Enable https on consul

This commit is contained in:
Amarpreet Minhas 2020-09-30 22:16:38 -04:00
parent 4989911add
commit eca78a092d
3 changed files with 10 additions and 5 deletions

View file

@ -38,7 +38,7 @@
register: exp
- name: get cert
shell: "vault write pki_int/issue/{{ vault_pki_policy }} common_name=server.{{ main_dc_name }}.{{ consul_domain }} ttl=43200m"
shell: "vault write pki_int/issue/{{ vault_pki_policy }} common_name=server.{{ main_dc_name }}.{{ consul_domain }} alt_names=consul.service.{{ consul_domain }},consul.service.{{ main_dc_name }}.{{ consul_domain }} ttl=43200m"
args:
executable: /bin/bash
environment:

View file

@ -38,7 +38,7 @@
register: exp
- name: get cert
shell: "vault write pki_int/issue/{{ vault_pki_policy }} common_name=server.{{ main_dc_name }}.{{ consul_domain }} ttl=43200m"
shell: "vault write pki_int/issue/{{ vault_pki_policy }} common_name=server.{{ main_dc_name }}.{{ consul_domain }} alt_names=consul.service.{{ consul_domain }},consul.service.{{ main_dc_name }}.{{ consul_domain }} ttl=43200m"
args:
executable: /usr/local/bin/bash
environment:

View file

@ -8,9 +8,10 @@ ui = true
encrypt = "{{ lookup('hashi_vault', 'secret=kv/data/consul:data')['gossip'] }}"
verify_incoming = true
verify_outgoing = true
verify_server_hostname = true
verify_incoming_https = false
verify_incoming_rpc = true
ca_file = "/etc/pki/certs/{{ vault_ca_cert_name }}"
cert_file = "{{ consul_config_path }}/certs/consul-server.pem"
key_file = "{{ consul_config_path }}/certs/consul-server.key"
@ -29,8 +30,12 @@ raft_protocol = 3
enable_local_script_checks = true
addresses {
http = "0.0.0.0"
dns = "0.0.0.0"
https = "0.0.0.0"
dns = "0.0.0.0"
}
ports {
https = 8501
}
performance {