Переезд на другой сервер

.gitlab-ci.yml

@@ -1,95 +0,0 @@
-stages:
-  - build
-  - release
-  - deploy
-  
-variables:
-  DOCKER_DRIVER: overlay2
-  IMAGE_PATH: $CI_REGISTRY/$CI_PROJECT_PATH
-  # IMAGE_VERSION: $CI_COMMIT_SHORT_SHA
-  RELEASE_VERSION: $CI_COMMIT_SHORT_SHA
-  
-before_script:
-  - docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
-  - mkdir -p .ci_status
-
-.dedicated-builder: &dedicated-builder
-  tags:
-    - build1-shell
-
-
-.dedicated-runner: &dedicated-runner
-  tags:
-    - runner1-prod-shell
-
-vault_wrap_build:
-  <<: *dedicated-builder
-  stage: build
-  script:
-    - DOCKER_BUILDKIT=1 COMPOSE_DOCKER_CLI_BUILD=1 docker-compose -f docker-compose.yml build vault-wrap
-    - docker tag $IMAGE_PATH/vault-wrap:$RELEASE_VERSION $IMAGE_PATH/vault-wrap:dev
-    - docker push $IMAGE_PATH/vault-wrap:dev
-    - touch .ci_status/vault_wrap_build
-  only:
-    refs:
-      - main
-    changes:
-      - vault.go
-      - Dockerfile
-      - entrypoint.sh
-      - docker-compose.yml
-      - .gitlab-ci.yml
-  artifacts:
-    paths:
-      - .ci_status/
-
-# --------------- RELEASE STAGE -------------#
-vault_wrap_release:
-  <<: *dedicated-builder
-  stage: release
-  script:
-    - if [ -e .ci_status/vault_wrap_build ]; then docker pull $IMAGE_PATH/vault-wrap:dev; docker tag $IMAGE_PATH/vault-wrap:dev $IMAGE_PATH/vault-wrap:$RELEASE_VERSION; docker push $IMAGE_PATH/vault-wrap:$RELEASE_VERSION; touch .ci_status/vault_wrap_release; fi
-  artifacts:
-    paths:
-      - .ci_status/
-  only:
-    refs:
-      - main
-
-
-#-------------- DEPLOY STAGE ------------------#
-vault_wrap_deploy:
-  <<: *dedicated-runner
-  stage: deploy
-  script:
-    - docker volume create vault-wrap_vault-wrap-conf
-    - docker run --rm -v vault-wrap_vault-wrap-conf:/temporary -v /etc/ssl/certs/:/files alpine cp files/runner1-prod.corp.samsonopt.ru.crt /temporary
-    - docker run --rm -v vault-wrap_vault-wrap-conf:/temporary -v /etc/ssl/private/:/files alpine cp files/runner1-prod.corp.samsonopt.ru.key /temporary
-    - docker run --rm -v vault-wrap_vault-wrap-conf:/temporary -v ./html-template/:/files alpine cp files/index.html /temporary
-    # -cp /etc/ssl/certs/runner1-prod.corp.samsonopt.ru.crt /srv/docker/volumes/vault-wrap_vault-wrap-conf/_data/
-    # - cp /etc/ssl/private/runner1-prod.corp.samsonopt.ru.key /srv/docker/volumes/vault-wrap_vault-wrap-conf/_data/
-    - export TLS_CERT_FILE=runner1-prod.corp.samsonopt.ru.crt
-    - export TLS_KEY_FILE=runner1-prod.corp.samsonopt.ru.key
-    - if [ -e .ci_status/vault_wrap_release ]; then docker-compose -f docker-compose.yml up -d vault-wrap; fi
-  only:
-    refs:
-      - main
-
-traefik_deploy:
-  <<: *dedicated-runner
-  stage: deploy
-  script:
-    - mkdir -p /home/gitlab-runner/traefik
-    - docker volume create vault-wrap_traefik-ssl
-    - docker volume create  vault-wrap_traefik-dynamic-conf
-    - docker run --rm -v vault-wrap_traefik-ssl:/temporary -v /etc/ssl/certs/:/files alpine cp files/runner1-prod.corp.samsonopt.ru.crt /temporary
-    - docker run --rm -v vault-wrap_traefik-ssl:/temporary -v /etc/ssl/private/:/files alpine cp files/runner1-prod.corp.samsonopt.ru.key /temporary
-    - docker run --rm -v vault-wrap_traefik-dynamic-conf:/temporary -v ./traefik-files:/files alpine cp files/certificates.yml /temporary
-    - cp traefik-files/traefik.yml /home/gitlab-runner/traefik/traefik.yml
-    - export TLS_CERT_FILE=runner1-prod.corp.samsonopt.ru.crt
-    - export TLS_KEY_FILE=runner1-prod.corp.samsonopt.ru.key
-    - if [ -e .ci_status/vault_wrap_release ]; then docker-compose -f docker-compose.yml up -d traefik; fi
-  only:
-    refs:
-      - main
-

