goforbg/Hashicorp-vault-on-aws-ec2-docker-compose

## Hashicorp-vault-on-aws-ec2-docker-compose
#!/bin/bash
# Purpose: Vault Quick Setup
# Maintainer: DevOps Muhammad Asim
# OS Ubuntu/Amazon_Linux
# https://www.youtube.com/watch?v=TO557f1-Ksk&ab_channel=cloudgeeksinc

# 1. curl  # https://gist.githubusercontent.com/goforbg/0abe3264ef082963d6491e28f100549a/raw/56845189cb14f24b7fd70514ca92aa1051706560/Hashicorp-vault-on-aws-ec2-docker-compose -o "vault.sh"

# 2. sudo chmod +x vault.sh

# 3. sudo ./vault.sh

# 4. docker-compose down

# 5. sudo amazon-linux-extras install epel

# 6. sudo yum install certbot-apache

# 7. sudo certbot certonly --standalone -d secrets.yourfirstsalary.com


## https://dearsikandarkhan.medium.com/get-free-ssl-certificates-and-configure-https-f710dbc5e269
## https://www.monterail.com/blog/2017/lets-encrypt-vault-free-ssl-tls-certificate
## https://github.com/hashicorp/vault/issues/2641

# 6. Copy certificates

# cp /etc/letsencrypt/live/secrets.yourfirstsalary.com/cert.pem /home/ec2-user/vault/
# cp /etc/letsencrypt/live/secrets.yourfirstsalary.com/fullchain.pem /home/ec2-user/vault/
# cp /etc/letsencrypt/live/secrets.yourfirstsalary.com/privkey.pem /home/ec2-user/vault/

# To remove all containers and images sudo docker rm -f $(docker ps -a -q) && docker rmi -f $(docker images -a -q)


curl -fsSL https://get.docker.com -o get-docker.sh
sh get-docker.sh      2>&1 > /dev/null
rm -rf get-docker.sh
yum install -y docker 2>&1 > /dev/null
systemctl start docker
systemctl enable docker

# Docker Compose Installation

curl -L "https://github.com/docker/compose/releases/download/1.25.5/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
chmod +x /usr/local/bin/docker-compose
ln -s /usr/local/bin/docker-compose /usr/bin/docker-compose
docker-compose --version


mkdir -p "${PWD}"/vault/{config,file,logs}

touch    "${PWD}"/vault/docker-compose.yml

cat << EOF > "${PWD}"/vault/config/vault.json


{
  "ui": true,
"backend": {
    "file": {
"path": "/vault/file"
    }
  },
  "listener": {
    "tcp":{
"address": "0.0.0.0:443",
"tls_disable": 0,
"tls_cert_file" : "/vault/cert/fullchain.pem",
"tls_key_file": "/vault/cert/privkey.pem"
    }
  }
  "ui": true,
  "disable_mlock": true
}

EOF

cat << EOF > "${PWD}"/vault/docker-compose.yml
version: '3.7'
services:
  vault:
    image: vault:latest
    container_name: vault
    ports:
      - "443:443"
    restart: unless-stopped
    volumes:
      -  ./logs:/vault/logs
      -  ./file:/vault/file
      -  ./config:/vault/config
    cap_add:
      - IPC_LOCK
    entrypoint: vault server -config=/vault/config/vault.json

EOF

cd "${PWD}"/vault

docker-compose up -d
	#!/bin/bash
	# Purpose: Vault Quick Setup
	# Maintainer: DevOps Muhammad Asim
	# OS Ubuntu/Amazon_Linux
	# https://www.youtube.com/watch?v=TO557f1-Ksk&ab_channel=cloudgeeksinc

	# 1. curl # https://gist.githubusercontent.com/goforbg/0abe3264ef082963d6491e28f100549a/raw/56845189cb14f24b7fd70514ca92aa1051706560/Hashicorp-vault-on-aws-ec2-docker-compose -o "vault.sh"

	# 2. sudo chmod +x vault.sh

	# 3. sudo ./vault.sh

	# 4. docker-compose down

	# 5. sudo amazon-linux-extras install epel

	# 6. sudo yum install certbot-apache

	# 7. sudo certbot certonly --standalone -d secrets.yourfirstsalary.com


	## https://dearsikandarkhan.medium.com/get-free-ssl-certificates-and-configure-https-f710dbc5e269
	## https://www.monterail.com/blog/2017/lets-encrypt-vault-free-ssl-tls-certificate
	## https://github.com/hashicorp/vault/issues/2641

	# 6. Copy certificates

	# cp /etc/letsencrypt/live/secrets.yourfirstsalary.com/cert.pem /home/ec2-user/vault/
	# cp /etc/letsencrypt/live/secrets.yourfirstsalary.com/fullchain.pem /home/ec2-user/vault/
	# cp /etc/letsencrypt/live/secrets.yourfirstsalary.com/privkey.pem /home/ec2-user/vault/

	# To remove all containers and images sudo docker rm -f $(docker ps -a -q) && docker rmi -f $(docker images -a -q)


	curl -fsSL https://get.docker.com -o get-docker.sh
	sh get-docker.sh 2>&1 > /dev/null
	rm -rf get-docker.sh
	yum install -y docker 2>&1 > /dev/null
	systemctl start docker
	systemctl enable docker

	# Docker Compose Installation

	curl -L "https://github.com/docker/compose/releases/download/1.25.5/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
	chmod +x /usr/local/bin/docker-compose
	ln -s /usr/local/bin/docker-compose /usr/bin/docker-compose
	docker-compose --version







	mkdir -p "${PWD}"/vault/{config,file,logs}

	touch "${PWD}"/vault/docker-compose.yml

	cat << EOF > "${PWD}"/vault/config/vault.json


	{
	"ui": true,
	"backend": {
	"file": {
	"path": "/vault/file"
	}
	},
	"listener": {
	"tcp":{
	"address": "0.0.0.0:443",
	"tls_disable": 0,
	"tls_cert_file" : "/vault/cert/fullchain.pem",
	"tls_key_file": "/vault/cert/privkey.pem"
	}
	}
	"ui": true,
	"disable_mlock": true
	}

	EOF

	cat << EOF > "${PWD}"/vault/docker-compose.yml
	version: '3.7'
	services:
	vault:
	image: vault:latest
	container_name: vault
	ports:
	- "443:443"
	restart: unless-stopped
	volumes:
	- ./logs:/vault/logs
	- ./file:/vault/file
	- ./config:/vault/config
	cap_add:
	- IPC_LOCK
	entrypoint: vault server -config=/vault/config/vault.json

	EOF

	cd "${PWD}"/vault

	docker-compose up -d