Update
This commit is contained in:
parent
741e1f22e4
commit
0accb265d7
16
.app.config
Normal file
16
.app.config
Normal file
@ -0,0 +1,16 @@
|
|||||||
|
{
|
||||||
|
"ID": "gateway-__IP__",
|
||||||
|
"Name": "gateway",
|
||||||
|
"Address": "__IP__",
|
||||||
|
"Tags": ["api-gateway", "gateway", "https", "infra"],
|
||||||
|
"Port": 8443,
|
||||||
|
"Connect": {
|
||||||
|
"Native": true
|
||||||
|
},
|
||||||
|
"Check": {
|
||||||
|
"TCP": "__IP__:8443",
|
||||||
|
"Interval": "5s",
|
||||||
|
"Timeout": "1s",
|
||||||
|
"DeregisterCriticalServiceAfter": "10s"
|
||||||
|
}
|
||||||
|
}
|
34
Dockerfile
34
Dockerfile
@ -1,13 +1,37 @@
|
|||||||
FROM hashicorp/consul:1.15
|
|
||||||
|
FROM envoyproxy/envoy:distroless-v1.29-latest AS envoy
|
||||||
|
FROM ubuntu:latest AS base
|
||||||
|
FROM hashicorp/consul:1.19.2-ubi
|
||||||
|
|
||||||
|
USER root
|
||||||
|
|
||||||
LABEL dev.egommerce.image.author="Piotr Biernat"
|
LABEL dev.egommerce.image.author="Piotr Biernat"
|
||||||
LABEL dev.egommerce.image.vendor="Egommerce"
|
LABEL dev.egommerce.image.vendor="Egommerce"
|
||||||
LABEL dev.egommerce.image.service="api-registry"
|
LABEL dev.egommerce.image.service="api-registry"
|
||||||
LABEL dev.egommerce.image.version="1.0"
|
LABEL dev.egommerce.image.version="1.0"
|
||||||
|
|
||||||
COPY ./api-registry/etc /consul/config
|
ENV CGO_ENABLED=0
|
||||||
|
|
||||||
EXPOSE 8500 8600 8600/udp
|
COPY ./api-registry/etc/consul /consul/config
|
||||||
# USER consul
|
# COPY ./api-registry/etc/addons/* /consul/config
|
||||||
|
COPY ./api-registry/etc/consul-template /consul/template
|
||||||
|
COPY ./api-registry/opt /opt/consul
|
||||||
|
COPY ./api-registry/entrypoint.sh /
|
||||||
|
|
||||||
ENTRYPOINT ["consul", "agent", "-config-dir=/consul/config"]
|
# Fix for running Go apps in container @https://stackoverflow.com/a/35613430
|
||||||
|
#RUN rm /lib64/ld-linux-x86-64.so.2 && ln -s /lib/libc.musl-x86_64.so.1 /lib64/ld-linux-x86-64.so.2
|
||||||
|
# RUN apt update && \
|
||||||
|
# apt install -y curl
|
||||||
|
# RUN microdnf --enablerepo=rhel-7-server-rpms \
|
||||||
|
# install curl --nodocs
|
||||||
|
|
||||||
|
COPY --from=base /usr/bin/hostname /usr/bin/hostname
|
||||||
|
# COPY --from=base /usr/bin/ps /usr/bin/ps
|
||||||
|
COPY --from=envoy /usr/local/bin/envoy /bin/envoy
|
||||||
|
# COPY ./.app.config /
|
||||||
|
COPY ./api-registry/spawn-process.sh /
|
||||||
|
|
||||||
|
EXPOSE 53 53/udp 8443 8501
|
||||||
|
|
||||||
|
ENTRYPOINT ["/entrypoint.sh"]
|
||||||
|
CMD ["consul", "agent", "-config-dir=/consul/config"]
|
||||||
|
@ -2,16 +2,16 @@
|
|||||||
|
|
||||||
set -e
|
set -e
|
||||||
|
|
||||||
apk add zip
|
# apk add zip
|
||||||
|
|
||||||
|
update-ca-trust
|
||||||
|
|
||||||
# exec register-service
|
|
||||||
update-ca-certificates
|
|
||||||
echo -e "nameserver 127.0.0.1\n$(cat /etc/resolv.conf)" > /etc/resolv.conf
|
echo -e "nameserver 127.0.0.1\n$(cat /etc/resolv.conf)" > /etc/resolv.conf
|
||||||
|
|
||||||
# Install consul-template
|
# Install consul-template
|
||||||
cd ~/ && curl -O https://releases.hashicorp.com/consul-template/0.19.5/consul-template_0.19.5_linux_amd64.zip && \
|
# cd ~/ && curl -O https://releases.hashicorp.com/consul-template/0.19.5/consul-template_0.19.5_linux_amd64.zip && \
|
||||||
unzip consul-template_0.19.5_linux_amd64.zip && \
|
# unzip consul-template_0.19.5_linux_amd64.zip && \
|
||||||
rm consul-template_0.19.5_linux_amd64.zip && cd -
|
# rm consul-template_0.19.5_linux_amd64.zip && cd -
|
||||||
|
|
||||||
# Install glibc
|
# Install glibc
|
||||||
# apk add gcompat
|
# apk add gcompat
|
||||||
@ -21,4 +21,14 @@ rm consul-template_0.19.5_linux_amd64.zip && cd -
|
|||||||
# func-e use $ENVOY_VERSION_STRING
|
# func-e use $ENVOY_VERSION_STRING
|
||||||
# cp ~/.func-e/versions/$ENVOY_VERSION_STRING/bin/envoy /usr/local/bin/
|
# cp ~/.func-e/versions/$ENVOY_VERSION_STRING/bin/envoy /usr/local/bin/
|
||||||
|
|
||||||
|
if [ $APP_NAME == "api-gateway" ]
|
||||||
|
then
|
||||||
|
# register-service
|
||||||
|
|
||||||
|
IP=$(hostname -i) COMMAND="consul connect envoy -gateway api -register -service gateway -address ${IP}:8443 -admin-bind 0.0.0.0:19000 -bind-address gw-listener=0.0.0.0:8443 -ca-file /usr/share/pki/ca-trust-source/anchors/internalCA.crt -client-cert /etc/certs/catalog.crt -client-key /etc/certs/catalog.key -enable-config-gen-logging -- --log-level trace --log-path /var/log/api-gateway.log" ./spawn-process.sh 2>&1 &
|
||||||
|
COMMAND="consul connect envoy -sidecar-for catalog -admin-bind 0.0.0.0:20000 -enable-config-gen-logging -- --log-level trace --log-path /var/log/sidecar-catalog.log" ./spawn-process.sh 2>&1 &
|
||||||
|
COMMAND="consul connect envoy -sidecar-for basket -admin-bind 0.0.0.0:20001 -enable-config-gen-logging -- --log-level trace --log-path /var/log/sidecar-basket.log" ./spawn-process.sh 2>&1 &
|
||||||
|
fi
|
||||||
|
|
||||||
|
|
||||||
exec "$@"
|
exec "$@"
|
21
api-registry/etc/addons/api-gateway.hcl
Normal file
21
api-registry/etc/addons/api-gateway.hcl
Normal file
@ -0,0 +1,21 @@
|
|||||||
|
config_entries {
|
||||||
|
bootstrap = [
|
||||||
|
{
|
||||||
|
Kind = "api-gateway"
|
||||||
|
Name = "gw"
|
||||||
|
|
||||||
|
Listeners = [
|
||||||
|
{
|
||||||
|
Name = "gw"
|
||||||
|
Port = 443
|
||||||
|
Protocol = "http"
|
||||||
|
#Services = [
|
||||||
|
# {
|
||||||
|
# Name = "catalog"
|
||||||
|
# }
|
||||||
|
#]
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
13
api-registry/etc/addons/pricing-intentions.hcl
Normal file
13
api-registry/etc/addons/pricing-intentions.hcl
Normal file
@ -0,0 +1,13 @@
|
|||||||
|
#Kind = "service-intentions"
|
||||||
|
#Name = "pricing"
|
||||||
|
|
||||||
|
#Sources = [
|
||||||
|
#{
|
||||||
|
# Name = "basket"
|
||||||
|
# Action = "deny"
|
||||||
|
#}
|
||||||
|
#{
|
||||||
|
# Name = "api"
|
||||||
|
# Action = "allow"
|
||||||
|
#}
|
||||||
|
#]
|
6
api-registry/etc/addons/proxy-defaults.hcl
Normal file
6
api-registry/etc/addons/proxy-defaults.hcl
Normal file
@ -0,0 +1,6 @@
|
|||||||
|
Kind = "proxy-defaults"
|
||||||
|
Name = "global"
|
||||||
|
|
||||||
|
Config {
|
||||||
|
Protocol = "http"
|
||||||
|
}
|
87
api-registry/etc/addons/routes.hcl
Normal file
87
api-registry/etc/addons/routes.hcl
Normal file
@ -0,0 +1,87 @@
|
|||||||
|
config_entries {
|
||||||
|
bootstrap = [
|
||||||
|
{
|
||||||
|
Kind = "http-route"
|
||||||
|
Name = "catalog-routes"
|
||||||
|
|
||||||
|
Meta = {
|
||||||
|
"name" = "catalog-routes"
|
||||||
|
}
|
||||||
|
#Hostnames = ["<hostnames for which this HTTPRoute should respond to requests>"]
|
||||||
|
|
||||||
|
Parents = [
|
||||||
|
{
|
||||||
|
Kind = "api-gateway"
|
||||||
|
Name = "gw"
|
||||||
|
#SectionName = "<optional name of a specific listener on the api-gateway to bind to>"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
