link:
|
1 2 3 4 5 6 7 8 9 10 11 |
https://www.vaultproject.io/downloads https://learn.hashicorp.com/tutorials/vault/getting-started-ui?in=vault/getting-started-ui https://habr.com/ru/post/306812/ https://habr.com/ru/company/quadcode/blog/565690/ https://habr.com/ru/post/536694/ https://khannz.medium.com/rus-hashi-vault-intro-1615ae2c0116 https://dotsandbrackets.com/application-secrets-ru/ https://dotsandbrackets.com/consul-key-value-store-configuration-ru/ |
install and setup
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 |
### distr https://www.vaultproject.io/downloads #0 install apt update && apt upgrade -y apt install vim sudo mc curl git vim htop nmap gnupg tcpdump #1 install curl -fsSL https://apt.releases.hashicorp.com/gpg | sudo apt-key add - #sudo apt-add-repository "deb [arch=amd64] https://apt.releases.hashicorp.com $(lsb_release -cs) main" echo "deb [arch=amd64] https://apt.releases.hashicorp.com $(lsb_release -cs) main" >> /etc/apt/sources.list apt-get update && sudo apt-get install vault ### SETUP web server vault # doc # https://learn.hashicorp.com/tutorials/vault/getting-started-ui?in=vault/getting-started-ui #0 cd folder default cd /opt/vault #1 create file tee config.hcl <<EOF ui = true disable_mlock = true storage "raft" { path = "./data" node_id = "node1" } listener "tcp" { address = "0.0.0.0:8200" cluster_address = "0.0.0.0:8201" tls_disable = "true" } api_addr = "$API_ADDR" cluster_addr = "$CLUSTER_ADDR" EOF #2 test start server vault server -config=config.hcl #3 test in browser https://127.0.0.1:8200/ #3.1 generate key vault-cluster-vault-***.json |
config nginx
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 |
# Full configuration at https://mozilla.github.io/server-side-tls/ssl-config-generator/ # /etc/nginx/sites-enabled/vault server { listen 80; listen 443 ssl; server_name vault; return 301 https://vault.yourdomain.com$request_uri; } server { listen 443 ssl; location / { proxy_buffering off; proxy_pass http://127.0.0.1:8200; proxy_redirect off; proxy_set_header Host $http_host; } } |