vault-wrap: добавил выбор запуска http/https. INF-1541
This commit is contained in:
svkalinin
parent
58803532da
commit
ef286325b4
|
|
@ -8,7 +8,7 @@ services:
|
|||
environment:
|
||||
- ACTION_ADDRESS=${ACTION_ADDRESS:-https://secret.corp.samsonopt.ru}
|
||||
- VAULT_ADDRESS=${VAULT_ADDRESS}
|
||||
- LISTEN_PORT=443
|
||||
- LISTEN_PORT=8080
|
||||
- TLS_KEY_FILE=${TLS_KEY_FILE}
|
||||
- TLS_CERT_FILE=${TLS_CERT_FILE}
|
||||
- TZ=Europe/Moscow
|
||||
|
|
@ -26,10 +26,10 @@ services:
|
|||
labels:
|
||||
- "traefik.enable=true"
|
||||
- "traefik.http.routers.secret.rule=Host(`secret.corp.samsonopt.ru`)"
|
||||
- "traefik.http.services.secret.loadbalancer.server.port=443"
|
||||
- "traefik.http.services.secret.loadbalancer.server.port=8080"
|
||||
- "traefik.docker.network=reverse-proxy"
|
||||
- "traefik.http.routers.secret.tls=true"
|
||||
- "traefik.http.services.secret.loadbalancer.server.scheme=https"
|
||||
- "traefik.http.routers.secret.tls=false"
|
||||
- "traefik.http.services.secret.loadbalancer.server.scheme=http"
|
||||
networks:
|
||||
- default
|
||||
- vault-wrap
|
||||
|
|
@ -63,7 +63,8 @@ services:
|
|||
- "traefik.http.routers.traefik.tls=true"
|
||||
# - "traefik.http.routers.traefik.tls.certresolver=letsEncrypt"
|
||||
- "traefik.http.routers.traefik.service=api@internal"
|
||||
- "traefik.http.services.traefik-traefik.loadbalancer.server.port=888"
|
||||
- "traefik.http.services.traefik.loadbalancer.server.port=888"
|
||||
- "traefik.http.services.traefik.loadbalancer.server.scheme=https"
|
||||
|
||||
networks:
|
||||
default:
|
||||
|
|
|
|||
|
|
@ -2,7 +2,7 @@
|
|||
set -u
|
||||
|
||||
while true ;do
|
||||
/go/bin/vault-wrap -action-address "${ACTION_ADDRESS}" -vault-url "${VAULT_ADDRESS}" -tls-cert "/usr/local/share/vault-wrap/${TLS_CERT_FILE}" -tls-key "/usr/local/share/vault-wrap/${TLS_KEY_FILE}" -template-dir /usr/local/share/vault-wrap -log-file /var/log/vault-wrap/vault-wrap.log -listen-port "${LISTEN_PORT}"
|
||||
|
||||
# /go/bin/vault-wrap -action-address "${ACTION_ADDRESS}" -vault-url "${VAULT_ADDRESS}" -tls-cert "/usr/local/share/vault-wrap/${TLS_CERT_FILE}" -tls-key "/usr/local/share/vault-wrap/${TLS_KEY_FILE}" -template-dir /usr/local/share/vault-wrap -log-file /var/log/vault-wrap/vault-wrap.log -listen-port "${LISTEN_PORT}" -tls
|
||||
/go/bin/vault-wrap -action-address "${ACTION_ADDRESS}" -template-dir /usr/local/share/vault-wrap -log-file /var/log/vault-wrap/vault-wrap.log
|
||||
sleep 120
|
||||
done
|
||||
|
|
|
|||
25
vault.go
25
vault.go
|
|
@ -43,6 +43,7 @@ var (
|
|||
VaultAddress string
|
||||
Data string
|
||||
ListenPort string
|
||||
TlsEnable bool
|
||||
TlsCertFile string
|
||||
TlsKeyFile string
|
||||
)
|
||||
|
|
@ -250,10 +251,11 @@ func main() {
|
|||
flag.StringVar(&TemplateDir, "template-dir", "html-template", "Каталог с шаблонами")
|
||||
flag.StringVar(&TemplateFile, "template-file", "index.html", "Файл-шаблон для ВЭБ-странцы")
|
||||
flag.StringVar(&VaultAddress, "vault-url", "", "Адрес сервера Hashicorp Vault (https://host.name:8200)")
|
||||
flag.StringVar(&ActionAddress, "action-address", "", "Адрес данного сервиса (https://host.name")
|
||||
flag.StringVar(&ListenPort, "listen-port", "8443", "Номер порта сервиса")
|
||||
flag.StringVar(&ActionAddress, "action-address", "", "Адрес данного сервиса (host.name)")
|
||||
flag.StringVar(&ListenPort, "listen-port", "8080", "Номер порта сервиса")
|
||||
flag.StringVar(&TlsCertFile, "tls-cert", "", "TLS сертификат (файл)")
|
||||
flag.StringVar(&TlsKeyFile, "tls-key", "", "TLS ключ (файл)")
|
||||
flag.BoolVar(&TlsEnable, "tls", false, "Использовать SSL/TLS")
|
||||
|
||||
flag.Parse()
|
||||
|
||||
|
|
@ -295,10 +297,25 @@ func main() {
|
|||
http.Handle("/", rtr)
|
||||
if os.Getenv("LISTEN_PORT") != "" {
|
||||
ListenPort = os.Getenv("LISTEN_PORT")
|
||||
} else {
|
||||
if TlsEnable && ListenPort == ""{
|
||||
ListenPort = "8443"
|
||||
}
|
||||
}
|
||||
listenAddr := ":" + ListenPort
|
||||
|
||||
log.Println("Listening...")
|
||||
// http.ListenAndServe(":8080", nil)
|
||||
log.Fatal(http.ListenAndServeTLS(listenAddr, TlsCertFile, TlsKeyFile, nil))
|
||||
if TlsEnable {
|
||||
ActionAddress = "https://" + ActionAddress
|
||||
if Debug {
|
||||
log.Printf("Адрес сервиса: %s%s ", ActionAddress, listenAddr)
|
||||
}
|
||||
log.Fatal(http.ListenAndServeTLS(listenAddr, TlsCertFile, TlsKeyFile, nil))
|
||||
} else {
|
||||
ActionAddress = "http://" + ActionAddress
|
||||
if Debug {
|
||||
log.Printf("Адрес сервиса: %s%s ", ActionAddress, listenAddr)
|
||||
}
|
||||
http.ListenAndServe(listenAddr, nil)
|
||||
}
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue
Block a user