vault-wrap: Добавлена рабочая конфигурация traefik

2024-07-10 12:55:19 +03:00 · 2024-07-10 12:55:19 +03:00 · e1a9944082
commit e1a9944082
parent 6004e090e5
7 changed files with 120 additions and 19 deletions
--- a/2
+++ b/2
@ -4,8 +4,10 @@ RUN apk --no-cache add gcc g++ make git
 WORKDIR /go/src/app

 COPY . .
+
 RUN go get ./...
 RUN GOOS=linux go build -ldflags="-s -w" -o ./bin/vault-wrap ./vault.go
+
 FROM alpine:3.20
 RUN apk add tzdata
 #RUN apk --no-cache add ca-certificates
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -7,6 +7,7 @@ services:
    environment:
      - ACTION_ADDRESS=${ACTION_ADDRESS}
      - VAULT_ADDRESS=${VAULT_ADDRESS}
+      - LISTEN_PORT=443
      - TLS_KEY_FILE=${TLS_KEY_FILE}
      - TLS_CERT_FILE=${TLS_CERT_FILE}
      - TZ=Europe/Moscow
@ -22,6 +23,42 @@ services:
        max-size: "10m"
        max-file: "5"

+  traefik:
+    image: traefik:v3.0
+    command:
+#      - --entrypoints.web.address=:80
+#      - --entrypoints.web-secure.address=:443
+#      - --providers.docker=true
+      - --providers.file.directory=/configuration/
+      - --providers.file.watch=true
+    volumes:
+      - ./configuration/:/configuration/
+      - ./traefik.yml:/traefik.yml:ro
+      - /var/run/docker.sock:/var/run/docker.sock:ro
+      - ./ssl/:/ssl/:ro
+    ports:
+      - 80:80
+      - 8080:8080
+      - 888:888
+      - 443:443
+    restart: always
+    networks:
+      - default
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.traefik.entrypoints=https"
+      - "traefik.http.routers.traefik.rule=Host(`runner1-prod.corp.samsonopt.ru`)"
+      - "traefik.http.routers.traefik.tls=true"
+#      - "traefik.http.routers.traefik.tls.certresolver=letsEncrypt"
+      - "traefik.http.routers.traefik.service=api@internal"
+      - "traefik.http.services.traefik-traefik.loadbalancer.server.port=888"
+
+networks:
+  default:
+    name: reverse-proxy
+    external: true
+
+
 volumes:
  vault-wrap-log:
  vault-wrap-conf:
--- a/entrypoint.sh
+++ b/entrypoint.sh
@ -2,7 +2,7 @@
 set -u

 while true ;do
-    /go/bin/vault-wrap -action-address "${ACTION_ADDRESS}" -vault-url "${VAULT_ADDRESS}" -tls-cert "/usr/local/share/vault-wrap/${TLS_CERT_FILE}" -tls-key "/usr/local/share/vault-wrap/${TLS_KEY_FILE}" -template-dir /usr/local/share/vault-wrap -log-file /var/log/vault-wrap/vault-wrap.log
+    /go/binv/ault-wrap -action-address "${ACTION_ADDRESS}" -vault-url "${VAULT_ADDRESS}" -tls-cert "/usr/local/share/vault-wrap/${TLS_CERT_FILE}" -tls-key "/usr/local/share/vault-wrap/${TLS_KEY_FILE}" -template-dir /usr/local/share/vault-wrap -log-file /var/log/vault-wrap/vault-wrap.log -listen-port "${LISTEN_PORT}"

