The text below is selected, press Ctrl+C to copy to your clipboard. (⌘+C on Mac) No line numbers will be copied.
Guest
Alamakota
By Guest on 13th June 2019 06:33:24 AM | Syntax: TEXT | Views: 3



New paste | Download | Show/Hide line no. | Copy text to clipboard
  1. SSL[Vault+VGM+GOLDFISH+Mikroserwis]
  2.  
  3.  
  4. CA:
  5.  
  6. openssl genrsa -aes256 -out ca-key.pem 4096
  7.  
  8. openssl req -new -x509 -days 365 -key ca-key.pem -sha256 -out ca.pem
  9.  
  10.  
  11. ---------------------------------
  12.  
  13. Z jednej strony trzeba by zacząć od CONSULa (do tego to tak wogóle jest inny dokument - consul z SSL - elaborat ver X.0)
  14.  
  15. Z drugiej jednak zważywszy że agent consula jest na każdym węźle (czystym tekstem bo via docker-loopback 172.17.0.1:8500) to SSL do consula właściwie jest niepotrzebny , mimo wszystko omówimy go
  16.  
  17.  
  18. bez SSL:
  19.  
  20. docker run --restart=always --name consul -d -v /etc/localtime:/etc/localtime:ro -h node1 -p 8300:8300/tcp -p 8301:8301/tcp -p 8301:8301/udp -p 8302:8302/tcp -p 8302:8302/udp -p 8400:8400 -p 8500:8500 consul:0.8.1 agent -ui -server -advertise=192.168.43.197 -client=0.0.0.0 -bootstrap-expect 1
  21.  
  22.  
  23. openssl genrsa -out consul-key.pem 4096
  24.  
  25. openssl req -subj "/CN=consul" -sha256 -new -key consul-key.pem -out consul.csr
  26.  
  27. echo subjectAltName = IP:192.168.43.176,IP:127.0.0.1 > consul-extfile.cnf
  28.  
  29. openssl x509 -req -days 365 -sha256 -in consul.csr -CA ca.pem -CAkey ca-key.pem -CAcreateserial -out consul-cert.pem -extfile consul-extfile.cnf
  30.  
  31.  
  32. z SSL:
  33.  
  34. docker run -tdi --name consul  -v /root/CONSUL/:/DATA -v /etc/localtime:/etc/localtime:ro -h node1 -p 8300:8300/tcp -p 8301:8301/tcp -p 8301:8301/udp -p 8302:8302/tcp -p 8302:8302/udp -p 8400:8400 -p 8500:8500 consul:0.8.1 agent -ui -server -advertise=192.168.43.176 -client=0.0.0.0 -bootstrap-expect 1 -config-file=/DATA/consul_config
  35.  
  36.  
  37. # cat  consul_config
  38.  
  39. {
  40.  
  41.   "key_file": "/DATA/ssl/consul-key.pem",
  42.  
  43.   "cert_file": "/DATA/ssl/consul-cert.pem",
  44.  
  45.   "ca_file": "/DATA/ssl/ca.pem",
  46.  
  47.   "verify_incoming": false,
  48.  
  49.   "verify_outgoing": true,
  50.  
  51.   "ports": {
  52.  
  53.    "http": -1,
  54.  
  55.    "https": 8500
  56.  
  57.   }
  58.  
  59. }



  • Recent Pastes