HTTPS certificat with vault and docker-compose

Nexy

New Member
Joined
May 21, 2019
Messages
2
Reaction score
0
Credits
16
Hello,

I try to learn how to use Vault by creating a local virtual machine ( ubuntu 20.04 ) and a container with docker-compose.

So I run Vault from container built with docker-compose. I've access to the UI/API but I want to put it in https with SSL certificat from openssl.

Here my configuration :

Docker-compose.yaml :
version: '3.6'

services:

vault:
build:
context: ./vault
dockerfile: Dockerfile
ports:
- 8200:8200
volumes:
- ./vault/config:/vault/config
- ./vault/policies:/vault/policies
- ./vault/data:/vault/data
- ./vault/logs:/vault/logs
- ./vault/volume_test/:/vault/volume_test
environment:
- VAULT_ADDR=http://192.168.56.8:8200
command: server -config=/vault/config/vault-config.json
cap_add:
- IPC_LOCK


My dockerfile :
# base image
FROM alpine:3.7

# set vault version
ENV VAULT_VERSION 0.10.3

# create a new directory
RUN mkdir /vault

# download dependencies
RUN apk --no-cache add \
bash \
ca-certificates \
wget

# download and set up vault
RUN wget --quiet --output-document=/tmp/vault.zip https://releases.hashicorp.com/vault/${VAULT_VERSION}/vault_${VAULT_VERSION}_linux_amd64.zip && \
unzip /tmp/vault.zip -d /vault && \
rm -f /tmp/vault.zip && \
chmod +x /vault

# update PATH
ENV PATH="PATH=$PATH:$PWD/vault"

# add the config file
COPY ./config/vault-config.json /vault/config/vault-config.json

# expose port 8080
EXPOSE 8200

# run vault
ENTRYPOINT ["vault"]


My vault- conf.json file :
{
"backend": {
"file": {
"path": "vault/data"
}
},
"listener": {
"tcp":{
"address": "0.0.0.0:8200",
"tls_disable": 1
}
},
"ui": true
}


With these files, all is working properly.

Here what I've try for https :
apt-get install openssl
openssl genrsa -aes256 -out certificat.key 4096
mv certificat.key certificat.key.lock
openssl rsa -in certificat.key.lock -out certificat.key
openssl req -new -key certificat.key.lock -out certificat.csr
openssl x509 -req -days 365 -in certificat.csr -signkey certificat.key.lock -out certificat.crt


And I've add the path of my .crt and .key in my vault-config.json file :
{
"backend": {
"file": {
"path": "vault/data"
}
},
"listener": {
"tcp":{
"address": "0.0.0.0:8200",
"tls_cert_file": "/path/to/my/certificat.crt",
"tls_key_file": "/path/to/my/key.crt"
},
"ui": true
}

And after that, I run my docker-compose command to build my container. But it's not work.

But I think is not the good way to do that

Someone to tell me how to do that with openssl ?

Thanks a lot !
 




Top