vault-wrap: Добавлена рабочая конфигурация traefik
This commit is contained in:
parent
6004e090e5
commit
e1a9944082
|
@ -4,8 +4,10 @@ RUN apk --no-cache add gcc g++ make git
|
|||
WORKDIR /go/src/app
|
||||
|
||||
COPY . .
|
||||
|
||||
RUN go get ./...
|
||||
RUN GOOS=linux go build -ldflags="-s -w" -o ./bin/vault-wrap ./vault.go
|
||||
|
||||
FROM alpine:3.20
|
||||
RUN apk add tzdata
|
||||
#RUN apk --no-cache add ca-certificates
|
||||
|
|
|
@ -7,6 +7,7 @@ services:
|
|||
environment:
|
||||
- ACTION_ADDRESS=${ACTION_ADDRESS}
|
||||
- VAULT_ADDRESS=${VAULT_ADDRESS}
|
||||
- LISTEN_PORT=443
|
||||
- TLS_KEY_FILE=${TLS_KEY_FILE}
|
||||
- TLS_CERT_FILE=${TLS_CERT_FILE}
|
||||
- TZ=Europe/Moscow
|
||||
|
@ -22,6 +23,42 @@ services:
|
|||
max-size: "10m"
|
||||
max-file: "5"
|
||||
|
||||
traefik:
|
||||
image: traefik:v3.0
|
||||
command:
|
||||
# - --entrypoints.web.address=:80
|
||||
# - --entrypoints.web-secure.address=:443
|
||||
# - --providers.docker=true
|
||||
- --providers.file.directory=/configuration/
|
||||
- --providers.file.watch=true
|
||||
volumes:
|
||||
- ./configuration/:/configuration/
|
||||
- ./traefik.yml:/traefik.yml:ro
|
||||
- /var/run/docker.sock:/var/run/docker.sock:ro
|
||||
- ./ssl/:/ssl/:ro
|
||||
ports:
|
||||
- 80:80
|
||||
- 8080:8080
|
||||
- 888:888
|
||||
- 443:443
|
||||
restart: always
|
||||
networks:
|
||||
- default
|
||||
labels:
|
||||
- "traefik.enable=true"
|
||||
- "traefik.http.routers.traefik.entrypoints=https"
|
||||
- "traefik.http.routers.traefik.rule=Host(`runner1-prod.corp.samsonopt.ru`)"
|
||||
- "traefik.http.routers.traefik.tls=true"
|
||||
# - "traefik.http.routers.traefik.tls.certresolver=letsEncrypt"
|
||||
- "traefik.http.routers.traefik.service=api@internal"
|
||||
- "traefik.http.services.traefik-traefik.loadbalancer.server.port=888"
|
||||
|
||||
networks:
|
||||
default:
|
||||
name: reverse-proxy
|
||||
external: true
|
||||
|
||||
|
||||
volumes:
|
||||
vault-wrap-log:
|
||||
vault-wrap-conf:
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
set -u
|
||||
|
||||
while true ;do
|
||||
/go/bin/vault-wrap -action-address "${ACTION_ADDRESS}" -vault-url "${VAULT_ADDRESS}" -tls-cert "/usr/local/share/vault-wrap/${TLS_CERT_FILE}" -tls-key "/usr/local/share/vault-wrap/${TLS_KEY_FILE}" -template-dir /usr/local/share/vault-wrap -log-file /var/log/vault-wrap/vault-wrap.log
|
||||
/go/binv/ault-wrap -action-address "${ACTION_ADDRESS}" -vault-url "${VAULT_ADDRESS}" -tls-cert "/usr/local/share/vault-wrap/${TLS_CERT_FILE}" -tls-key "/usr/local/share/vault-wrap/${TLS_KEY_FILE}" -template-dir /usr/local/share/vault-wrap -log-file /var/log/vault-wrap/vault-wrap.log -listen-port "${LISTEN_PORT}"
|
||||
|
||||
sleep 120
|
||||
done
|
||||
|
|
|
@ -4,24 +4,27 @@
|
|||
<meta charset="utf-8">
|
||||
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
||||
<title>Data Unwrap Form</title>
|
||||
<!-- <link rel="stylesheet" href="css/normalize.css">
|
||||
<link href="https://fonts.googleapis.com/css?family=Lato:300,400,700" rel="stylesheet">
|
||||
<link rel="stylesheet" href="css/main.css"> -->
|
||||
</head>
|
||||
<body>
|
||||
<table>
|
||||
<tr><td>
|
||||
<a href={{.URL}}/unwrap>Расшифровать</a> |
|
||||
<a href={{.URL}}/genpassword>Сгенерировать пароль</a>
|
||||
<!-- <a href={{.URL}}/unwrap>Расшифровать</a> |
|
||||
<a href={{.URL}}/genpassword>Сгенерировать пароль</a>-->
|
||||
<tr><td><p></p></td></tr>
|
||||
<tr><td>
|
||||
<form method="post" action="{{.URL}}/unwrap">
|
||||
<form method="post">
|
||||
<table>
|
||||
<tr><td>
|
||||
<textarea id="wrapped_token" name="input_token" cols=50 rows=10>{{ .TEXT }}</textarea>
|
||||
</td></tr>
|
||||
<tr><td align=right>
|
||||
<button type="submit">Расшифровать</button>
|
||||