|
||||||
|
Rules = [
|
||||||
|
{
|
||||||
|
Filters = {
|
||||||
|
URLRewrite = {
|
||||||
|
Path = "/catalog"
|
||||||
|
}
|
||||||
|
#JWT = {
|
||||||
|
# Providers = [
|
||||||
|
# Name = "<name of the provider>"
|
||||||
|
# VerifyClaim = {
|
||||||
|
# Path = ["<path to claim>"]
|
||||||
|
# Value = "<value of claim>"
|
||||||
|
# }
|
||||||
|
# ]
|
||||||
|
#}
|
||||||
|
}
|
||||||
|
#Matches = [
|
||||||
|
#{
|
||||||
|
# Headers = [
|
||||||
|
# {
|
||||||
|
# Match = "<type of match: exact, prefix or regex>"
|
||||||
|
# Name = "<name of header to match on>"
|
||||||
|
# Value = "<value of header to match on>"
|
||||||
|
# }
|
||||||
|
# ]
|
||||||
|
# Method = "<method type to match on>"
|
||||||
|
# Path = {
|
||||||
|
# Match = "<type of match: exact, prefix or regex>"
|
||||||
|
# Value = "<value to match on>"
|
||||||
|
# }
|
||||||
|
# Query = [
|
||||||
|
# {
|
||||||
|
# Match = "<type of match: exact, present or regex>"
|
||||||
|
# Name = "<name of query parameter to match on>"
|
||||||
|
# Value = "<value of query parameter to match on>"
|
||||||
|
# }
|
||||||
|
# ]
|
||||||
|
#}
|
||||||
|
#]
|
||||||
|
Services = [
|
||||||
|
{
|
||||||
|
Name = "catalog"
|
||||||
|
Weight = 90
|
||||||
|
Filters = {
|
||||||
|
# Headers = [
|
||||||
|
# {
|
||||||
|
# Add = {
|
||||||
|
# "<name of header to add>" = "<value of header to add>"
|
||||||
|
# }
|
||||||
|
# Remove = [
|
||||||
|
# "<name of header to remove from request>"
|
||||||
|
# ]
|
||||||
|
# Set = {
|
||||||
|
# "<name of header to set>" = "<value of header to set>"
|
||||||
|
# }
|
||||||
|
# }
|
||||||
|
# ]
|
||||||
|
URLRewrite = {
|
||||||
|
Path = "/"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
20
api-registry/etc/addons/service-catalog.hcl
Normal file
20
api-registry/etc/addons/service-catalog.hcl
Normal file
@ -0,0 +1,20 @@
|
|||||||
|
services = [
|
||||||
|
{
|
||||||
|
name = "catalog"
|
||||||
|
port = 443
|
||||||
|
}
|
||||||
|
checks = {
|
||||||
|
Interval = "10s"
|
||||||
|
Name = "Connect Sidecar Listening"
|
||||||
|
TCP = "127.0.0.1:20000"
|
||||||
|
}
|
||||||
|
kind = "connect-proxy"
|
||||||
|
name = "web-sidecar-proxy"
|
||||||
|
port = 20000
|
||||||
|
proxy = {
|
||||||
|
destination_service_id = "catalog"
|
||||||
|
destination_service_name = "catalog"
|
||||||
|
local_service_address = "127.0.0.1"
|
||||||
|
local_service_port = 443
|
||||||
|
}
|
||||||
|
]
|
4
api-registry/etc/addons/service-defaults.hcl
Normal file
4
api-registry/etc/addons/service-defaults.hcl
Normal file
@ -0,0 +1,4 @@
|
|||||||
|
Kind = "service-defaults"
|
||||||
|
Name = "service-globals"
|
||||||
|
|
||||||
|
Protocol = "http"
|
88
api-registry/etc/addons/service-router.hcl
Normal file
88
api-registry/etc/addons/service-router.hcl
Normal file
@ -0,0 +1,88 @@
|
|||||||
|
Kind = "service-router"
|
||||||
|
Name = "service-router"
|
||||||
|
|
||||||
|
Routes = [
|
||||||
|
{
|
||||||
|
Match {
|
||||||
|
HTTP {
|
||||||
|
PathPrefix = "/identity"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
Destination {
|
||||||
|
Service = "identity"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
Match {
|
||||||
|
HTTP {
|
||||||
|
PathPrefix = "/basket"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
Destination {
|
||||||
|
Service = "basket"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
Match {
|
||||||
|
HTTP {
|
||||||
|
PathPrefix = "/catalog"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
Destination {
|
||||||
|
Service = "catalog"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
Match {
|
||||||
|
HTTP {
|
||||||
|
PathPrefix = "/order"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
Destination {
|
||||||
|
Service = "order"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
Match {
|
||||||
|
HTTP {
|
||||||
|
PathPrefix = "/pricing"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
Destination {
|
||||||
|
Service = "pricing"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
Match {
|
||||||
|
HTTP {
|
||||||
|
PathPrefix = "/service"
|
||||||
|
}
|
||||||
|
#HTTP {
|
||||||
|
# Methods = ["GET", "POST", "PUT"]
|
||||||
|
#},
|
||||||
|
},
|
||||||
|
Destination {
|
||||||
|
Service = "service"
|
||||||
|
#ServiceSubset = "<service-subset-at-destination>"
|
||||||
|
#Namespace = "<namespace-at-destination>"
|
||||||
|
#Partition = "<partition-at-destination>"
|
||||||
|
#PrefixRewrite = "<new-prefix-after-routing>" ## required specifying either Routes.Match.HTTP.PathPrefix or Routes.Match.HTTP.PathExact
|
||||||
|
#RequestTimeout = 0
|
||||||
|
#IdleTimeout = 0
|
||||||
|
#NumRetries = 1
|
||||||
|
#RetryOnConnectFailure = false
|
||||||
|
#RetryOn = ["reset", "unavailable"]
|
||||||
|
#RetryOnStatusCodes = [500, 502, 503]
|
||||||
|
#RequestHeaders = {
|
||||||
|
#Set = {
|
||||||
|
# "X-Web-Version" : "<text-string>"
|
||||||
|
#}
|
||||||
|
#}
|
||||||
|
}
|
||||||
|
#ResponseHeaders = {
|
||||||
|
#Set = {
|
||||||
|
# "X-Web-Version" : "<text-string>"
|
||||||
|
#}
|
||||||
|
#}
|
||||||
|
}
|
||||||
|
]
|
18
api-registry/etc/consul/defaults.hcl
Normal file
18
api-registry/etc/consul/defaults.hcl
Normal file
@ -0,0 +1,18 @@
|
|||||||
|
config_entries {
|
||||||
|
bootstrap = [
|
||||||
|
{
|
||||||
|
Kind = "proxy-defaults"
|
||||||
|
Name = "defaults"
|
||||||
|
|
||||||
|
Config {
|
||||||
|
Protocol = "http"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
Kind = "service-defaults"
|
||||||
|
Name = "defaults"
|
||||||
|
|
||||||
|
Protocol = "http"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
70
api-registry/etc/consul/gateway.hcl
Normal file
70
api-registry/etc/consul/gateway.hcl
Normal file
@ -0,0 +1,70 @@
|
|||||||
|
# Datacenter configuration
|
||||||
|
datacenter = "dc"
|
||||||
|
domain = "ego.io"
|
||||||
|
|
||||||
|
data_dir = "/consul/data"
|
||||||
|
log_level = "DEBUG"
|
||||||
|
enable_local_script_checks = true
|
||||||
|
|
||||||
|
server = false
|
||||||
|
|
||||||
|
ui_config {
|
||||||
|
enabled = true
|
||||||
|
content_path = "/registry"
|
||||||
|
}
|
||||||
|
|
||||||
|
bind_addr = "{{ GetPrivateInterfaces | include \"network\" \"10.0.2.0/24\" | attr \"address\" }}"
|
||||||
|
client_addr = "0.0.0.0"
|
||||||
|
|
||||||
|
ports {
|
||||||
|
dns = -1
|
||||||
|
https = 8501
|
||||||
|
http = -1
|
||||||
|
grpc_tls = 8503
|
||||||
|
}
|
||||||
|
|
||||||
|
dns_config {
|
||||||
|
service_ttl {
|
||||||
|
"*" = "20s"
|
||||||
|
}
|
||||||
|
node_ttl = "0s"
|
||||||
|
}
|
||||||
|
|
||||||
|
# Connect settings
|
||||||
|
connect {
|
||||||
|
enabled = true
|
||||||
|
}
|
||||||
|
|
||||||
|
# TLS Encryption configuration
|
||||||
|
tls {
|
||||||
|
defaults {
|
||||||
|
ca_file = "/usr/share/pki/ca-trust-source/anchors/internalCA.crt"
|
||||||
|
