From ef286325b4a8c5e434972f8cfc2ccc528f9baea1 Mon Sep 17 00:00:00 2001 From: svkalinin Date: Thu, 11 Jul 2024 09:07:03 +0300 Subject: [PATCH] =?UTF-8?q?vault-wrap:=20=D0=B4=D0=BE=D0=B1=D0=B0=D0=B2?= =?UTF-8?q?=D0=B8=D0=BB=20=D0=B2=D1=8B=D0=B1=D0=BE=D1=80=20=D0=B7=D0=B0?= =?UTF-8?q?=D0=BF=D1=83=D1=81=D0=BA=D0=B0=20http/https.=20INF-1541?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- docker-compose.yml | 11 ++++++----- entrypoint.sh | 4 ++-- vault.go | 25 +++++++++++++++++++++---- 3 files changed, 29 insertions(+), 11 deletions(-) diff --git a/docker-compose.yml b/docker-compose.yml index dd74c46..e253b1b 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -8,7 +8,7 @@ services: environment: - ACTION_ADDRESS=${ACTION_ADDRESS:-https://secret.corp.samsonopt.ru} - VAULT_ADDRESS=${VAULT_ADDRESS} - - LISTEN_PORT=443 + - LISTEN_PORT=8080 - TLS_KEY_FILE=${TLS_KEY_FILE} - TLS_CERT_FILE=${TLS_CERT_FILE} - TZ=Europe/Moscow @@ -26,10 +26,10 @@ services: labels: - "traefik.enable=true" - "traefik.http.routers.secret.rule=Host(`secret.corp.samsonopt.ru`)" - - "traefik.http.services.secret.loadbalancer.server.port=443" + - "traefik.http.services.secret.loadbalancer.server.port=8080" - "traefik.docker.network=reverse-proxy" - - "traefik.http.routers.secret.tls=true" - - "traefik.http.services.secret.loadbalancer.server.scheme=https" + - "traefik.http.routers.secret.tls=false" + - "traefik.http.services.secret.loadbalancer.server.scheme=http" networks: - default - vault-wrap @@ -63,7 +63,8 @@ services: - "traefik.http.routers.traefik.tls=true" # - "traefik.http.routers.traefik.tls.certresolver=letsEncrypt" - "traefik.http.routers.traefik.service=api@internal" - - "traefik.http.services.traefik-traefik.loadbalancer.server.port=888" + - "traefik.http.services.traefik.loadbalancer.server.port=888" + - "traefik.http.services.traefik.loadbalancer.server.scheme=https" networks: default: diff --git a/entrypoint.sh b/entrypoint.sh index 04e8dbc..7d35d85 100644 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -2,7 +2,7 @@ set -u while true ;do - /go/bin/vault-wrap -action-address "${ACTION_ADDRESS}" -vault-url "${VAULT_ADDRESS}" -tls-cert "/usr/local/share/vault-wrap/${TLS_CERT_FILE}" -tls-key "/usr/local/share/vault-wrap/${TLS_KEY_FILE}" -template-dir /usr/local/share/vault-wrap -log-file /var/log/vault-wrap/vault-wrap.log -listen-port "${LISTEN_PORT}" - + # /go/bin/vault-wrap -action-address "${ACTION_ADDRESS}" -vault-url "${VAULT_ADDRESS}" -tls-cert "/usr/local/share/vault-wrap/${TLS_CERT_FILE}" -tls-key "/usr/local/share/vault-wrap/${TLS_KEY_FILE}" -template-dir /usr/local/share/vault-wrap -log-file /var/log/vault-wrap/vault-wrap.log -listen-port "${LISTEN_PORT}" -tls + /go/bin/vault-wrap -action-address "${ACTION_ADDRESS}" -template-dir /usr/local/share/vault-wrap -log-file /var/log/vault-wrap/vault-wrap.log sleep 120 done diff --git a/vault.go b/vault.go index a425972..4fd755a 100644 --- a/vault.go +++ b/vault.go @@ -43,6 +43,7 @@ var ( VaultAddress string Data string ListenPort string + TlsEnable bool TlsCertFile string TlsKeyFile string ) @@ -250,10 +251,11 @@ func main() { flag.StringVar(&TemplateDir, "template-dir", "html-template", "Каталог с шаблонами") flag.StringVar(&TemplateFile, "template-file", "index.html", "Файл-шаблон для ВЭБ-странцы") flag.StringVar(&VaultAddress, "vault-url", "", "Адрес сервера Hashicorp Vault (https://host.name:8200)") - flag.StringVar(&ActionAddress, "action-address", "", "Адрес данного сервиса (https://host.name") - flag.StringVar(&ListenPort, "listen-port", "8443", "Номер порта сервиса") + flag.StringVar(&ActionAddress, "action-address", "", "Адрес данного сервиса (host.name)") + flag.StringVar(&ListenPort, "listen-port", "8080", "Номер порта сервиса") flag.StringVar(&TlsCertFile, "tls-cert", "", "TLS сертификат (файл)") flag.StringVar(&TlsKeyFile, "tls-key", "", "TLS ключ (файл)") + flag.BoolVar(&TlsEnable, "tls", false, "Использовать SSL/TLS") flag.Parse() @@ -295,10 +297,25 @@ func main() { http.Handle("/", rtr) if os.Getenv("LISTEN_PORT") != "" { ListenPort = os.Getenv("LISTEN_PORT") + } else { + if TlsEnable && ListenPort == ""{ + ListenPort = "8443" + } } listenAddr := ":" + ListenPort log.Println("Listening...") - // http.ListenAndServe(":8080", nil) - log.Fatal(http.ListenAndServeTLS(listenAddr, TlsCertFile, TlsKeyFile, nil)) + if TlsEnable { + ActionAddress = "https://" + ActionAddress + if Debug { + log.Printf("Адрес сервиса: %s%s ", ActionAddress, listenAddr) + } + log.Fatal(http.ListenAndServeTLS(listenAddr, TlsCertFile, TlsKeyFile, nil)) + } else { + ActionAddress = "http://" + ActionAddress + if Debug { + log.Printf("Адрес сервиса: %s%s ", ActionAddress, listenAddr) + } + http.ListenAndServe(listenAddr, nil) + } }