<button type="submit" formaction="{{.URL}}/unwrap">Расшифровать</button>
|
||||
<tr><td><hr></td></tr>
|
||||
</td></tr>
|
||||
<tr><td align=right>
|
||||
Длина пароля (от 15 до 1024)
|
||||
<input type="text" name="passlength"/ size=4 pattern="[0-9]{2,4}">
|
||||
<button type="submit" formaction="{{.URL}}/genpassword">Сгенерировать пароль</button>
|
||||
</td></tr>
|
||||
</form>
|
||||
</td></tr>
|
||||
|
|
12
traefik-files/certificates.yaml
Normal file
12
traefik-files/certificates.yaml
Normal file
|
@ -0,0 +1,12 @@
|
|||
# Dynamic configuration
|
||||
# in configuration/certificates.yaml
|
||||
tls:
|
||||
certificates:
|
||||
# first certificate
|
||||
- certFile: /ssl/runner1-prod.corp.samsonopt.ru.crt
|
||||
keyFile: /ssl/runner1-prod.corp.samsonopt.ru.key
|
||||
|
||||
# second certificate
|
||||
#- certFile: /path/to/other.cert
|
||||
# keyFile: /path/to/other.key
|
||||
|
30
traefik-files/traefik.yml
Normal file
30
traefik-files/traefik.yml
Normal file
|
@ -0,0 +1,30 @@
|
|||
api:
|
||||
dashboard: true
|
||||
insecure: true
|
||||
|
||||
accessLog: {}
|
||||
|
||||
log:
|
||||
level: INFO
|
||||
|
||||
entryPoints:
|
||||
http:
|
||||
address: ":80"
|
||||
https:
|
||||
address: ":443"
|
||||
dashboard:
|
||||
address: ":888"
|
||||
|
||||
http:
|
||||
routers:
|
||||
host:
|
||||
entryPoints:
|
||||
- http
|
||||
rule: Host(`corp.samsonopt.ru`)
|
||||
|
||||
providers:
|
||||
docker:
|
||||
endpoint: "unix:///var/run/docker.sock"
|
||||
exposedByDefault: false
|
||||
file:
|
||||
filename: /configuration/certificates.yaml
|
33
vault.go
33
vault.go
|
@ -195,24 +195,38 @@ func getDataFromHtmlForm(w http.ResponseWriter, r *http.Request) {
|
|||
}
|
||||
|
||||
func genPassword(w http.ResponseWriter, r *http.Request) {
|
||||
params := mux.Vars(r)
|
||||
passLength := params["passLength"]
|
||||
// params := mux.Vars(r)
|
||||
// passLength := params["passLength"]
|
||||
|
||||
r.ParseForm()
|
||||
passLength := r.FormValue("passlength")
|
||||
if Debug {
|
||||
log.Printf(r.FormValue("passlength"), passLength)
|
||||
}
|
||||
if len(passLength) == 0 {
|
||||
passLength = "32"
|
||||
}
|
||||
// w.Write([]byte("Длина пароля " + passLength + "/n"))
|
||||
passwordLength, err := strconv.Atoi(passLength)
|
||||
if passwordLength > 1024 {
|
||||
log.Printf("Oversized password length")
|
||||
w.Write([]byte("Oversized password length"))
|
||||
Data = "Превышена длина пароля"
|
||||
getStaticPage(w, r)
|
||||
return
|
||||
}
|
||||
if err != nil {
|
||||
log.Fatal(err)
|
||||
log.Println(err)
|
||||
}
|
||||
res, err := password.Generate(passwordLength, 10, 5, false, true)
|
||||
if err != nil {
|
||||
log.Fatal(err)
|
||||
log.Println(err)
|
||||
}
|
||||
if Debug {
|
||||
log.Printf(res)
|
||||
w.Write([]byte(res))
|
||||
}
|
||||
Data = res
|
||||
// w.Write([]byte(res))
|
||||
getStaticPage(w, r)
|
||||
}
|
||||
|
||||
func genPasswordDefault(w http.ResponseWriter, r *http.Request) {
|
||||
|
@ -221,7 +235,10 @@ func genPasswordDefault(w http.ResponseWriter, r *http.Request) {
|
|||
log.Fatal(err)
|
||||
}
|
||||
log.Printf(res)
|
||||
w.Write([]byte(res))
|
||||
// w.Write([]byte(res))
|
||||
Data = res
|
||||
// w.Write([]byte(res))
|
||||
getStaticPage(w, r)
|
||||
}
|
||||
|
||||
func main() {
|
||||
|
@ -270,7 +287,7 @@ func main() {
|
|||
rtr := mux.NewRouter()
|
||||
rtr.HandleFunc("/unwrap", getDataFromHtmlForm)
|
||||
rtr.HandleFunc("/genpassword/{passLength:[0-9]+}", genPassword)
|
||||
rtr.HandleFunc("/genpassword", genPasswordDefault)
|
||||
rtr.HandleFunc("/genpassword", genPassword)
|
||||
|
||||
rtr.HandleFunc("/", getDataFromHtmlForm)
|
||||
rtr.PathPrefix("/").Handler(http.FileServer(http.Dir("./static")))
|
||||
|
|
Loading…
Reference in New Issue
Block a user