cert_file = "/etc/certs/gateway.crt"
|
||||||
|
key_file = "/etc/certs/gateway.key"
|
||||||
|
|
||||||
|
#verify_server_hostname = true
|
||||||
|
#verify_incoming = true
|
||||||
|
#verify_outgoing = true
|
||||||
|
verify_incoming = false
|
||||||
|
verify_outgoing = false
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
#auto_encrypt {
|
||||||
|
# allow_tls = true
|
||||||
|
#}
|
||||||
|
|
||||||
|
# ACL configuration
|
||||||
|
# After startup, bootstrap the ACL system with `consul acl bootstrap` command
|
||||||
|
acl = {
|
||||||
|
enabled = true
|
||||||
|
default_policy = "deny"
|
||||||
|
enable_token_persistence = true
|
||||||
|
tokens {
|
||||||
|
default = "784746ec-0d5d-fb12-1a79-95f912dcaabd"
|
||||||
|
initial_management = "784746ec-0d5d-fb12-1a79-95f912dcaabd"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
# Gossip Encryption
|
||||||
|
encrypt = "tRgXSb6ClvzV1myhc75rWIdwx8tTmUI8UxySKecxiQA="
|
19
api-registry/etc/consul/server-ca.json
Normal file
19
api-registry/etc/consul/server-ca.json
Normal file
@ -0,0 +1,19 @@
|
|||||||
|
{
|
||||||
|
"Provider": "consul",
|
||||||
|
"Config": {
|
||||||
|
"LeafCertTTL": "72h",
|
||||||
|
"PrivateKey": "-----BEGIN PRIVATE KEY-----\nMIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQDHQTuRb+EPGlTX\naRNf8cFrjz5hZiXkHX4OxW1CHK/N4SJdRZLVQJ8DvC460GgsKawgRvrIAmkSsDjC\nUAU7erx4XM/q6bLAOQ3w85pJ4SclOg2EhnVWR3Dgej2l4MqwioIkTeMnAdYXJXJq\nQWYNH2UP6dJa5c5YUxXWh+RVy7i4y3II5Y7vbP7vey7A8MwuhLNC5oHygLjHhPtp\nvBO0PAZrG9QFbB3nL/V3gZAZIVXXBg9HivUD5EW664KHJXxstj+ryh8sLg+VL+nv\n+6A7CpjMYav0/7+Kje6ys1sI8ZYcydIpnN6bS39fyDPjpGJu+AE8o8S6CZ9NgbWt\nTTdGrTcXhqS0gJRihRlp7Ybt+ubHC8MJtozqJDma+TdNQEWqnb7Pu/0a9sETJxQa\nnutqUWucgl/8QTZA4krAfgtI8fD2HuiXtM8Jg1pE9fnQFOL4GyIqkl/lvQEFb2zE\nIt6KCwDlDGJfqKTKqSDX1GC+b/8Ge5cLoRWyOtGNtxh6vTA+NYQ2f317KhtpNptt\nkvFPXuM6mvhv+r1umylgbx5+ch0vV7maWdFvA8dYRw+UKkVDgZ5gJGpmOU0+1YuB\nt6Kjn4pb0xQ1e9EowQhZ4xjiISRLW+y5XziWVmwRE/JIRwW/g1yZUme9WhHiylju\nd+VIZ86B3U3Ch0JUPvITK7Q2buE9qwIDAQABAoICAFwSFX9nrhw3c5qx8AT2hgS4\nhP+mnr2grx4ONiVFcir069cjjezCVnf4XXhJ0skNXH7xrXH8QycijKelKDXKygno\nAR8wa6uM8Zc0SUf4JQl7oMFrDA8ZJdxkP9ZFYANhjS9PWjYtEAtT/2F/5LMNnbpT\ntiLQa5++jKm701OdtjaVs5TO1lRmDgsE5Z675e1c3iR8tPEkb72qAi5ifMxcrC6U\nBk2XHt4z9/4HvVkPYUXhg+/wErWApoPvzTm7pZnqQNOVqv/ULNkn8bY1lF2T0PUn\n8Lhd8NkKKpEidV9VmqKk01rtJKOnqCzPKsL2s5FJQfEOT5oTViwPUq7IrlEXOwvw\nJzsvd7fDP+OFAlbPUuecJ/F5kmIaroTUSqx/WWCy3hDoD+jgAGKtenlGyk8mJLY3\nS75dhH11ArMwnmkQA7vkp4K688yYaXu5LZU4AydRjM3p3bOTJSjSgNbenAYgJlRG\nCsVwL/u9mFA3DcEgrHup7T6F78eb5uUdr4UdlLFRQnxO5N6wizlplrC0b6kfF5xt\nLtOQDI5/P4oSW29UxJCnb3xnsu/ult/7x/DkmRrtyB6D3t31g12ZAJlsn58A0JLG\n+tBA2m7sOSFL5PYeJQq04d/jFs8e64k3mcyopbJtbAP8SkLFcBe3mbl455B9i9US\nwa5BFKTSuyxJUcm6d6BJAoIBAQDlujfzADHmrUCW6BgLyYK1dXFesATdDJ4GuUfQ\nSc5bMMLNRBTTKetgepbTiYLX0la9thwB90QsOqTiRrEudo1hNX3bpluglpUkA7IO\nUlEveufJqf9FWvsz6WxT6Qjx+J1q9Y+TaVD33J05WJPHC3FQVhgxkOk0KVX2cvmV\naSM+2a529UXrnO15/nNiqLGegjmm0yj9HmmfmLmbpuM7Cdomss8BEU7r/xg3k+xw\nyiFAOQRY5i21E7m3gWlYIayeaQd5Zw4i2ikxA0EjWtyfeaIHfPEFiIdESDDvYgqM\nnZXN2ZedmnWR+UWZ4Nk/YOBO8ljs+J3c4LRcNnN0HMpBrYaVAoIBAQDeCtxk14Mo\n8ilHsU7stRxgYjDvQDyJEPF13X9yp/3v31EXu4+CtUC7XzzkWXFS5j1KCUK6qUQQ\nTbuZLzzOzsStz9ku0IvD7M/2rDibbfj9jpkMFsH7pSk8EL42Hnj9RFSctSM9wVjU\nFh3AGeRsh05osfaP2eIGpPaHN0V7DBZj+yx+orjSGlevDYJMe1MXa1i2TjQJ7+HC\nGw8+4faqEg+pJp1vBdY2aUTzFotorn5MkA4ddDG3c2Aau3+j5JXI0w1/AJ9ZWQ/S\nXPv23a4anbY44amwgjaaJPTaW5K1UsH/2U5PYdFf8M4FFN74AfBm3fJkKm1Z/RQR\nkNk9Whu4u+M/AoIBAQCglOoVJ7a6C7NRiU19t89xbnXf/WR47B/ujUdAtsbTgaM5\n/vQbo3rQBwE1PzNCD9roY8ryKNjznc6yCT5DP0WWhODEUGZOO9Rmx1qInkv3x48M\nrZMt9OoRoIJDqWrCUcogASTqozyg9grFEkDCayI7SONCiowpFRfs3PPP2B12Co3k\nw5CroRdzJkWb2lXGejs4fPRy8vZcRFLCFgdStpFSab0/fszPNJLGDtXBBdn2XaTH\nS6b5o583QfPUUj2qwboix8He5ObURvUadKIxq8FyQIjuGECNn3TtcHf1URZtPUO5\nPEYg0sEvTjguEFbbeJZml2cqBbytlLZhnNpYzKZ9AoIBAAzfBk2WLJU4DGqKfa+9\nA+sWZg3IZHnxkH2rnFKyKEc6Y8IDbls+VIVIDQiTor0SeaUMCmE1pKtpRiGoGldG\npyIINWfAUQnHdXqwGwvvgQp5tKd9vjrvJQfFVLFgbNUJm/oFighvZ83Lhmf3WEVu\nRn5NKqTGFZMbButpqc5rMfUTv02L8zjCrCiKmO4EDBoEb/0JZXzZ+fU9ilGz2Y+c\nQmokweWIqhU3XvbUbLphuxKHGzpb3PHsbzq9ebWvb3tXuKWPDK2qOv+Pwk9aJFiI\noeKEOkjwE2g2EjeCLWvzYymImECDxBZSqC6lOhOYUS41WXKy/unDgOFPyzgCPC8m\nPRMCggEAYpVEGldItHA/UNq0/z5a4uqu70LB24lIdbwCOykqtwH2op0ZFZ80ZVv4\noBLlDlXzcuKPCXw4UfyGfx7P8ePw85+b7VC9Usp6vBRWTkat3r3XiLZ5b5+W/XPs\nj3oD7FhYxnmb0luQz//5XR/5yb3Tw7h6IZ7mGdVmi/JgkhWHyG/fxlYlAMPOInPe\nSf0POl+s6IRm4kp/FHw0c4ha5Il7iDA3sISDqXkmh3V2BWX2u3tgmaVU+h1CH6Ra\nGqjSz2Fw9FCzWQdItx8Avov0mFaGezslsF0cLZy38mxePimgA1QW2IRMU6TLVVij\nW8GDkpznvE6iIwlcMxTJvwk7JkkSAQ==\n-----END PRIVATE KEY-----\n",
|
||||||
|
"RootCert": "-----BEGIN CERTIFICATE-----\nMIIFoTCCA4mgAwIBAgIUWcgQmuod9ZoO/PdOvL485tiTV10wDQYJKoZIhvcNAQEL\nBQAwYDELMAkGA1UEBhMCUEwxDjAMBgNVBAgMBVNsYXNrMRAwDgYDVQQHDAdHbGl3\naWNlMRgwFgYDVQQKDA9FZ29tbWVyY2UuaW8gQ0ExFTATBgNVBAMMDGVnb21tZXJj\nZS5pbzAeFw0yNDA3MjAxMjUzNDVaFw0zNDA3MTgxMjUzNDVaMGAxCzAJBgNVBAYT\nAlBMMQ4wDAYDVQQIDAVTbGFzazEQMA4GA1UEBwwHR2xpd2ljZTEYMBYGA1UECgwP\nRWdvbW1lcmNlLmlvIENBMRUwEwYDVQQDDAxlZ29tbWVyY2UuaW8wggIiMA0GCSqG\nSIb3DQEBAQUAA4ICDwAwggIKAoICAQDHQTuRb+EPGlTXaRNf8cFrjz5hZiXkHX4O\nxW1CHK/N4SJdRZLVQJ8DvC460GgsKawgRvrIAmkSsDjCUAU7erx4XM/q6bLAOQ3w\n85pJ4SclOg2EhnVWR3Dgej2l4MqwioIkTeMnAdYXJXJqQWYNH2UP6dJa5c5YUxXW\nh+RVy7i4y3II5Y7vbP7vey7A8MwuhLNC5oHygLjHhPtpvBO0PAZrG9QFbB3nL/V3\ngZAZIVXXBg9HivUD5EW664KHJXxstj+ryh8sLg+VL+nv+6A7CpjMYav0/7+Kje6y\ns1sI8ZYcydIpnN6bS39fyDPjpGJu+AE8o8S6CZ9NgbWtTTdGrTcXhqS0gJRihRlp\n7Ybt+ubHC8MJtozqJDma+TdNQEWqnb7Pu/0a9sETJxQanutqUWucgl/8QTZA4krA\nfgtI8fD2HuiXtM8Jg1pE9fnQFOL4GyIqkl/lvQEFb2zEIt6KCwDlDGJfqKTKqSDX\n1GC+b/8Ge5cLoRWyOtGNtxh6vTA+NYQ2f317KhtpNpttkvFPXuM6mvhv+r1umylg\nbx5+ch0vV7maWdFvA8dYRw+UKkVDgZ5gJGpmOU0+1YuBt6Kjn4pb0xQ1e9EowQhZ\n4xjiISRLW+y5XziWVmwRE/JIRwW/g1yZUme9WhHiyljud+VIZ86B3U3Ch0JUPvIT\nK7Q2buE9qwIDAQABo1MwUTAdBgNVHQ4EFgQUCfODB1LPdNYVDc61nNZ9HrpFOAsw\nHwYDVR0jBBgwFoAUCfODB1LPdNYVDc61nNZ9HrpFOAswDwYDVR0TAQH/BAUwAwEB\n/zANBgkqhkiG9w0BAQsFAAOCAgEAtbv6F7EKV4SShPV54A62vY+t5W7USK1mRSuE\n+R/eO6LsNTkw7Xz4EyNb1KtZRlXjI0+B1vPc2t8qJIe6Kkx5+YPDM47HfipHZvsZ\nD3IWEHNiVo/xvEQnfFKu4kHMoi6glw/2/FeOYcklhzf2HGBqP8ZJZX9852vvD6ai\n7Q79DvvQAF95c6HVAbK+9hZ2KZbrUA/G8hFH8oC9/Au1bUEL9DMFj7IieKO10PNW\n8ZEaVWpg+cx3B913hfnmjRrchioGpsS9au3cZjKLbKa+zedOd2pK1TiVUAVgHUcr\nc893OpUg7nEONHrjzlroMmNHDaqA//Kg2lKMc2xHU06pEIIcCGGD4fAV2nXwn/9g\nl4XK5iBaQt5HIDNl7o+5AbxFQBptv91yLEzxtF3l51CUyh7/yOeJAoL9aKxlWAFh\nTO315Ouy2syTSBAs1Mj3U7KsvrWkRk5QJ3RaSEWf/l1LOgnthd4j6FEOVlB+Qe0U\nlvEIkHMftRKyp54hKABchJGjjsQmxY2Qyegw75mYdqaN0V1mz0dzAW8Bg/6U+i/L\n9bdsTC6WHiFV2InAogpXQRaDBvZXhGDujKR49+oBkLId/jmOpIU/crvdD767W7Fx\nqXz/PGpXoKtPK4tNVhjoBfYhKXTFI47AoplrqhkqbC/gfEEi0ny0DsTOx6r+aTRf\nFFw/JXM=\n-----END CERTIFICATE-----\n",
|
||||||
|
"IntermediateCertTTL": "8760h"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
{
|
||||||
|
"Provider": "vault",
|
||||||
|
"Config": {
|
||||||
|
"Address": "https://api-vault:8200",
