Kezdőlap Felfedezés Súgó
Bejelentkezés
Apq
/
nextcloud-docs
tükrözi: https://github.com/docker-library/docs.git
1
0
Másolás 0
Fájlok Problémák 0 Wiki
Forráskód Böngészése

Improve Hashicorp Vault docker run example for server mode (#2246)

* Improve Hashicorp Vault docker run example for server mode to actually be directly usable and fix backend to current wording of storage

* Upgrade hashicorp vault readme by suggestions from mladlow making it explicit that docker run example is not meant for productional use

Co-authored-by: Theo Diefenthal <[email protected]>
Theo Diefenthal 3 éve
szülő
114ea74f41
commit
bc78bcb397
1 módosított fájl, 11 hozzáadás és 3 törlés
Osztott Nézet Diff Statisztika Mutatása
  1. 11 3
      vault/content.md

+ 11 - 3
vault/content.md
Fájl Megtekintése 

@@ -45,16 +45,24 @@ As an example:
 
 $ docker run --cap-add=IPC_LOCK -e 'VAULT_DEV_ROOT_TOKEN_ID=myroot' -e 'VAULT_DEV_LISTEN_ADDRESS=0.0.0.0:1234' %%IMAGE%%
 
 ```
 
 
-## Running Vault in Server Mode
 
+## Running Vault in Server Mode for Development
 
 
 ```console
 
-$ docker run --cap-add=IPC_LOCK -e 'VAULT_LOCAL_CONFIG={"backend": {"file": {"path": "/vault/file"}}, "default_lease_ttl": "168h", "max_lease_ttl": "720h"}' %%IMAGE%% server
 
+$ docker run --cap-add=IPC_LOCK -e 'VAULT_LOCAL_CONFIG={"storage": {"file": {"path": "/vault/file"}}, "listener": [{"tcp": { "address": "0.0.0.0:8200", "tls_disable": true}}], "default_lease_ttl": "168h", "max_lease_ttl": "720h", "ui": true}' -p 8200:8200 %%IMAGE%% server
 
 ```
 
 
-This runs a Vault server using the `file` storage backend at path `/vault/file`, with a default secret lease duration of one week and a maximum of 30 days.
 
+This runs a Vault server with TLS disabled, the `file` storage backend at path `/vault/file` and a default secret lease duration of one week and a maximum of 30 days. Disabling TLS and using the `file` storage backend are not recommended for production use.
 
 
 Note the `--cap-add=IPC_LOCK`: this is required in order for Vault to lock memory, which prevents it from being swapped to disk. This is highly recommended. In a non-development environment, if you do not wish to use this functionality, you must add `"disable_mlock: true"` to the configuration information.
 
 
 At startup, the server will read configuration HCL and JSON files from `/vault/config` (any information passed into `VAULT_LOCAL_CONFIG` is written into `local.json` in this directory and read as part of reading the directory for configuration files). Please see Vault's [configuration documentation](https://www.vaultproject.io/docs/config/index.html) for a full list of options.
 
 
+We suggest volume mounting a directory into the Docker image in order to give both the configuration and TLS certificates to Vault. You can accomplish this with:
 
+
 
+```console
 
+$ docker run --volume config/:/vault/config.d ...
 
+```
 
+
 
+For more scalability and reliability, we suggest running containerized Vault in an orchestration environment like k8s or OpenShift.
 
+
 
 Since 0.6.3 this container also supports the `VAULT_REDIRECT_INTERFACE` and `VAULT_CLUSTER_INTERFACE` environment variables. If set, the IP addresses used for the redirect and cluster addresses in Vault's configuration will be the address of the named interface inside the container (e.g. `eth0`).