    sleep 120
 done
--- a/html-template/index.html
+++ b/html-template/index.html
@ -4,26 +4,29 @@
        <meta charset="utf-8">
        <meta name="viewport" content="width=device-width, initial-scale=1.0">
        <title>Data Unwrap Form</title>
-        <!-- <link rel="stylesheet" href="css/normalize.css">
-            <link href="https://fonts.googleapis.com/css?family=Lato:300,400,700" rel="stylesheet">
-            <link rel="stylesheet" href="css/main.css"> -->
-    </head>
+        </head>
    <body>
    <table>
      <tr><td>
-      <a href={{.URL}}/unwrap>Расшифровать</a> |
-      <a href={{.URL}}/genpassword>Сгенерировать пароль</a>
+      <!-- <a href={{.URL}}/unwrap>Расшифровать</a> |
+      <a href={{.URL}}/genpassword>Сгенерировать пароль</a>-->
      <tr><td><p></p></td></tr>
      <tr><td>
-      <form method="post" action="{{.URL}}/unwrap">
+      <form method="post">
      <table>
          <tr><td>
              <textarea id="wrapped_token" name="input_token" cols=50 rows=10>{{ .TEXT }}</textarea>
          </td></tr>
          <tr><td align=right>
-              <button type="submit">Расшифровать</button>
+              <button type="submit" formaction="{{.URL}}/unwrap">Расшифровать</button>
+          <tr><td><hr></td></tr>
          </td></tr>
-      </form>
+          <tr><td align=right>
+              Длина пароля (от 15 до 1024)
+              <input type="text" name="passlength"/ size=4 pattern="[0-9]{2,4}">
+              <button type="submit" formaction="{{.URL}}/genpassword">Сгенерировать пароль</button>
+          </td></tr>
+          </form>
      </td></tr>
      <tr><td>
      </td></tr>
--- a/traefik-files/certificates.yaml
+++ b/traefik-files/certificates.yaml
@ -0,0 +1,12 @@
+# Dynamic configuration
+# in configuration/certificates.yaml
+tls:
+  certificates:
+    # first certificate
+    - certFile: /ssl/runner1-prod.corp.samsonopt.ru.crt
+      keyFile: /ssl/runner1-prod.corp.samsonopt.ru.key
+
+    # second certificate
+    #- certFile: /path/to/other.cert
+    #  keyFile: /path/to/other.key
+
--- a/traefik-files/traefik.yml
+++ b/traefik-files/traefik.yml
@ -0,0 +1,30 @@
+api:
+  dashboard: true
+  insecure: true
+
+accessLog: {}
+
+log:
+  level: INFO
+
+entryPoints:
+  http:
+    address: ":80"
+  https:
+    address: ":443"
+  dashboard:
+    address: ":888"
+
+http:
+  routers:
+    host:
+      entryPoints:
+      - http
+      rule: Host(`corp.samsonopt.ru`)
+
+providers:
+  docker:
+    endpoint: "unix:///var/run/docker.sock"
+    exposedByDefault: false
+  file:
+    filename: /configuration/certificates.yaml
--- a/vault.go
+++ b/vault.go
@ -195,24 +195,38 @@ func getDataFromHtmlForm(w http.ResponseWriter, r *http.Request) {
 }

 func genPassword(w http.ResponseWriter, r *http.Request) {
-	params := mux.Vars(r)
-	passLength := params["passLength"]
+	// params := mux.Vars(r)
+	// passLength := params["passLength"]
+
+    r.ParseForm()
+    passLength := r.FormValue("passlength")
+    if Debug {
+	    log.Printf(r.FormValue("passlength"), passLength)
+    }
+    if len(passLength) == 0 {
+        passLength = "32"
+    }
 	// w.Write([]byte("Длина пароля " + passLength + "/n"))
 	passwordLength, err := strconv.Atoi(passLength)
 	if passwordLength > 1024 {
 		log.Printf("Oversized password length")
-		w.Write([]byte("Oversized password length"))
+		Data = "Превышена длина пароля"
+        getStaticPage(w, r)
 		return
 	}
 	if err != nil {
-		log.Fatal(err)
+		log.Println(err)
 	}
 	res, err := password.Generate(passwordLength, 10, 5, false, true)
 	if err != nil {
-		log.Fatal(err)
+		log.Println(err)
 	}
-	log.Printf(res)
-	w.Write([]byte(res))
+    if Debug {
+	    log.Printf(res)
+    }
+    Data = res
+	// w.Write([]byte(res))
+    	getStaticPage(w, r)
 }

 func genPasswordDefault(w http.ResponseWriter, r *http.Request) {
@ -221,7 +235,10 @@ func genPasswordDefault(w http.ResponseWriter, r *http.Request) {
 		log.Fatal(err)
 	}
 	log.Printf(res)
-	w.Write([]byte(res))
+	// w.Write([]byte(res))
+    Data = res
+	// w.Write([]byte(res))
+    	getStaticPage(w, r)
 }

 func main() {
@ -270,7 +287,7 @@ func main() {
    rtr := mux.NewRouter()
    rtr.HandleFunc("/unwrap", getDataFromHtmlForm)
    rtr.HandleFunc("/genpassword/{passLength:[0-9]+}", genPassword)
-    rtr.HandleFunc("/genpassword", genPasswordDefault)
+    rtr.HandleFunc("/genpassword", genPassword)
    
    rtr.HandleFunc("/", getDataFromHtmlForm)
    rtr.PathPrefix("/").Handler(http.FileServer(http.Dir("./static")))