ui = true
cluster_addr = "https://127.0.0.1:8201"
api_addr = "https://127.0.0.1:8200"
disable_mlock = true
storage "raft" {
path = "/path/to/raft/data"
node_id = "raft_node_id"
}
listener "tcp" {
address = "127.0.0.1:8200"
tls_cert_file = "/path/to/full-chain.pem"
tls_key_file = "/path/to/private-key.pem"
}
telemetry {
statsite_address = "127.0.0.1:8125"
disable_hostname = true
}
ui = true
listener "tcp" {
address = "10.10.100.95:8200"
tls_cert_file = "/app/vault/cert/fullchain.pem"
tls_key_file = "/app/vault/cert/privkey.pem"
# If bound to localhost, the Vault UI is only
# accessible from the local machine!
# address = "127.0.0.1:8200"
}
准备工作
在开始之前,请确保您已完成以下准备工作:
已在CentOS 7服务器上安装了Apache或Nginx等Web服务器(本次以Nginx为例)。
确保域名的DNS记录已正确配置,指向服务器的IP地址。
安装 Certbot
Certbot可以通过EPEL存储库进行安装。执行以下命令安装EPEL存储库:
sudo yum install epel-release
然后,使用snapd来装certbot:
sudo yum install snapd
设置快捷方式以及开启自启
sudo systemctl enable --now snapd.socket
sudo ln -s /var/lib/snapd/snap /snap
安装certbot
sudo snap install --classic certbot
设置快捷方式
sudo ln -s /snap/bin/certbot /usr/bin/certbot
获取 SSL 证书
执行以下命令使用Certbot获取SSL证书。假设我们的配置文件在/usr/local/nginx/conf
sudo certbot certonly --standalone -d iptvcrm.com
openssl genpkey -algorithm RSA -out privkey.pem
openssl req -new -key privkey.pem -out cert.csr
openssl x509 -req -days 365 -in cert.csr -signkey privkey.pem -out fullchain.pem
测试环境启动指令
vault server -config /app/vault/conf/vault.conf -dev -dev-root-token-id root -dev-tls
访问url
https://10.10.100.95:8200/ui