced 2025-03-21 21:17:05 +02:00
Code Issues Releases Activity

update

Browse Source
This commit is contained in:
kev 2015-07-18 16:24:47 +08:00
parent a5a5f8512f
commit c6d785bbfc
4 changed files with 16 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
vault/Dockerfile
View File

@ -17,10 +17,10 @@ RUN wget -O $VAULT_FILE $VAULT_URL \
&& chmod +x /usr/bin/vault \ && chmod +x /usr/bin/vault \
&& rm $VAULT_FILE && rm $VAULT_FILE
COPY vault.hcl /etc/ COPY vault /etc/vault
VOLUME /var/lib/vault VOLUME /var/lib/vault
EXPOSE 8200 EXPOSE 8200
CMD ["vault", "server", "-config", "/etc/vault.hcl"] CMD ["vault", "server", "-config", "/etc/vault/vault.hcl"]

11
vault/README.md
View File

@ -20,16 +20,23 @@ vault:
image: vimagick/vault image: vimagick/vault
ports: ports:
- "8200:8200" - "8200:8200"
volumes:
- vault/vault.crt:/etc/vault/vault.crt
- vault/vault.key:/etc/vault/vault.key
volumes_from: volumes_from:
- data - data
privileged: true privileged: true
restart: always restart: always
``` ```
> You can also mount customized `vault.hcl`.
## server ## server
``` ```
$ cd ~/fig/vault $ cd ~/fig/vault
$ mkdir vault
$ openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout vault/vault.key -out vault/vault.crt
$ docker-compose up -d $ docker-compose up -d
$ docker cp vault_vault_1:/usr/bin/vault /usr/local/bin/ $ docker cp vault_vault_1:/usr/bin/vault /usr/local/bin/
``` ```
@ -39,7 +46,7 @@ $ docker cp vault_vault_1:/usr/bin/vault /usr/local/bin/
``` ```
$ export VAULT_ADDR='https://127.0.0.1:8200' $ export VAULT_ADDR='https://127.0.0.1:8200'
$ vault status $ vault status
$ vault init | tee vault.key $ vault init | tee vault.secret
$ vault unseal $ vault unseal
$ vault auth $ vault auth
$ vault write secret/name key=value $ vault write secret/name key=value
@ -47,7 +54,7 @@ $ vault read secret/name
$ vault seal $ vault seal
``` ```
- Split `vault.key`, keep them a secret. - Split `vault.secret`, keep them a secret.
- Run `vault unseal` 3 times to unseal. - Run `vault unseal` 3 times to unseal.
- Use `key=@value` to read secret from file. - Use `key=@value` to read secret from file.

3
vault/docker-compose.yml
View File

@ -7,6 +7,9 @@ vault:
image: vimagick/vault image: vimagick/vault
ports: ports:
- "8200:8200" - "8200:8200"
volumes:
- vault/vault.crt:/etc/vault/vault.crt
- vault/vault.key:/etc/vault/vault.key
volumes_from: volumes_from:
- data - data
privileged: true privileged: true

2
vault/vault.hcl → vault/vault/vault.hcl
View File

@ -4,4 +4,6 @@ backend "file" {
listener "tcp" { listener "tcp" {
address = "0.0.0.0:8200" address = "0.0.0.0:8200"
tls_cert_file = "/etc/vault/vault.crt"
tls_key_file = "/etc/vault/vault.key"
} }