svk/vault-unwrap
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Добавлена поддержка wrap

Browse Source
This commit is contained in:
Калинин Сергей Валерьевич
2024-10-17 15:04:35 +03:00
parent ee921f6ae3
commit 897bb3de01
4 changed files with 159 additions and 28 deletions
Download Patch File Download Diff File Expand all files Collapse all files

49
docker-compose.yml
View File

@@ -8,10 +8,13 @@ services:
environment:
- ACTION_ADDRESS=${ACTION_ADDRESS:-https://secret.example.ru}
- VAULT_ADDRESS=${VAULT_ADDRESS}
- VAULT_TOKEN=${WRAP_TOKEN}
- LISTEN_PORT=8080
- TLS_KEY_FILE=${TLS_KEY_FILE}
- TLS_CERT_FILE=${TLS_CERT_FILE}
- TZ=Europe/Moscow
- MAX_TEXT_LENGTH=${MAX_TEXT_LENGTH:-100}
- TOKEN_TTL=${TOKEN_TTL:-3600}
restart: always
# ports:
# - 1234:8080
@@ -26,16 +29,48 @@ services:
max-size: "10m"
max-file: "5"
labels:
- "tra.enable=true"
- "tra.http.routers.secret.rule=Host(`secret.example.ru`)"
- "tra.http.services.secret.loadbalancer.server.port=8080"
- "tra.docker.network=reverse-proxy"
- "tra.http.routers.secret.tls=true"
- "tra.http.services.secret.loadbalancer.server.scheme=http"
- "traefik.enable=true"
- "traefik.http.routers.secret.rule=Host(`secret.example.ru`)"
- "traefik.http.services.secret.loadbalancer.server.port=8080"
- "traefik.docker.network=reverse-proxy"
- "traefik.http.routers.secret.tls=true"
- "traefik.http.services.secret.loadbalancer.server.scheme=http"
networks:
- default
- vault-wrap
traefik:
image: traefik:v3.0
container_name: traefik
command:
# - --entrypoints.web.address=:80
# - --entrypoints.web-secure.address=:443
# - --providers.docker=true
- --providers.file.directory=/configuration/
- --providers.file.watch=true
volumes:
- traefik-dynamic-conf:/configuration/
- /home/gitlab-runner/traefik/traefik.yml:/traefik.yml:ro
- /var/run/docker.sock:/var/run/docker.sock:ro
- traefik-ssl:/ssl/:ro
ports:
- 80:80
# - 8080:8080
- 888:888
- 443:443
restart: always
networks:
- default
labels:
- "traefik.enable=true"
- "traefik.http.routers.traefik.entrypoints=https"
- "traefik.http.routers.traefik.rule=Host(`somehost.example.ru`)"
- "traefik.http.routers.traefik.tls=true"
# - "traefik.http.routers.traefik.tls.certresolver=letsEncrypt"
- "traefik.http.routers.traefik.service=api@internal"
- "traefik.http.services.traefik.loadbalancer.server.port=888"
- "traefik.http.services.traefik.loadbalancer.server.scheme=https"
networks:
default:
name: reverse-proxy
@@ -46,3 +81,5 @@ networks:
volumes:
vault-wrap-log:
vault-wrap-conf:
traefik-dynamic-conf:
traefik-ssl: