Last active
March 30, 2022 09:06
-
-
Save goforbg/0abe3264ef082963d6491e28f100549a to your computer and use it in GitHub Desktop.
Install docker docker compose and hashicorp vault on AWS EC2
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# Purpose: Vault Quick Setup | |
# Maintainer: DevOps Muhammad Asim | |
# OS Ubuntu/Amazon_Linux | |
# https://www.youtube.com/watch?v=TO557f1-Ksk&ab_channel=cloudgeeksinc | |
# 1. curl # https://gist.githubusercontent.com/goforbg/0abe3264ef082963d6491e28f100549a/raw/56845189cb14f24b7fd70514ca92aa1051706560/Hashicorp-vault-on-aws-ec2-docker-compose -o "vault.sh" | |
# 2. sudo chmod +x vault.sh | |
# 3. sudo ./vault.sh | |
# 4. docker-compose down | |
# 5. sudo amazon-linux-extras install epel | |
# 6. sudo yum install certbot-apache | |
# 7. sudo certbot certonly --standalone -d secrets.yourfirstsalary.com | |
## https://dearsikandarkhan.medium.com/get-free-ssl-certificates-and-configure-https-f710dbc5e269 | |
## https://www.monterail.com/blog/2017/lets-encrypt-vault-free-ssl-tls-certificate | |
## https://github.com/hashicorp/vault/issues/2641 | |
# 6. Copy certificates | |
# cp /etc/letsencrypt/live/secrets.yourfirstsalary.com/cert.pem /home/ec2-user/vault/ | |
# cp /etc/letsencrypt/live/secrets.yourfirstsalary.com/fullchain.pem /home/ec2-user/vault/ | |
# cp /etc/letsencrypt/live/secrets.yourfirstsalary.com/privkey.pem /home/ec2-user/vault/ | |
# To remove all containers and images sudo docker rm -f $(docker ps -a -q) && docker rmi -f $(docker images -a -q) | |
curl -fsSL https://get.docker.com -o get-docker.sh | |
sh get-docker.sh 2>&1 > /dev/null | |
rm -rf get-docker.sh | |
yum install -y docker 2>&1 > /dev/null | |
systemctl start docker | |
systemctl enable docker | |
# Docker Compose Installation | |
curl -L "https://github.com/docker/compose/releases/download/1.25.5/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose | |
chmod +x /usr/local/bin/docker-compose | |
ln -s /usr/local/bin/docker-compose /usr/bin/docker-compose | |
docker-compose --version | |
mkdir -p "${PWD}"/vault/{config,file,logs} | |
touch "${PWD}"/vault/docker-compose.yml | |
cat << EOF > "${PWD}"/vault/config/vault.json | |
{ | |
"ui": true, | |
"backend": { | |
"file": { | |
"path": "/vault/file" | |
} | |
}, | |
"listener": { | |
"tcp":{ | |
"address": "0.0.0.0:443", | |
"tls_disable": 0, | |
"tls_cert_file" : "/vault/cert/fullchain.pem", | |
"tls_key_file": "/vault/cert/privkey.pem" | |
} | |
} | |
"ui": true, | |
"disable_mlock": true | |
} | |
EOF | |
cat << EOF > "${PWD}"/vault/docker-compose.yml | |
version: '3.7' | |
services: | |
vault: | |
image: vault:latest | |
container_name: vault | |
ports: | |
- "443:443" | |
restart: unless-stopped | |
volumes: | |
- ./logs:/vault/logs | |
- ./file:/vault/file | |
- ./config:/vault/config | |
cap_add: | |
- IPC_LOCK | |
entrypoint: vault server -config=/vault/config/vault.json | |
EOF | |
cd "${PWD}"/vault | |
docker-compose up -d |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment