53 lines
No EOL
1.3 KiB
YAML
53 lines
No EOL
1.3 KiB
YAML
version: '3.8'
|
|
|
|
services:
|
|
vault:
|
|
build: ./hc_vault
|
|
image: tepichord/vault:latest
|
|
hostname: vault
|
|
command: server
|
|
cap_add:
|
|
- IPC_LOCK
|
|
security_opt:
|
|
- label=disable
|
|
privileged: true
|
|
volumes:
|
|
- ./hc_vault/config:/vault/config:z
|
|
- ./hc_vault/certs:/opt/vault/certs:z
|
|
- ./hc_vault/vault_data:/opt/vault/data:z # Host directory (easy to backup)
|
|
environment:
|
|
- VAULT_ADDR=https://127.0.0.1:8200
|
|
- VAULT_API_ADDR=https://0.0.0.0:8200
|
|
- VAULT_CACERT=/opt/vault/certs/rootCA.pem
|
|
ports:
|
|
- "8200:8200" # Only for direct access if needed
|
|
restart: unless-stopped
|
|
healthcheck:
|
|
test: ["CMD", "vault", "status", "-format=json"]
|
|
interval: 5m
|
|
timeout: 10s
|
|
retries: 3
|
|
|
|
nginx:
|
|
image: nginx:alpine
|
|
hostname: nginx
|
|
volumes:
|
|
- ./nginx/conf:/etc/nginx:z
|
|
- ./ssl-certs:/etc/ssl:z
|
|
- ./hc_vault/certs:/etc/vault-certs:z # For trusting Vault's cert
|
|
ports:
|
|
- "8443:443"
|
|
- "8080:80" # Optional: redirect HTTP to HTTPS
|
|
depends_on:
|
|
- vault
|
|
restart: unless-stopped
|
|
healthcheck:
|
|
test: ["CMD", "nginx", "-t"]
|
|
interval: 5m
|
|
timeout: 10s
|
|
retries: 3
|
|
|
|
networks:
|
|
default:
|
|
name: vault-network
|
|
driver: bridge |