|
||||||
|
"Token": "hvs.CAESICxuTO_JieCbpMoZ4_qOPIohxSKim_4V8t11JLg93RtKGh4KHGh2cy5VUUFqUm5CdTQ3V3hMQ3BHSDB4dThNZHE",
|
||||||
|
"RootPKIPath": "pki/",
|
||||||
|
"IntermediatePKIPath": "pki_int/"
|
||||||
|
}
|
||||||
|
}
|
@ -1,7 +1,6 @@
|
|||||||
# Datacenter configuration
|
# Datacenter configuration
|
||||||
datacenter = "ego"
|
datacenter = "dc"
|
||||||
domain = "ego.io"
|
domain = "ego.io"
|
||||||
node_name = "registry"
|
|
||||||
|
|
||||||
data_dir = "/consul/data"
|
data_dir = "/consul/data"
|
||||||
log_level = "DEBUG"
|
log_level = "DEBUG"
|
||||||
@ -11,62 +10,65 @@ enable_local_script_checks = true
|
|||||||
server = true
|
server = true
|
||||||
bootstrap = true
|
bootstrap = true
|
||||||
bootstrap_expect = 1
|
bootstrap_expect = 1
|
||||||
acl_master_token = "784746ec-0d5d-fb12-1a79-95f912dcaabd"
|
|
||||||
acl_token = "784746ec-0d5d-fb12-1a79-95f912dcaabd"
|
|
||||||
|
|
||||||
ui_config {
|
ui_config {
|
||||||
enabled = true
|
enabled = true
|
||||||
|
content_path = "/registry"
|
||||||
|
dashboard_url_templates {
|
||||||
|
service = "https://grafana.example.com/d/lDlaj-NGz/service-overview?orgId=1&var-service={{Service.Name}}&var-namespace={{Service.Namespace}}&var-partition={{Service.Partition}}&var-dc={{Datacenter}}"
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
bind_addr = "127.0.0.1"
|
bind_addr = "{{ GetPrivateInterfaces | include \"network\" \"10.0.2.0/24\" | attr \"address\" }}"
|
||||||
client_addr = "0.0.0.0"
|
client_addr = "0.0.0.0"
|
||||||
|
|
||||||
ports {
|
ports {
|
||||||
dns = 53
|
dns = 53
|
||||||
server = 8300
|
#server = 8300
|
||||||
|
http = -1
|
||||||
https = 8501
|
https = 8501
|
||||||
grpc_tls = 8503
|
grpc_tls = 8503
|
||||||
}
|
}
|
||||||
|
|
||||||
dns_config {
|
dns_config {
|
||||||
service_ttl {
|
service_ttl {
|
||||||
"*" = "10s"
|
"*" = "20s"
|
||||||
}
|
}
|
||||||
node_ttl = "0s"
|
node_ttl = "0s"
|
||||||
}
|
}
|
||||||
|
|
||||||
#enable_central_service_config = true
|
|
||||||
|
|
||||||
# Connect settings
|
# Connect settings
|
||||||
#connect {
|
connect {
|
||||||
#enabled = true
|
enabled = true
|
||||||
#ca_provider = "vault"
|
|
||||||
|
#ca_provider = "consul"
|
||||||
#ca_config {
|
#ca_config {
|
||||||
# address = "https://api-vault:8200"
|
# leaf_cert_ttl = "72h"
|
||||||
# token = "hvs.CAESIA9jPKArVgpCNzvze9ehIiX2gKMnVgu0rtSUw54Wj9HQGh4KHGh2cy5LdmJVRnYzVkQ1UXhDU2FKaEFQMW5UTm0"
|
# private_key = "-----BEGIN PRIVATE KEY-----\nMIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQDHQTuRb+EPGlTX\naRNf8cFrjz5hZiXkHX4OxW1CHK/N4SJdRZLVQJ8DvC460GgsKawgRvrIAmkSsDjC\nUAU7erx4XM/q6bLAOQ3w85pJ4SclOg2EhnVWR3Dgej2l4MqwioIkTeMnAdYXJXJq\nQWYNH2UP6dJa5c5YUxXWh+RVy7i4y3II5Y7vbP7vey7A8MwuhLNC5oHygLjHhPtp\nvBO0PAZrG9QFbB3nL/V3gZAZIVXXBg9HivUD5EW664KHJXxstj+ryh8sLg+VL+nv\n+6A7CpjMYav0/7+Kje6ys1sI8ZYcydIpnN6bS39fyDPjpGJu+AE8o8S6CZ9NgbWt\nTTdGrTcXhqS0gJRihRlp7Ybt+ubHC8MJtozqJDma+TdNQEWqnb7Pu/0a9sETJxQa\nnutqUWucgl/8QTZA4krAfgtI8fD2HuiXtM8Jg1pE9fnQFOL4GyIqkl/lvQEFb2zE\nIt6KCwDlDGJfqKTKqSDX1GC+b/8Ge5cLoRWyOtGNtxh6vTA+NYQ2f317KhtpNptt\nkvFPXuM6mvhv+r1umylgbx5+ch0vV7maWdFvA8dYRw+UKkVDgZ5gJGpmOU0+1YuB\nt6Kjn4pb0xQ1e9EowQhZ4xjiISRLW+y5XziWVmwRE/JIRwW/g1yZUme9WhHiylju\nd+VIZ86B3U3Ch0JUPvITK7Q2buE9qwIDAQABAoICAFwSFX9nrhw3c5qx8AT2hgS4\nhP+mnr2grx4ONiVFcir069cjjezCVnf4XXhJ0skNXH7xrXH8QycijKelKDXKygno\nAR8wa6uM8Zc0SUf4JQl7oMFrDA8ZJdxkP9ZFYANhjS9PWjYtEAtT/2F/5LMNnbpT\ntiLQa5++jKm701OdtjaVs5TO1lRmDgsE5Z675e1c3iR8tPEkb72qAi5ifMxcrC6U\nBk2XHt4z9/4HvVkPYUXhg+/wErWApoPvzTm7pZnqQNOVqv/ULNkn8bY1lF2T0PUn\n8Lhd8NkKKpEidV9VmqKk01rtJKOnqCzPKsL2s5FJQfEOT5oTViwPUq7IrlEXOwvw\nJzsvd7fDP+OFAlbPUuecJ/F5kmIaroTUSqx/WWCy3hDoD+jgAGKtenlGyk8mJLY3\nS75dhH11ArMwnmkQA7vkp4K688yYaXu5LZU4AydRjM3p3bOTJSjSgNbenAYgJlRG\nCsVwL/u9mFA3DcEgrHup7T6F78eb5uUdr4UdlLFRQnxO5N6wizlplrC0b6kfF5xt\nLtOQDI5/P4oSW29UxJCnb3xnsu/ult/7x/DkmRrtyB6D3t31g12ZAJlsn58A0JLG\n+tBA2m7sOSFL5PYeJQq04d/jFs8e64k3mcyopbJtbAP8SkLFcBe3mbl455B9i9US\nwa5BFKTSuyxJUcm6d6BJAoIBAQDlujfzADHmrUCW6BgLyYK1dXFesATdDJ4GuUfQ\nSc5bMMLNRBTTKetgepbTiYLX0la9thwB90QsOqTiRrEudo1hNX3bpluglpUkA7IO\nUlEveufJqf9FWvsz6WxT6Qjx+J1q9Y+TaVD33J05WJPHC3FQVhgxkOk0KVX2cvmV\naSM+2a529UXrnO15/nNiqLGegjmm0yj9HmmfmLmbpuM7Cdomss8BEU7r/xg3k+xw\nyiFAOQRY5i21E7m3gWlYIayeaQd5Zw4i2ikxA0EjWtyfeaIHfPEFiIdESDDvYgqM\nnZXN2ZedmnWR+UWZ4Nk/YOBO8ljs+J3c4LRcNnN0HMpBrYaVAoIBAQDeCtxk14Mo\n8ilHsU7stRxgYjDvQDyJEPF13X9yp/3v31EXu4+CtUC7XzzkWXFS5j1KCUK6qUQQ\nTbuZLzzOzsStz9ku0IvD7M/2rDibbfj9jpkMFsH7pSk8EL42Hnj9RFSctSM9wVjU\nFh3AGeRsh05osfaP2eIGpPaHN0V7DBZj+yx+orjSGlevDYJMe1MXa1i2TjQJ7+HC\nGw8+4faqEg+pJp1vBdY2aUTzFotorn5MkA4ddDG3c2Aau3+j5JXI0w1/AJ9ZWQ/S\nXPv23a4anbY44amwgjaaJPTaW5K1UsH/2U5PYdFf8M4FFN74AfBm3fJkKm1Z/RQR\nkNk9Whu4u+M/AoIBAQCglOoVJ7a6C7NRiU19t89xbnXf/WR47B/ujUdAtsbTgaM5\n/vQbo3rQBwE1PzNCD9roY8ryKNjznc6yCT5DP0WWhODEUGZOO9Rmx1qInkv3x48M\nrZMt9OoRoIJDqWrCUcogASTqozyg9grFEkDCayI7SONCiowpFRfs3PPP2B12Co3k\nw5CroRdzJkWb2lXGejs4fPRy8vZcRFLCFgdStpFSab0/fszPNJLGDtXBBdn2XaTH\nS6b5o583QfPUUj2qwboix8He5ObURvUadKIxq8FyQIjuGECNn3TtcHf1URZtPUO5\nPEYg0sEvTjguEFbbeJZml2cqBbytlLZhnNpYzKZ9AoIBAAzfBk2WLJU4DGqKfa+9\nA+sWZg3IZHnxkH2rnFKyKEc6Y8IDbls+VIVIDQiTor0SeaUMCmE1pKtpRiGoGldG\npyIINWfAUQnHdXqwGwvvgQp5tKd9vjrvJQfFVLFgbNUJm/oFighvZ83Lhmf3WEVu\nRn5NKqTGFZMbButpqc5rMfUTv02L8zjCrCiKmO4EDBoEb/0JZXzZ+fU9ilGz2Y+c\nQmokweWIqhU3XvbUbLphuxKHGzpb3PHsbzq9ebWvb3tXuKWPDK2qOv+Pwk9aJFiI\noeKEOkjwE2g2EjeCLWvzYymImECDxBZSqC6lOhOYUS41WXKy/unDgOFPyzgCPC8m\nPRMCggEAYpVEGldItHA/UNq0/z5a4uqu70LB24lIdbwCOykqtwH2op0ZFZ80ZVv4\noBLlDlXzcuKPCXw4UfyGfx7P8ePw85+b7VC9Usp6vBRWTkat3r3XiLZ5b5+W/XPs\nj3oD7FhYxnmb0luQz//5XR/5yb3Tw7h6IZ7mGdVmi/JgkhWHyG/fxlYlAMPOInPe\nSf0POl+s6IRm4kp/FHw0c4ha5Il7iDA3sISDqXkmh3V2BWX2u3tgmaVU+h1CH6Ra\nGqjSz2Fw9FCzWQdItx8Avov0mFaGezslsF0cLZy38mxePimgA1QW2IRMU6TLVVij\nW8GDkpznvE6iIwlcMxTJvwk7JkkSAQ==\n-----END PRIVATE KEY-----\n"
|
||||||
# root_pki_path = "pki/"
|
