This commit is contained in:
50
README.md
50
README.md
@@ -1,3 +1,49 @@
|
||||
# Template-Docker
|
||||
# vault
|
||||
|
||||
Template-Docker
|
||||
Vault est un outil permettant d'accéder à des secrets en toute sécurité. Un secret est un élément dont vous souhaitez contrôler étroitement l'accès, comme les clés d'API, les mots de passe, les certificats, etc. Vault fournit une interface unifiée à n'importe quel secret, tout en assurant un contrôle d'accès strict et en enregistrant un journal d'audit détaillé.
|
||||
|
||||
# A propos de
|
||||
|
||||
# Prérequis
|
||||
|
||||
Vous avez besoin d'une installation docker fonctionnelle et de docker-compose sur votre machine.
|
||||
|
||||
# Démarrage
|
||||
|
||||
~~~bash
|
||||
git clone https://gitea.tips-of-mine.com/Tips-Of-Mine/vault.git
|
||||
cd vault
|
||||
~~~
|
||||
|
||||
## Personnalisation
|
||||
|
||||
Le fichier .env pour les variable d'environnement
|
||||
~~~bash
|
||||
nano .env
|
||||
~~~
|
||||
|
||||
Modification des labels pour traefik
|
||||
~~~bash
|
||||
nano docker-compose.yml
|
||||
~~~
|
||||
|
||||
## Lancement
|
||||
|
||||
~~~bash
|
||||
docker compose up -d
|
||||
~~~
|
||||
|
||||
~~~bash
|
||||
docker compose logs -f
|
||||
~~~
|
||||
|
||||
~~~bash
|
||||
docker exec -it vault-app /bin/sh
|
||||
~~~
|
||||
|
||||
~~~bash
|
||||
vault operator init
|
||||
~~~
|
||||
|
||||
# Buy me a coffe
|
||||
<a href='https://ko-fi.com/R5R2KNI3N' target='_blank'><img height='36' style='border:0px;height:36px;' src='https://storage.ko-fi.com/cdn/kofi4.png?v=3' border='0' alt='Buy Me a Coffee at ko-fi.com' /></a>
|
||||
18
config/config.hcl
Normal file
18
config/config.hcl
Normal file
@@ -0,0 +1,18 @@
|
||||
|
||||
ui = true
|
||||
disable_mlock = "true"
|
||||
|
||||
storage "raft" {
|
||||
path = "/vault/data"
|
||||
node_id = "node1"
|
||||
}
|
||||
|
||||
listener "tcp" {
|
||||
address = "[::]:8200"
|
||||
tls_disable = "true"
|
||||
tls_cert_file = "/certs/cert.pem"
|
||||
tls_key_file = "/certs/privkey.pem"
|
||||
}
|
||||
|
||||
api_addr = "https://vault.tips-of-mine.com"
|
||||
cluster_addr = "https://vault.tips-of-mine.com:8201"
|
||||
@@ -2,28 +2,19 @@
|
||||
networks:
|
||||
traefik_front_network:
|
||||
external: true
|
||||
back_network_vault:
|
||||
driver: bridge
|
||||
attachable: true
|
||||
|
||||
#### SERVICES
|
||||
services:
|
||||
vault:
|
||||
container_name: vault-new
|
||||
hostname: vault-new
|
||||
container_name: vault-app
|
||||
hostname: vault-app
|
||||
image: hashicorp/vault:latest
|
||||
environment:
|
||||
VAULT_ADDR: "https://vault.tips-of-mine.com"
|
||||
VAULT_API_ADDR: "https://vault.tips-of-mine.com"
|
||||
VAULT_ADDRESS: "https://vault.tips-of-mine.com"
|
||||
# VAULT_UI: true
|
||||
# VAULT_TOKEN:
|
||||
# ports:
|
||||
# - "8200:8200"
|
||||
# - "8201:8201"
|
||||
networks:
|
||||
- traefik_front_network
|
||||
- back_network_vault
|
||||
labels:
|
||||
- "traefik.enable=true"
|
||||
- "traefik.docker.network=traefik_front_network"
|
||||
|
||||
19
install-docker.sh
Normal file
19
install-docker.sh
Normal file
@@ -0,0 +1,19 @@
|
||||
#!/bin/sh
|
||||
# Pour docker et le plugin compose pour docker sur un Debian
|
||||
|
||||
|
||||
# Add Docker's official GPG key:
|
||||
apt-get update
|
||||
apt-get install ca-certificates curl
|
||||
install -m 0755 -d /etc/apt/keyrings
|
||||
curl -fsSL https://download.docker.com/linux/debian/gpg -o /etc/apt/keyrings/docker.asc
|
||||
chmod a+r /etc/apt/keyrings/docker.asc
|
||||
|
||||
# Add the repository to Apt sources:
|
||||
echo \
|
||||
"deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/debian \
|
||||
$(. /etc/os-release && echo "VERSION_CODENAME") stable" | \
|
||||
tee /etc/apt/sources.list.d/docker.list > /dev/null
|
||||
apt-get update
|
||||
|
||||
apt-get install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
|
||||
Reference in New Issue
Block a user