From e1a9944082b339a3550f75480ecf564ec22a61e3 Mon Sep 17 00:00:00 2001 From: svkalinin Date: Wed, 10 Jul 2024 12:55:19 +0300 Subject: [PATCH] =?UTF-8?q?vault-wrap:=20=D0=94=D0=BE=D0=B1=D0=B0=D0=B2?= =?UTF-8?q?=D0=BB=D0=B5=D0=BD=D0=B0=20=D1=80=D0=B0=D0=B1=D0=BE=D1=87=D0=B0?= =?UTF-8?q?=D1=8F=20=D0=BA=D0=BE=D0=BD=D1=84=D0=B8=D0=B3=D1=83=D1=80=D0=B0?= =?UTF-8?q?=D1=86=D0=B8=D1=8F=20traefik?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- Dockerfile | 2 ++ docker-compose.yml | 37 +++++++++++++++++++++++++++++++++ entrypoint.sh | 2 +- html-template/index.html | 21 +++++++++++-------- traefik-files/certificates.yaml | 12 +++++++++++ traefik-files/traefik.yml | 30 ++++++++++++++++++++++++++ vault.go | 35 +++++++++++++++++++++++-------- 7 files changed, 120 insertions(+), 19 deletions(-) create mode 100644 traefik-files/certificates.yaml create mode 100644 traefik-files/traefik.yml diff --git a/Dockerfile b/Dockerfile index a814719..87bb10a 100644 --- a/Dockerfile +++ b/Dockerfile @@ -4,8 +4,10 @@ RUN apk --no-cache add gcc g++ make git WORKDIR /go/src/app COPY . . + RUN go get ./... RUN GOOS=linux go build -ldflags="-s -w" -o ./bin/vault-wrap ./vault.go + FROM alpine:3.20 RUN apk add tzdata #RUN apk --no-cache add ca-certificates diff --git a/docker-compose.yml b/docker-compose.yml index 0d38d20..146fcea 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -7,6 +7,7 @@ services: environment: - ACTION_ADDRESS=${ACTION_ADDRESS} - VAULT_ADDRESS=${VAULT_ADDRESS} + - LISTEN_PORT=443 - TLS_KEY_FILE=${TLS_KEY_FILE} - TLS_CERT_FILE=${TLS_CERT_FILE} - TZ=Europe/Moscow @@ -22,6 +23,42 @@ services: max-size: "10m" max-file: "5" + traefik: + image: traefik:v3.0 + command: +# - --entrypoints.web.address=:80 +# - --entrypoints.web-secure.address=:443 +# - --providers.docker=true + - --providers.file.directory=/configuration/ + - --providers.file.watch=true + volumes: + - ./configuration/:/configuration/ + - ./traefik.yml:/traefik.yml:ro + - /var/run/docker.sock:/var/run/docker.sock:ro + - ./ssl/:/ssl/:ro + ports: + - 80:80 + - 8080:8080 + - 888:888 + - 443:443 + restart: always + networks: + - default + labels: + - "traefik.enable=true" + - "traefik.http.routers.traefik.entrypoints=https" + - "traefik.http.routers.traefik.rule=Host(`runner1-prod.corp.samsonopt.ru`)" + - "traefik.http.routers.traefik.tls=true" +# - "traefik.http.routers.traefik.tls.certresolver=letsEncrypt" + - "traefik.http.routers.traefik.service=api@internal" + - "traefik.http.services.traefik-traefik.loadbalancer.server.port=888" + +networks: + default: + name: reverse-proxy + external: true + + volumes: vault-wrap-log: vault-wrap-conf: diff --git a/entrypoint.sh b/entrypoint.sh index 2f0ae4f..099470f 100644 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -2,7 +2,7 @@ set -u while true ;do - /go/bin/vault-wrap -action-address "${ACTION_ADDRESS}" -vault-url "${VAULT_ADDRESS}" -tls-cert "/usr/local/share/vault-wrap/${TLS_CERT_FILE}" -tls-key "/usr/local/share/vault-wrap/${TLS_KEY_FILE}" -template-dir /usr/local/share/vault-wrap -log-file /var/log/vault-wrap/vault-wrap.log + /go/binv/ault-wrap -action-address "${ACTION_ADDRESS}" -vault-url "${VAULT_ADDRESS}" -tls-cert "/usr/local/share/vault-wrap/${TLS_CERT_FILE}" -tls-key "/usr/local/share/vault-wrap/${TLS_KEY_FILE}" -template-dir /usr/local/share/vault-wrap -log-file /var/log/vault-wrap/vault-wrap.log -listen-port "${LISTEN_PORT}" sleep 120 done diff --git a/html-template/index.html b/html-template/index.html index e4a773f..a777ff2 100644 --- a/html-template/index.html +++ b/html-template/index.html @@ -4,26 +4,29 @@ Data Unwrap Form - - +