# root_cert = "-----BEGIN CERTIFICATE-----\nMIIFoTCCA4mgAwIBAgIUWcgQmuod9ZoO/PdOvL485tiTV10wDQYJKoZIhvcNAQEL\nBQAwYDELMAkGA1UEBhMCUEwxDjAMBgNVBAgMBVNsYXNrMRAwDgYDVQQHDAdHbGl3\naWNlMRgwFgYDVQQKDA9FZ29tbWVyY2UuaW8gQ0ExFTATBgNVBAMMDGVnb21tZXJj\nZS5pbzAeFw0yNDA3MjAxMjUzNDVaFw0zNDA3MTgxMjUzNDVaMGAxCzAJBgNVBAYT\nAlBMMQ4wDAYDVQQIDAVTbGFzazEQMA4GA1UEBwwHR2xpd2ljZTEYMBYGA1UECgwP\nRWdvbW1lcmNlLmlvIENBMRUwEwYDVQQDDAxlZ29tbWVyY2UuaW8wggIiMA0GCSqG\nSIb3DQEBAQUAA4ICDwAwggIKAoICAQDHQTuRb+EPGlTXaRNf8cFrjz5hZiXkHX4O\nxW1CHK/N4SJdRZLVQJ8DvC460GgsKawgRvrIAmkSsDjCUAU7erx4XM/q6bLAOQ3w\n85pJ4SclOg2EhnVWR3Dgej2l4MqwioIkTeMnAdYXJXJqQWYNH2UP6dJa5c5YUxXW\nh+RVy7i4y3II5Y7vbP7vey7A8MwuhLNC5oHygLjHhPtpvBO0PAZrG9QFbB3nL/V3\ngZAZIVXXBg9HivUD5EW664KHJXxstj+ryh8sLg+VL+nv+6A7CpjMYav0/7+Kje6y\ns1sI8ZYcydIpnN6bS39fyDPjpGJu+AE8o8S6CZ9NgbWtTTdGrTcXhqS0gJRihRlp\n7Ybt+ubHC8MJtozqJDma+TdNQEWqnb7Pu/0a9sETJxQanutqUWucgl/8QTZA4krA\nfgtI8fD2HuiXtM8Jg1pE9fnQFOL4GyIqkl/lvQEFb2zEIt6KCwDlDGJfqKTKqSDX\n1GC+b/8Ge5cLoRWyOtGNtxh6vTA+NYQ2f317KhtpNpttkvFPXuM6mvhv+r1umylg\nbx5+ch0vV7maWdFvA8dYRw+UKkVDgZ5gJGpmOU0+1YuBt6Kjn4pb0xQ1e9EowQhZ\n4xjiISRLW+y5XziWVmwRE/JIRwW/g1yZUme9WhHiyljud+VIZ86B3U3Ch0JUPvIT\nK7Q2buE9qwIDAQABo1MwUTAdBgNVHQ4EFgQUCfODB1LPdNYVDc61nNZ9HrpFOAsw\nHwYDVR0jBBgwFoAUCfODB1LPdNYVDc61nNZ9HrpFOAswDwYDVR0TAQH/BAUwAwEB\n/zANBgkqhkiG9w0BAQsFAAOCAgEAtbv6F7EKV4SShPV54A62vY+t5W7USK1mRSuE\n+R/eO6LsNTkw7Xz4EyNb1KtZRlXjI0+B1vPc2t8qJIe6Kkx5+YPDM47HfipHZvsZ\nD3IWEHNiVo/xvEQnfFKu4kHMoi6glw/2/FeOYcklhzf2HGBqP8ZJZX9852vvD6ai\n7Q79DvvQAF95c6HVAbK+9hZ2KZbrUA/G8hFH8oC9/Au1bUEL9DMFj7IieKO10PNW\n8ZEaVWpg+cx3B913hfnmjRrchioGpsS9au3cZjKLbKa+zedOd2pK1TiVUAVgHUcr\nc893OpUg7nEONHrjzlroMmNHDaqA//Kg2lKMc2xHU06pEIIcCGGD4fAV2nXwn/9g\nl4XK5iBaQt5HIDNl7o+5AbxFQBptv91yLEzxtF3l51CUyh7/yOeJAoL9aKxlWAFh\nTO315Ouy2syTSBAs1Mj3U7KsvrWkRk5QJ3RaSEWf/l1LOgnthd4j6FEOVlB+Qe0U\nlvEIkHMftRKyp54hKABchJGjjsQmxY2Qyegw75mYdqaN0V1mz0dzAW8Bg/6U+i/L\n9bdsTC6WHiFV2InAogpXQRaDBvZXhGDujKR49+oBkLId/jmOpIU/crvdD767W7Fx\nqXz/PGpXoKtPK4tNVhjoBfYhKXTFI47AoplrqhkqbC/gfEEi0ny0DsTOx6r+aTRf\nFFw/JXM=\n-----END CERTIFICATE-----\n"
|
||||||
# intermediate_pki_path = "pki_int/"
|
|
||||||
# ca_file = "/usr/local/share/ca-certificates/internalCA.crt"
|
|
||||||
#}
|
|
||||||
#}
|
#}
|
||||||
|
ca_provider = "vault"
|
||||||
|
ca_config {
|
||||||
|
address = "https://api-vault:8200"
|
||||||
|
token = "hvs.CAESICxuTO_JieCbpMoZ4_qOPIohxSKim_4V8t11JLg93RtKGh4KHGh2cy5VUUFqUm5CdTQ3V3hMQ3BHSDB4dThNZHE"
|
||||||
|
root_pki_path = "pki/"
|
||||||
|
intermediate_pki_path = "pki_int/"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
# TLS Encryption configuration
|
# TLS Encryption configuration
|
||||||
tls {
|
tls {
|
||||||
defaults {
|
defaults {
|
||||||
ca_file = "/usr/local/share/ca-certificates/internalCA.crt"
|
ca_file = "/usr/share/pki/ca-trust-source/anchors/internalCA.crt"
|
||||||
cert_file = "/etc/certs/registry.crt"
|
cert_file = "/etc/certs/registry.crt"
|
||||||
key_file = "/etc/certs/registry.key"
|
key_file = "/etc/certs/registry.key"
|
||||||
|
|
||||||
verify_incoming = false
|
|
||||||
verify_outgoing = false
|
|
||||||
#verify_incoming = true
|
|
||||||
#verify_outgoing = true
|
|
||||||
}
|
|
||||||
internal_rpc {
|
|
||||||
verify_server_hostname = false
|
|
||||||
verify_incoming = false
|
|
||||||
#verify_server_hostname = true
|
#verify_server_hostname = true
|
||||||
#verify_incoming = true
|
#verify_incoming = true
|
||||||
|
#verify_outgoing = true
|
||||||
|
verify_server_hostname = false
|
||||||
|
verify_incoming = false
|
||||||
|
verify_outgoing = false
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -78,53 +80,228 @@ auto_encrypt {
|
|||||||
# After startup, bootstrap the ACL system with `consul acl bootstrap` command
|
# After startup, bootstrap the ACL system with `consul acl bootstrap` command
|
||||||
acl = {
|
acl = {
|
||||||
enabled = true
|
enabled = true
|
||||||
default_policy = "allow"
|
default_policy = "deny"
|
||||||
enable_token_persistence = true
|
enable_token_persistence = true
|
||||||
|
tokens {
|
||||||
|
default = "784746ec-0d5d-fb12-1a79-95f912dcaabd"
|
||||||
|
initial_management = "784746ec-0d5d-fb12-1a79-95f912dcaabd"
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
# Gossip Encryption
|
# Gossip Encryption
|
||||||
#encrypt = "tRgXSb6ClvzV1myhc75rWIdwx8tTmUI8UxySKecxiQA="
|
encrypt = "tRgXSb6ClvzV1myhc75rWIdwx8tTmUI8UxySKecxiQA="
|
||||||
|
|
||||||
# If running Consul 1.8.x or below, enable central service configuration
|
# ADDITIONAL CONFIGS
|
||||||
#enable_central_service_config = true
|
config_entries {
|
||||||
|
bootstrap = [
|
||||||
recursors = ["127.0.0.11", "8.8.8.8", "8.8.4.4"]
|
{
|
||||||
|
Kind = "proxy-defaults"
|
||||||
#config_entries {
|
Name = "global"
|
||||||
#bootstrap = [
|
Config {
|
||||||
|
Protocol = "http"
|
||||||
|
}
|
||||||
|
AccessLogs {
|
||||||
|
Enabled = true
|
||||||
|
},
|
||||||
|
MeshGateway {
|
||||||
|
Mode = "local"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
Kind = "service-defaults"
|
||||||
|
Name = "global"
|
||||||
|
Protocol = "http"
|
||||||
|
MeshGateway {
|
||||||
|
Mode = "local"
|
||||||
|
}
|
||||||
|
},
|
||||||
#{
|
#{
|
||||||
# Kind = "api-gateway"
|
# Kind = "mesh"
|
||||||
# Name = "gw"
|
# Peering {
|
||||||
|
# PeerThroughMeshGateways = true
|
||||||
# Listeners = [
|
|
||||||
# {
|
|
||||||
# Name = "http"
|
|
||||||
# Port = 443
|
|
||||||
# Protocol = "http"
|
|
||||||
# }
|
# }
|
||||||
# ]
|
|
||||||
#}
|
|
||||||
#{
|
|
||||||
# Kind = "service-defaults"
|
|
||||||
# Name = "defaults"
|
|
||||||
# Protocol = "http"
|
|
||||||
#},
|
#},
|
||||||
|
{
|
||||||
|
Kind = "file-system-certificate"
|
||||||
|
Name = "gateway-certificate"
|
||||||
|
Certificate = "/etc/certs/gateway.crt"
|
||||||
|
PrivateKey = "/etc/certs/gateway.key"
|
||||||
|
},
|
||||||
#{
|
#{
|
||||||
# Kind = "service-router"
|
# Kind = "file-system-certificate"
|
||||||
# Name = "service-router"
|
# Name = "catalog-certificate"
|
||||||
# #Hostnames = ["catalog", "catalog-svc", "catalog.service.ego.io"]
|
# Certificate = "/etc/certs/catalog.crt"
|
||||||
# Routes = [
|
# PrivateKey = "/etc/certs/catalog.key"
|
||||||
# {
|
#},
|
||||||
# Match = {
|
{
|
||||||
# HTTP {
|
Kind = "api-gateway"
|
||||||
# PathPrefix = "/catalog"
|
Name = "gateway"
|
||||||
|
Listeners = [
|
||||||
|
{
|
||||||
|
Name = "gw-listener"
|
||||||
|
Port = 8443
|
||||||
|
Protocol = "http"
|
||||||
|
TLS = {
|
||||||
|
Certificates = [
|
||||||
|
{
|
||||||
|
Kind = "file-system-certificate"
|
||||||
|
Name = "gateway-certificate"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
Kind = "http-route"
|
||||||
|
Name = "basket-routes"
|
||||||
|
Hostnames = ["basket.service.ego.io"]
|
||||||
|
Parents = [
|
||||||
|
{
|
||||||
|
Kind = "api-gateway"
|
||||||
|
Name = "gateway"
|
||||||
|
SectionName = "gw-listener"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
Rules = [
|
||||||
|
{
|
||||||
|
Matches = [
|
||||||
|
{
|
||||||
|
Path = {
|
||||||
|
Match = "prefix"
|
||||||
|
Value = "/basket"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
]
|
||||||
|
#Filters = {
|
||||||
|
# URLRewrite = {
|
||||||
|
# Path = "/basket"
|
||||||
# }
|
# }
|
||||||
#}
|
#}
|
||||||
# Destination {
|
Services = [
|
||||||
# Service = "catalog"
|
{
|
||||||
|
Name = "basket"
|
||||||
|
Weight = 90
|
||||||
|
#Filters = {
|
||||||
|
# URLRewrite = {
|
||||||
|
# Path = "/"
|
||||||
# }
|
# }
|
||||||
#}
|
#}
|
||||||
# ]
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
Kind = "http-route"
|
||||||
|
Name = "catalog-routes"
|
||||||
|
Hostnames = ["catalog.service.ego.io"]
|
||||||
|
Parents = [
|
||||||
|
{
|
||||||
|
Kind = "api-gateway"
|
||||||
|
Name = "gateway"
|
||||||
|
SectionName = "gw-listener"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