README.md

@@ -9,7 +9,7 @@
 Запуск с доступом по https (использование TLS/SSL):
 
 ```
-vault-wrap -action-address "https://saecret.example.ru:8443" -vault-url "https://vault.example.ru:8200" -tls-cert cert.pem -tls-key privaty.key -listen-port 8443 -tls
+vault-wrap -action-address "https://secret.example.ru:8443" -vault-url "https://vault.example.ru:8200" -tls-cert cert.pem -tls-key privaty.key -listen-port 8443 -tls
 ```
 
 Запуск с доступом по http:

docker-compose.yml

@@ -6,7 +6,7 @@ services:
     image: $IMAGE_PATH/vault-wrap:$RELEASE_VERSION
     container_name: vault-wrap
     environment:
-      - ACTION_ADDRESS=${ACTION_ADDRESS:-https://secret.corp.samsonopt.ru}
+      - ACTION_ADDRESS=${ACTION_ADDRESS:-https://secret.example.ru}
       - VAULT_ADDRESS=${VAULT_ADDRESS}
       - LISTEN_PORT=8080
       - TLS_KEY_FILE=${TLS_KEY_FILE}
@@ -26,48 +26,16 @@ services:
         max-size: "10m"
         max-file: "5"
     labels:
-      - "traefik.enable=true"
+      - "tra.enable=true"
-      - "traefik.http.routers.secret.rule=Host(`secret.corp.samsonopt.ru`)"
+      - "tra.http.routers.secret.rule=Host(`secret.example.ru`)"
-      - "traefik.http.services.secret.loadbalancer.server.port=8080"
+      - "tra.http.services.secret.loadbalancer.server.port=8080"
-      - "traefik.docker.network=reverse-proxy"
+      - "tra.docker.network=reverse-proxy"
-      - "traefik.http.routers.secret.tls=true"
+      - "tra.http.routers.secret.tls=true"
-      - "traefik.http.services.secret.loadbalancer.server.scheme=http"
+      - "tra.http.services.secret.loadbalancer.server.scheme=http"
     networks:
       - default
       - vault-wrap
 
-  traefik:
-    image: traefik:v3.0
-    container_name: traefik
-    command:
-#      - --entrypoints.web.address=:80
-#      - --entrypoints.web-secure.address=:443
-#      - --providers.docker=true
-      - --providers.file.directory=/configuration/
-      - --providers.file.watch=true
-    volumes:
-      - traefik-dynamic-conf:/configuration/
-      - /home/gitlab-runner/traefik/traefik.yml:/traefik.yml:ro
-      - /var/run/docker.sock:/var/run/docker.sock:ro
-      - traefik-ssl:/ssl/:ro
-    ports:
-      - 80:80
-      # - 8080:8080
-      - 888:888
-      - 443:443
-    restart: always
-    networks:
-      - default
-    labels:
-      - "traefik.enable=true"
-      - "traefik.http.routers.traefik.entrypoints=https"
-      - "traefik.http.routers.traefik.rule=Host(`runner1-prod.corp.samsonopt.ru`)"
-      - "traefik.http.routers.traefik.tls=true"
-#      - "traefik.http.routers.traefik.tls.certresolver=letsEncrypt"
-      - "traefik.http.routers.traefik.service=api@internal"
-      - "traefik.http.services.traefik.loadbalancer.server.port=888"
-      - "traefik.http.services.traefik.loadbalancer.server.scheme=https"
-
 networks:
   default:
     name: reverse-proxy
@@ -78,5 +46,3 @@ networks:
 volumes:
   vault-wrap-log:
   vault-wrap-conf:
-  traefik-dynamic-conf:
-  traefik-ssl:

traefik-files/certificates.yml

@@ -1,12 +0,0 @@
-# Dynamic configuration
-# in configuration/certificates.yaml
-tls:
-  certificates:
-    # first certificate
-    - certFile: /ssl/runner1-prod.corp.samsonopt.ru.crt
-      keyFile: /ssl/runner1-prod.corp.samsonopt.ru.key
-
-    # second certificate
-    #- certFile: /path/to/other.cert
-    #  keyFile: /path/to/other.key
-

traefik-files/traefik.yml

@@ -1,30 +0,0 @@
-api:
-  dashboard: true
-  insecure: true
-
-accessLog: {}
-
-log:
-  level: INFO
-
-entryPoints:
-  http:
-    address: ":80"
-  https:
-    address: ":443"
-  dashboard:
-    address: ":888"
-
-http:
-  routers:
-    host:
-      entryPoints:
-      - http
-      rule: Host(`corp.samsonopt.ru`)
-
-providers:
-  docker:
-    endpoint: "unix:///var/run/docker.sock"
-    exposedByDefault: false
-  file:
-    filename: /configuration/certificates.yml