- Расшифровать | - Сгенерировать пароль +

-
+ - + + diff --git a/traefik-files/certificates.yaml b/traefik-files/certificates.yaml new file mode 100644 index 0000000..f555e91 --- /dev/null +++ b/traefik-files/certificates.yaml @@ -0,0 +1,12 @@ +# Dynamic configuration +# in configuration/certificates.yaml +tls: + certificates: + # first certificate + - certFile: /ssl/runner1-prod.corp.samsonopt.ru.crt + keyFile: /ssl/runner1-prod.corp.samsonopt.ru.key + + # second certificate + #- certFile: /path/to/other.cert + # keyFile: /path/to/other.key + diff --git a/traefik-files/traefik.yml b/traefik-files/traefik.yml new file mode 100644 index 0000000..ca87039 --- /dev/null +++ b/traefik-files/traefik.yml @@ -0,0 +1,30 @@ +api: + dashboard: true + insecure: true + +accessLog: {} + +log: + level: INFO + +entryPoints: + http: + address: ":80" + https: + address: ":443" + dashboard: + address: ":888" + +http: + routers: + host: + entryPoints: + - http + rule: Host(`corp.samsonopt.ru`) + +providers: + docker: + endpoint: "unix:///var/run/docker.sock" + exposedByDefault: false + file: + filename: /configuration/certificates.yaml diff --git a/vault.go b/vault.go index cd69a71..a425972 100644 --- a/vault.go +++ b/vault.go @@ -195,24 +195,38 @@ func getDataFromHtmlForm(w http.ResponseWriter, r *http.Request) { } func genPassword(w http.ResponseWriter, r *http.Request) { - params := mux.Vars(r) - passLength := params["passLength"] + // params := mux.Vars(r) + // passLength := params["passLength"] + + r.ParseForm() + passLength := r.FormValue("passlength") + if Debug { + log.Printf(r.FormValue("passlength"), passLength) + } + if len(passLength) == 0 { + passLength = "32" + } // w.Write([]byte("Длина пароля " + passLength + "/n")) passwordLength, err := strconv.Atoi(passLength) if passwordLength > 1024 { log.Printf("Oversized password length") - w.Write([]byte("Oversized password length")) + Data = "Превышена длина пароля" + getStaticPage(w, r) return } if err != nil { - log.Fatal(err) + log.Println(err) } res, err := password.Generate(passwordLength, 10, 5, false, true) if err != nil { - log.Fatal(err) + log.Println(err) } - log.Printf(res) - w.Write([]byte(res)) + if Debug { + log.Printf(res) + } + Data = res + // w.Write([]byte(res)) + getStaticPage(w, r) } func genPasswordDefault(w http.ResponseWriter, r *http.Request) { @@ -221,7 +235,10 @@ func genPasswordDefault(w http.ResponseWriter, r *http.Request) { log.Fatal(err) } log.Printf(res) - w.Write([]byte(res)) + // w.Write([]byte(res)) + Data = res + // w.Write([]byte(res)) + getStaticPage(w, r) } func main() { @@ -270,7 +287,7 @@ func main() { rtr := mux.NewRouter() rtr.HandleFunc("/unwrap", getDataFromHtmlForm) rtr.HandleFunc("/genpassword/{passLength:[0-9]+}", genPassword) - rtr.HandleFunc("/genpassword", genPasswordDefault) + rtr.HandleFunc("/genpassword", genPassword) rtr.HandleFunc("/", getDataFromHtmlForm) rtr.PathPrefix("/").Handler(http.FileServer(http.Dir("./static")))
- + +

+ Длина пароля (от 15 до 1024) + + +