Rules = [
|
||||||
|
{
|
||||||
|
Matches = [
|
||||||
|
{
|
||||||
|
Path = {
|
||||||
|
Match = "prefix"
|
||||||
|
Value = "/catalog"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
]
|
||||||
|
#Filters = {
|
||||||
|
# URLRewrite = {
|
||||||
|
# Path = "/catalog"
|
||||||
# }
|
# }
|
||||||
#]
|
|
||||||
#}
|
#}
|
||||||
|
Services = [
|
||||||
|
{
|
||||||
|
Name = "catalog"
|
||||||
|
Weight = 90
|
||||||
|
#Filters = {
|
||||||
|
# URLRewrite = {
|
||||||
|
# Path = "/"
|
||||||
|
# }
|
||||||
|
#}
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
Kind = "service-router"
|
||||||
|
Name = "gateway"
|
||||||
|
Routes = [
|
||||||
|
{
|
||||||
|
Match {
|
||||||
|
HTTP {
|
||||||
|
PathPrefix = "/identity"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
Destination {
|
||||||
|
Service = "identity"
|
||||||
|
RetryOnConnectFailure = true
|
||||||
|
RequestTimeout = "120s"
|
||||||
|
PrefixRewrite = "/"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
Match {
|
||||||
|
HTTP {
|
||||||
|
PathPrefix = "/basket"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
Destination {
|
||||||
|
Service = "basket"
|
||||||
|
RetryOnConnectFailure = true
|
||||||
|
RequestTimeout = "120s"
|
||||||
|
PrefixRewrite = "/"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
Match {
|
||||||
|
HTTP {
|
||||||
|
PathPrefix = "/catalog"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
Destination {
|
||||||
|
Service = "catalog"
|
||||||
|
RetryOnConnectFailure = true
|
||||||
|
RequestTimeout = "120s"
|
||||||
|
PrefixRewrite = "/"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
Match {
|
||||||
|
HTTP {
|
||||||
|
PathPrefix = "/order"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
Destination {
|
||||||
|
Service = "order"
|
||||||
|
RetryOnConnectFailure = true
|
||||||
|
RequestTimeout = "120s"
|
||||||
|
PrefixRewrite = "/"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
Match {
|
||||||
|
HTTP {
|
||||||
|
PathPrefix = "/pricing"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
Destination {
|
||||||
|
Service = "pricing"
|
||||||
|
RetryOnConnectFailure = true
|
||||||
|
RequestTimeout = "120s"
|
||||||
|
PrefixRewrite = "/"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
@ -1,3 +1,3 @@
|
|||||||
{{ with secret "pki_int/issue/ego-io" "common_name=server.me.registry" "ttl=72h"}}
|
{{ with secret "pki_int/issue/ego.io" "common_name=ego.io" "ttl=72h"}}
|
||||||
{{ .Data.issuing_ca }}
|
{{ .Data.issuing_ca }}
|
||||||
{{ end }}
|
{{ end }}
|
||||||
|
@ -1,3 +1,3 @@
|
|||||||
{{ with secret "pki_int/issue/ego-io" "common_name=catalog.service.ego.io" "ttl=72h" "alt_names=catalog.service.ego.io" "ip_sans=127.0.0.1"}}
|
{{ with secret "pki_int/issue/ego.io" "common_name=catalog.service.ego.io" "ttl=72h" "alt_names=catalog.service.ego.io" "ip_sans=127.0.0.1"}}
|
||||||
{{ .Data.certificate }}
|
{{ .Data.certificate }}
|
||||||
{{ end }}
|
{{ end }}
|
@ -1,3 +1,3 @@
|
|||||||
{{ with secret "pki_int/issue/ego-io" "common_name=catalog.service.ego.io" "ttl=72h" "alt_names=catalog.service.ego.io" "ip_sans=127.0.0.1"}}
|
{{ with secret "pki_int/issue/ego.io" "common_name=catalog.service.ego.io" "ttl=72h" "alt_names=catalog.service.ego.io" "ip_sans=127.0.0.1"}}
|
||||||
{{ .Data.private_key }}
|
{{ .Data.private_key }}
|
||||||
{{ end }}
|
{{ end }}
|
||||||
|
8
api-registry/spawn-process.sh
Executable file
8
api-registry/spawn-process.sh
Executable file
@ -0,0 +1,8 @@
|
|||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
sleep 10
|
||||||
|
|
||||||
|
until ${COMMAND}; do
|
||||||
|
echo "Envoy crashed with exit code $?. Respawning.." >&2
|
||||||
|
sleep 1
|
||||||
|
done
|
18
api-registry/start-envoy.sh
Normal file
18
api-registry/start-envoy.sh
Normal file
@ -0,0 +1,18 @@
|
|||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
# consul connect envoy -gateway api -register \
|
||||||
|
# -service gw-mesh -token=${CONSUL_HTTP_TOKEN} \
|
||||||
|
# -address "{{ GetPrivateInterfaces | include \"network\" \"10.0.2.0/24\" | attr \"address\" }}:8443" \
|
||||||
|
# -wan-address "{{ GetPrivateInterfaces | include \"network\" \"10.0.2.0/24\" | attr \"address\" }}:8443" \
|
||||||
|
# -bind-address gw-listener=0.0.0.0:8443 \
|
||||||
|
# -enable-config-gen-logging
|
||||||
|
|
||||||
|
consul connect envoy -gateway api -register -service gateway -admin-bind 0.0.0.0:19000 -bind-address gw-listener=0.0.0.0:8443 -token=${CONSUL_HTTP_TOKEN} -enable-config-gen-logging -- --log-level trace --log-file /var/log/api-gateway.log 2>&1 &
|
||||||
|
# -address "{{ GetPrivateInterfaces | include \"network\" \"10.0.2.0/24\" | attr \"address\" }}:8443"
|
||||||
|
# -bind-address gw-listener=0.0.0.0:80
|
||||||
|
|
||||||
|
# catalog sidecar
|
||||||
|
consul connect envoy -sidecar-for catalog -admin-bind 0.0.0.0:20000 -token=${CONSUL_HTTP_TOKEN} -enable-config-gen-logging -- --log-level trace --log-file /var/log/sidecar-catalog.log 2>&1 &
|
||||||
|
|
||||||
|
#basket sidecar
|
||||||
|
consul connect envoy -sidecar-for basket -admin-bind 0.0.0.0:20001 -token=${CONSUL_HTTP_TOKEN} -enable-config-gen-logging -- --log-level trace --log-file /var/log/sidecar-basket.log 2>&1 &
|
@ -1,7 +1,7 @@
|
|||||||
#!/bin/sh
|
#!/bin/sh
|
||||||
# RUN IN REPO ROOT DIR !!
|
# RUN IN REPO ROOT DIR !!
|
||||||
|
|
||||||
export IMAGE_NAME="git.pbiernat.dev/egommerce/api-registry"
|
export IMAGE_NAME="git.pbiernat.io/egommerce/api-registry"
|
||||||
|
|
||||||
TARGET=${1:-latest}
|
TARGET=${1:-latest}
|
||||||
|
|
||||||
|
@ -1,9 +1,12 @@
|
|||||||
#!/bin/sh
|
#!/bin/sh
|
||||||
# RUN IN REPO ROOT DIR !!
|
# RUN IN REPO ROOT DIR !!
|
||||||
|
|
||||||
export IMAGE_NAME="git.pbiernat.dev/egommerce/api-registry"
|
export IMAGE_NAME="git.pbiernat.io/egommerce/api-registry"
|
||||||
|
|
||||||
TARGET=${1:-latest}
|
TARGET=${1:-latest}
|
||||||
|
|
||||||
echo $DOCKER_PASSWORD | docker login git.pbiernat.dev -u $DOCKER_USERNAME --password-stdin
|
echo $DOCKER_PASSWORD | docker login git.pbiernat.io -u $DOCKER_USERNAME --password-stdin
|
||||||
docker push "$IMAGE_NAME:$TARGET"
|
docker push "$IMAGE_NAME:$TARGET"
|
||||||
|
|
||||||
|
# Restart container
|
||||||
|
curl -X POST http://127.0.0.1:9001/api/webhooks/603d2077-4018-4983-bbff-875154ec9e83
|
||||||
|
15
example.hcl
Normal file
15
example.hcl
Normal file
@ -0,0 +1,15 @@
|
|||||||
|
service {
|
||||||
|
id = "registry"
|
||||||
|
name = "registry"
|
||||||
|
tags = ["api-registry", "registry", "https", "grpc", "tcp", "consul", "catalog"]
|
||||||
|
address = ""
|
||||||
|
port = 8500
|
||||||
|
check {
|
||||||
|
id = "registry"
|
||||||
|
name = "Registry Service"
|
||||||
|
tcp ="localhost:53"
|
||||||
|
interval = "10s"
|
||||||
|
timeout = "1s"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
7
secrets
Normal file
7
secrets
Normal file
@ -0,0 +1,7 @@
|
|||||||
|
AccessorID: d0dfcac2-5459-f7d8-c42f-2ee906a34279
|
||||||
|
SecretID: 784746ec-0d5d-fb12-1a79-95f912dcaabd
|
||||||
|
Description: Bootstrap Token (Global Management)
|
||||||
|
Local: false
|
||||||
|
Create Time: 2023-07-29 22:37:20.267488642 +0000 UTC
|
||||||
|
Policies:
|
||||||
|
00000000-0000-0000-0000-000000000001 - global-management
|
19
var/certs/VaultCA.pem
Normal file
19
var/certs/VaultCA.pem
Normal file
@ -0,0 +1,19 @@
|
|||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
MIIDJjCCAg6gAwIBAgIUIG28xUQKS1B35XXFoBsEWgRO2QYwDQYJKoZIhvcNAQEL
|
||||||
|
BQAwETEPMA0GA1UEAxMGZWdvLmlvMB4XDTIzMDcwNjE5MjkxM1oXDTMzMDcwMzE5
|
||||||
|
Mjk0M1owETEPMA0GA1UEAxMGZWdvLmlvMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
|
||||||
|
MIIBCgKCAQEAl5hxyVJz9cF1kU0foFVyJZ/C0ZbiQm0hVn3sHqyqKIdujkIywoCQ
|
||||||
|
pzCISMhvrDkuJUoD8zmum2UQyHnIrIFEuEKkqpvr3ICEuiXVV0aCl8cuPcqT2nH3
|
||||||
|
T96fHFUf5cWncoaWIsBuSpATWHurAQvrl24m6vbqvJo5160AELXuNqGstvBuElqw
|
||||||
|
rMlVmQDvY0LFUpG8M9UdUIZBhEVMxTm3tKLk3N3DwMWFKYhyscwgSKKJ7znkFI4E
|
||||||
|
jE5nkgSDX1kpHvNna0zx4vAvMAkUpLZkZyyFAyZnCoLH5rfmWS2ZFMHHzeUnPXfH
|
||||||
|
MpnjXCWLrRkahMIEwMFH+U9miy+u/MckdwIDAQABo3YwdDAOBgNVHQ8BAf8EBAMC
|
||||||
|
AQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQULjtN11JiV+C3FsbBpG5AQATh
|
||||||
|
LQ0wHwYDVR0jBBgwFoAULjtN11JiV+C3FsbBpG5AQAThLQ0wEQYDVR0RBAowCIIG
|
||||||
|
ZWdvLmlvMA0GCSqGSIb3DQEBCwUAA4IBAQB2UXObm3XaDVv8EuLH49qpsIn24lm3
|
||||||
|
es3xKO/+Rrx9x8Y7BBpwmiFhkZjQEOM66vhoIzQbe0gPWO5wvTrWYbqyGubuPb2A
|
||||||
|
bAlf4JUiozcKaN/zZDWK2d7lj2tVh390Jp0Lf67D1g+kX4M6ByfZ2GVT7ghZMBsp
|
||||||
|
P0IeNiao8fZKpaZjmF/UTe2wDxyVB0+pY9XrhqVa8I79thd2dk8eiqqSDKR4fY3Y
|
||||||
|
Oo+/2c2++haMuQ/N5XvRqOmSgkP1gioopPhqTBvXd8lh1ZBX1ij6ccS503Neft9f
|
||||||
|
3UyycHDYH8SUYtcsDe8I+Yh7NfQj6ur5MEPUAPzoBgbVDa4hN97Ql8FV
|
||||||
|
-----END CERTIFICATE-----
|
21
var/certs/catalog-svc.cert.pem
Normal file
21
var/certs/catalog-svc.cert.pem
Normal file
@ -0,0 +1,21 @@
|
|||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
MIIDbTCCAlWgAwIBAgIUO/w0+2BFYwPxELanA9ebAcPeUtEwDQYJKoZIhvcNAQEL
|
||||||
|
BQAwKDEmMCQGA1UEAxMdZWdvLmlvIEludGVybWVkaWF0ZSBBdXRob3JpdHkwHhcN
|
||||||
|
MjMwNzA2MTk0MDI4WhcNMjMwNzA5MTk0MDU4WjAhMR8wHQYDVQQDExZjYXRhbG9n
|
||||||
|
LnNlcnZpY2UuZWdvLmlvMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
|
||||||
|
qSk3xlIFDZeF+dTWFJ096GXtsEhAPgCbbjnbLIg5nQRJ+IsQUeuA0G+L/vFRReYl
|
||||||
|
OMlmnRGh6J7KmjGK58O/HEH3eWpdKjJzmTRuQtNcH3URpZ2YS3wMeqxrvWYhJT+a
|
||||||
|
eoTXkFvz8btt4SM+2UxadSeuHxUQDF6jY1Gffc7CoazjvgdNbvmxuztt32VM4S2z
|
||||||
|
qI8hJUhmXM+NQRc/SDHXyB82WzNX5eJh6bQZWKrOPgjCRaJzbE0N3GX6mvPve13I
|
||||||
|
4Rt9YKuUe5avfztrK5+5EdWVZuv7sBCQOfKJPdRgcwauOp4vTKCBHb9lSTJkO7RK
|
||||||
|
/oWg3g+cDIUaO753u0oipwIDAQABo4GVMIGSMA4GA1UdDwEB/wQEAwIDqDAdBgNV
|
||||||
|
HSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwHQYDVR0OBBYEFNCJrK2q2UBe8y1E
|
||||||
|
fjJWL+ayOg2pMB8GA1UdIwQYMBaAFHpA4xTT9dhKKrmO7epCSCiJ5BR7MCEGA1Ud
|
||||||
|
EQQaMBiCFmNhdGFsb2cuc2VydmljZS5lZ28uaW8wDQYJKoZIhvcNAQELBQADggEB
|
||||||
|
AEUWY1ci0RDExQRQ4SFiJOPhvysapjS/mz1mLRaYxo9tjAP5nWzKrfVvKCXD46R7
|
||||||
|
lSbSdFnTGHaiJulMMHseRxFwbhNV4FUBETe+jZev5irSKJwevJH9Rg6RPwsz1DhO
|
||||||
|
h41ImgQ4G6regnykrgTbIQNgOQlfNoR1oIO8k8eVYEuatLBZv+Gn40E8hfDeS556
|
||||||
|
H2UkOcIC9DUpRJkobP0e0ji8S6nhBMoot38/WufceptyNhVR2u03H4lmTUdvFMXN
|
||||||
|
nwEmCqTPaAqDT8RyRuS7CZqCU/zbOiYtV831VJuENLOVwvG/2GPs228xCRPqnAI3
|
||||||
|
YF1lou3ZmxbJY0xsrpaaYh8=
|
||||||
|
-----END CERTIFICATE-----
|
51
var/certs/pki_int.cert.pem
Normal file
51
var/certs/pki_int.cert.pem
Normal file
@ -0,0 +1,51 @@
|
|||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
MIIEYDCCA0igAwIBAgIUKhWLESfOHLk4Q/kLhXUcmyd2OeMwDQYJKoZIhvcNAQEL
|
||||||
|
BQAwgakxCzAJBgNVBAYTAlBMMQ4wDAYDVQQIDAVTbGFzazERMA8GA1UEBwwIS2F0
|
||||||
|
b3dpY2UxJjAkBgNVBAoMHUVnb21tZXJjZSBQcml2YXRlIFJlZ2lzdHJhdG9yMQsw
|
||||||
|
CQYDVQQLDAJJVDEmMCQGA1UEAwwdRWdvbW1lcmNlIFByaXZhdGUgUmVnaXN0cmF0
|
||||||
|
b3IxGjAYBgkqhkiG9w0BCQEWC3Jvb3RAZWdvLmlvMB4XDTIzMDcwODEyNTYxMVoX
|
||||||
|
DTIzMDgwOTEyNTY0MVowKDEmMCQGA1UEAxMdZWdvLmlvIEludGVybWVkaWF0ZSBB
|
||||||
|
dXRob3JpdHkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDU1W53eQDU
|
||||||
|
CxemQ6l0GagJUPxgG2Aw+koXb57KGFtcF1WX6knObdHq6Hf2R3hOB8Qb6eMEJ2Pw
|
||||||
|
zVpB/0lSmsarqKNuDvuS/BY+fGOVONkFUtGXZu417ztgvBlctD1QXNrX86Jpgv20
|
||||||
|
BNtm0ua7+YRlYe/hOEPMGh1HfM6Bye06hEqJtfC55G6taXddVJwAg9pYfOQjsh1I
|
||||||
|
URl9NSjw3Rm/akUZAclqHT1fJcucJkR0Z0eKOw5b7H7IIuQ68FHeLjVXeWLJruB9
|
||||||
|
wQVN66P+5jU+b9ZkLhlPpdYB0Ve85Z8J5kCheIMYixq0QCa9zUI9JBRg529GB9Ul
|
||||||
|
r4NDPUylg9bzAgMBAAGjgf8wgfwwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQF
|
||||||
|
MAMBAf8wHQYDVR0OBBYEFCqH8BvWkDloDkW4KoWRuW8Gi8CcMB8GA1UdIwQYMBaA
|
||||||
|
FF6s4PHElvxu9QF+fqF7bDNroznXMGYGCCsGAQUFBwEBBFowWDApBggrBgEFBQcw
|
||||||
|
AYYdaHR0cDovL2xvY2FsaG9zdDo4MjAwL3YxL29jc3AwKwYIKwYBBQUHMAKGH2h0
|
||||||
|
dHA6Ly9sb2NhbGhvc3Q6ODIwMC92MS9wa2kvY2EwMQYDVR0fBCowKDAmoCSgIoYg
|
||||||
|
aHR0cDovL2xvY2FsaG9zdDo4MjAwL3YxL3BraS9jcmwwDQYJKoZIhvcNAQELBQAD
|
||||||
|
ggEBAMQZrU+ulLBAIPNhexdYGbjIE//LfNkuV8PHb+dDXgjdLh0rqotC6mtDPHPV
|
||||||
|
LhcKK5qkt3Kc+SD+TK5tdr+vTdGkPmZhUBim1ZqhMLDVfHCZYBgaaO/sIG4tfSQ4
|
||||||
|
PA/FRSR2zZH/eAs/WtLLcLmr8mNtMXleduUbABfzp2KUw3HCyZxsOlCAfg296xvJ
|
||||||
|
g0e8WPkn3rPo9D28QRISfSH82w/L8Rgr4XkEXhTzmuupK7bJtuEz+AVKUxviLXxu
|
||||||
|
zfV0SBIA8eZNRiuEuzV4KxaJL+669kMlcpX12SxyhR/zYU6YdhugtHVuPu84resy
|
||||||
|
2QfBmZbCsGZY2urZ2UIWefA/T70=
|
||||||
|
-----END CERTIFICATE-----
|
||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
MIIENTCCAx2gAwIBAgIUbXooBpS7/8FWBYC1F7fbJQj53hswDQYJKoZIhvcNAQEL
|
||||||
|
BQAwgakxCzAJBgNVBAYTAlBMMQ4wDAYDVQQIDAVTbGFzazERMA8GA1UEBwwIS2F0
|
||||||
|
b3dpY2UxJjAkBgNVBAoMHUVnb21tZXJjZSBQcml2YXRlIFJlZ2lzdHJhdG9yMQsw
|
||||||
|
CQYDVQQLDAJJVDEmMCQGA1UEAwwdRWdvbW1lcmNlIFByaXZhdGUgUmVnaXN0cmF0
|
||||||
|
b3IxGjAYBgkqhkiG9w0BCQEWC3Jvb3RAZWdvLmlvMB4XDTIzMDYyODE1MjcxMVoX
|
||||||
|
DTI4MDYyNjE1MjcxMVowgakxCzAJBgNVBAYTAlBMMQ4wDAYDVQQIDAVTbGFzazER
|
||||||
|
MA8GA1UEBwwIS2F0b3dpY2UxJjAkBgNVBAoMHUVnb21tZXJjZSBQcml2YXRlIFJl
|
||||||
|
Z2lzdHJhdG9yMQswCQYDVQQLDAJJVDEmMCQGA1UEAwwdRWdvbW1lcmNlIFByaXZh
|
||||||
|
dGUgUmVnaXN0cmF0b3IxGjAYBgkqhkiG9w0BCQEWC3Jvb3RAZWdvLmlvMIIBIjAN
|
||||||
|
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxGwbsRS7UoiUTAsdnGG2Yfh+XraS
|
||||||
|
oSimr/jkJImKgQ+GMZJ/uTzunzkw31ujYSKBCoFVjPOJ135/EzZKJIHqzFCP9Tvd
|
||||||
|
Y6K8K8BwYPZ1HJPlbjPJ9nmJdW6mC1Qri3WCH2Ppt9+jb5fDUF0sPMxO4C3ZYCj/
|
||||||
|
zg9TzzKXahbIQsUxlSseEuBvTfsbv2miMPHCPTsQNE7q1m2iUGM4h2YrS7GuXVHE
|
||||||
|
/J/Q1fHKOir1tud46FmWF16fzKafSFxnyX3yDIFTDTHQx+7ei9weksMZJHyFsWGk
|
||||||
|
KjhaaaqfNRlCygf/cpAl99os1ILm4cM3yeqOhnYeqNzLQGszHiFJ8klP8wIDAQAB
|
||||||
|
o1MwUTAdBgNVHQ4EFgQUXqzg8cSW/G71AX5+oXtsM2ujOdcwHwYDVR0jBBgwFoAU
|
||||||
|
Xqzg8cSW/G71AX5+oXtsM2ujOdcwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0B
|
||||||
|
AQsFAAOCAQEAASzDfVqN9VZwfEYgvoFhhuPiX6DO8y9209kvxmgR25cHLypXcWSm
|
||||||
|
k5XSO7ifYOEgz5zFVUe2CiJD7D/9dxVnNgAsFwqYK4Sm46sh/s73nxQYebAtjsee
|
||||||
|
8vIojINEdBjvMXAJZnzahF+C4Ldoj+Q+Mys4NGOHC0rC7axL7ncL7ydKO8SKNN7C
|
||||||
|
1vsNN6xlPTaTwfaQ1fGTqeCFXJ0KuDQlXpZUZuo/bX/wcFTWlvdP1/xyL3XRVpao
|
||||||
|
MrZyj2bNd43q8LppRkR5Bv8vOPnsS/XaPO31eY/3aOba52a8YJdkRbCQ5IyV3ejH
|
||||||
|
VshgEBQHvhPynHhpaejlTamPlJ5ntV9OYw==
|
||||||
|
-----END CERTIFICATE-----
|
16
var/certs/pki_int.csr
Normal file
16
var/certs/pki_int.csr
Normal file
@ -0,0 +1,16 @@
|
|||||||
|
-----BEGIN CERTIFICATE REQUEST-----
|
||||||
|
MIICbTCCAVUCAQAwKDEmMCQGA1UEAxMdZWdvLmlvIEludGVybWVkaWF0ZSBBdXRo
|
||||||
|
b3JpdHkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDU1W53eQDUCxem
|
||||||
|
Q6l0GagJUPxgG2Aw+koXb57KGFtcF1WX6knObdHq6Hf2R3hOB8Qb6eMEJ2PwzVpB
|
||||||
|
/0lSmsarqKNuDvuS/BY+fGOVONkFUtGXZu417ztgvBlctD1QXNrX86Jpgv20BNtm
|
||||||
|
0ua7+YRlYe/hOEPMGh1HfM6Bye06hEqJtfC55G6taXddVJwAg9pYfOQjsh1IURl9
|
||||||
|
NSjw3Rm/akUZAclqHT1fJcucJkR0Z0eKOw5b7H7IIuQ68FHeLjVXeWLJruB9wQVN
|
||||||
|
66P+5jU+b9ZkLhlPpdYB0Ve85Z8J5kCheIMYixq0QCa9zUI9JBRg529GB9Ulr4ND
|
||||||
|
PUylg9bzAgMBAAGgADANBgkqhkiG9w0BAQsFAAOCAQEAomZzHZVQ+MlgQbc/VxE+
|
||||||
|
heC40azU0jfLG6lUHw4zP7Orx6mOtHh6JRWfGCHUc0AwH0AnXVk9D8JNa5EY/7bR
|
||||||
|
N5PFXKRbVSpxJD8/rDn64ZMEYj4ahUTgfRIbU4cnOCYgmZaTnS7f3dGoEMUuzuYm
|
||||||
|
04SN5aptY/H+YoP/LEkhQj0ePIA1W2OXtOTU9NrQqSSaA39/+8Yto+j5cFztgF4m
|
||||||
|
S3jLFwkz0Wt6gR+s5xD4k9sdoSSIVAuoXk/B2wyuiU2DcvHGV9+YUo+MkcZ2HvwW
|
||||||
|
Rl//dNgy1Tjlkf7ebeYtrf/rwyjyHFbb9vqCLI3Z28GgyXF1LTyuFMRCcZ5mdkdc
|
||||||
|
kw==
|
||||||
|
-----END CERTIFICATE REQUEST-----
|
27
var/certs/test.key
Normal file
27
var/certs/test.key
Normal file
@ -0,0 +1,27 @@
|
|||||||
|
-----BEGIN RSA PRIVATE KEY-----
|
||||||
|
MIIEpAIBAAKCAQEA9mjBUJ6u5Onmo5W8Hl/ES7EE7lCDIcFMN39sl0MapbYeHMom
|
||||||
|
hIvL5909ifflpwcPLxvWT9aZ6bEqG86Kp/bFXnkCtfDvQKC5l5R90NDVJwhGJwon
|
||||||
|
WWlOZvkzPTt6o2Xk/NX3KuNilrfZZNxoLaEXldbbAhhSLOJ7gK0oYxXsKFf+Aovx
|
||||||
|
fb1bs9+1gR2Tg0kEPqZdJMyil5xvGDkWxXjcblTTxL+MpYEi5Es7lSWT6wBQ5u4l
|
||||||
|
zZddcYzWve6f1P9OSWzkxxcvhUCMjvWodJqnfHvk7K44EswR/8cEmtS11XKBp10Z
|
||||||
|
yF7WGH2X9o/hKUGhUOOHJisN3NJBzQBoxjTccwIDAQABAoIBAQDUCGxgvUtt+7/V
|
||||||
|
gCFyWaIGJ/tAPtO4FidJkkKVHs8tTTs4NtNSNyFtEbnEoSZixfZQ6TlPVjD3INZF
|
||||||
|
O0OhKP3JP4QPn5WhHSzWvJZPO4RPpBUJvvkBPVaT0VhAFpB/TkzvLAcWRrgtTWKq
|
||||||
|
IecbbIVpEItAkEEWEoWHwnkAWnrucqkEc42tseMI3YJ6Q91G63ErGLz9XvRQu41q
|
||||||
|
x9FXbswic13ulc4PJm15IQRVCh+ht63g/vYNduIldh1H6YFqJ4ZS8NVSWz9ToIJ5
|
||||||
|
fd/21/ajlsv3kenJHCW1yNHJQd/zNYo7gCfytHX3Ny5K20yjKnPWwL884J1YIHFJ
|
||||||
|
qL061CNRAoGBAPkxTPOq12qtROW1uP6DqkfChkN3pG18n5NpQoHxQoR4rzbOXwTH
|
||||||
|
B+Z2IoVkR2bW5P2CUOWlGM6usQRWUnnzgQQ7BcINT1taHGBRcvmQE2cHCQkn0T04
|
||||||
|
gCMoB3Kg3aGioYvyvYb9YGgdwcJ7eENBYh28iA/zAJO7Sj4bH+JYuCvPAoGBAP0j
|
||||||
|
/UJUANbWrvOs97olaZ+zubmvEFu/OiGpp81wloc8uoCLoKu6B0F2SqRsTk652L4K
|
||||||
|
bc7lXoULizcgdqejn/haN1e7gxfgJlCjTWtVLj5rBPyWfQJIpJE9IYHTFyrowJMj
|
||||||
|
sZ2oFVU0UQWeDqh9Xyjt9IA+hj8T8zsTfn7NpTodAoGBAJ/v25L9ELvAL9s7cluw
|
||||||
|
iAb8vA3raVZ4STdktLIP9gBuMQ79D5FSaSiqo+d3gDhqLpjjHib2euCU0LqW6OKq
|
||||||
|
viDH/R8aSde5E0Nio2e36CwVIOCGdM5VSDDITVduFjHa3tKi3rAYSdspViYL9xk7
|
||||||
|
iszJJ48NCU7IQ5Nu91zgUnyTAoGAWj+reitCxVVyuFNxWn8eIh7MV0PvvBX4HqpC
|
||||||
|
tf6u2/Yts8iT9sVy8sa+o9ItNOoTOOW08m9Z/Gr6LiQ3yVqPnNZlJrUmbquuXU9r
|
||||||
|
OZn7y6sR8w+f7+GAMnut54AfoV+r0ImIOGIFgQQO4sbQCQfxlkEHy3T/HZv6OpSf
|
||||||
|
o4ujnY0CgYASqd3uhGLv2Ts12MwgsqzCk4tqayALM5bO8n2ojS35SlbCf/JmLiBW
|
||||||
|
3hjuGyVwhGGc7vFKKbZ3YSexDzeSwLFtcT6YE+DyPtFPMayfYeakQSfqDnNxduZ4
|
||||||
|
kYNSmYnScRFGbHlPIealr+VT4X1SAMtkCCzSEJOKjQ3U6hGhi7c++Q==
|
||||||
|
-----END RSA PRIVATE KEY-----
|
39
var/certs/test.pem
Normal file
39
var/certs/test.pem
Normal file
@ -0,0 +1,39 @@
|
|||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
MIICwDCCAaigAwIBAgIUX4qxPtBep6ezik4G+8t/xD8aNg0wDQYJKoZIhvcNAQEL
|
||||||
|
BQAwKDEmMCQGA1UEAxMdZWdvLmlvIEludGVybWVkaWF0ZSBBdXRob3JpdHkwHhcN
|
||||||
|
MjMwNzI2MjAzNjQ0WhcNMjMwNzI5MjAzNzE0WjAAMFkwEwYHKoZIzj0CAQYIKoZI
|
||||||
|
zj0DAQcDQgAEjTk0C0SGG/OXOgwmNmueWaF83abHr97hDgpy5Nco5ADZR5uYS3bM
|
||||||
|
svRLJCkeOCQHD5+9txfhAA6g4Q3YD8jdB6OB1DCB0TAOBgNVHQ8BAf8EBAMCA6gw
|
||||||
|
HQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMB0GA1UdDgQWBBR4tshTRYWT
|
||||||
|
VIPl+gJPP7tdadyXHTAfBgNVHSMEGDAWgBTDqnUl3TUVDhMKIE0EMTfeQvkMrDBg
|
||||||
|
BgNVHREBAf8EVjBUhlJzcGlmZmU6Ly84MjU0MWFhYi0zNmRiLWEyNDgtOTE5YS01
|
||||||
|
ZDE0OTM4YTFhMjIuY29uc3VsL25zL2RlZmF1bHQvZGMvZWdvL3N2Yy9jYXRhbG9n
|
||||||
|
MA0GCSqGSIb3DQEBCwUAA4IBAQA/ZykZEZhkx8xHejRAqpfWMg8TcWQVY95UjA23
|
||||||
|
rPj8fIMBNJwwNvBrqjcPquKAsH7gC0U16ssd4QabYbPBwr2/NmQ7zp4Udnt8cGmF
|
||||||
|
E3Q7GLaDQmERxZop6gZpEC0cKejtnWwNhhM5viR0UkRX5cIuAv2W7H1v7qi/dMa7
|
||||||
|
KIsD7N2iNED8Madi45bHtSwawX3HF5Mmo5bxw2FOUutGNXZ+06QiUqxuu6pa2ljk
|
||||||
|
iLEFHrG27DfBhdgw1TdosvYY61LMPL97dAZ9ORQU9Ik5sOy5d5KiyIskfm4gatJq
|
||||||
|
/wkfCv1RzAd7YPEp03q8QlDlNr6Mc/KTNwt2WGei8CYUlFHA
|
||||||
|
-----END CERTIFICATE-----
|
||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
MIIDnTCCAoWgAwIBAgIUKQa1Qce2n8KjLnFNfxBiNg/qp+UwDQYJKoZIhvcNAQEL
|
||||||
|
BQAwETEPMA0GA1UEAxMGZWdvLmlvMB4XDTIzMDcyMjIyMzU1NFoXDTI4MDcyMDIy
|
||||||
|
MzYyNFowKDEmMCQGA1UEAxMdZWdvLmlvIEludGVybWVkaWF0ZSBBdXRob3JpdHkw
|
||||||
|
ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQD6OXVd52eZK9L+mweVxsoy
|
||||||
|
gPEu5yHQbP9dKOB6iWA5e8jLMQKwRvb+il+6IfP5CA0QK/iXdl+H5hb2IL6TcUWp
|
||||||
|
2BdlxMOKhioS2F2UqacujnKbAi1dfqkCOp2JuZzlivm4Ku8EzDyKyHEXv7++41+o
|
||||||
|
SJ8aERC9kK9Ak9zVCsdpY8NXv5gaysXPW8UdDNldi1LoZ+vrsqLWYezhmqZIZ8lR
|
||||||
|
HfvpmwaOGoCGCacQnXXuH9axTKeyhXL7EwEWeTOvpKYE44qbt8O67XjOe7GCyf0n
|
||||||
|
+SmweXCTjOQQVkdCO7tTJG0KLf8/1i39KaIVBju7RJxizR2fomqI8cc+ja5WokQ7
|
||||||
|
AgMBAAGjgdUwgdIwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYD
|
||||||
|
VR0OBBYEFMOqdSXdNRUOEwogTQQxN95C+QysMB8GA1UdIwQYMBaAFFQuletuUtZb
|
||||||
|
XabnbhYcoe15G7EzMDsGCCsGAQUFBwEBBC8wLTArBggrBgEFBQcwAoYfaHR0cDov
|
||||||
|
LzEyNy4wLjAuMTo4MjAwL3YxL3BraS9jYTAyBgNVHR8EKzApMCegJaAjhiFodHRw
|
||||||
|
Oi8vMTI3LjAuMC4xOjgyMDAvL3YxL3BraS9jcmwwDQYJKoZIhvcNAQELBQADggEB
|
||||||
|
AFDDSktJ6qUDkRo7A9hssYiiGzjdaFgzNMAXnoUl4TX7npAyfmczJdaHFE4tKb4S
|
||||||
|
tOih6sC7XfyDuuTZ0+zvGpCN6kSFqrH1tFe37pauhxTUjopdbFwteOHBcY49o1Mx
|
||||||
|
gZCL9UvrGDmzY9htDExjm3bqB07SKOA1kR2iSHVzYN3oFWpDyn/Di4nFRudbJvN6
|
||||||
|
nPaIyTDPyYUF8JMyd5CONut+v1tdEYOfOEAeNDUG87IVvAYrzotkCRncjZLfewD2
|
||||||
|
/q4wWKjbAT9sh5mLAgctU/hrRuuZ7AF7uYgl5GvbJyHG5grv5WhU6oKzVsonxHo5
|
||||||
|
si/KhGzpLBv2MnvAhEwdpfA=
|
||||||
|
-----END CERTIFICATE-----
|
Loading…
Reference in New Issue
Block a user