nomad/traefik/traefik.nomad

110 lines
2.7 KiB
Plaintext
Raw Normal View History

2022-09-09 23:37:09 +00:00
job "traefik" {
region = "global"
datacenters = ["dc1"]
type = "service"
group "traefik" {
count = 1
network {
port "http" {
static = 80
}
port "https" {
static = 443
}
port "api" {
static = 8081
}
}
service {
name = "traefik"
port = "api"
check {
name = "alive"
type = "tcp"
port = "http"
interval = "10s"
timeout = "2s"
}
tags = [
"traefik.enable=true",
// Redirect all http requests to HTTPS
"traefik.http.middlewares.https-redirect.redirectscheme.permanent=true",
"traefik.http.middlewares.https-redirect.redirectscheme.scheme=https",
"traefik.http.routers.http-catchall.entrypoints=http",
"traefik.http.routers.http-catchall.rule=HostRegexp(`{any:.+}`)",
"traefik.http.routers.http-catchall.middlewares=https-redirect",
// Forward requests to protected services to Authelia. Remove this if not running Authelia.
2023-07-30 04:32:34 +00:00
"traefik.http.middlewares.authelia.forwardauth.address=http://<authelia address>/api/verify?rd=https://auth.elara.ws/",
2022-09-09 23:37:09 +00:00
"traefik.http.middlewares.authelia.forwardauth.trustforwardheader=true",
"traefik.http.middlewares.authelia.forwardauth.authresponseheaders=Remote-User, Remote-Groups",
// Expose Traefik API with authentication. Remove this if not running Authelia.
2023-07-30 04:32:34 +00:00
"traefik.http.routers.traefik.rule=Host(`traefik.elara.ws`)",
2022-09-09 23:37:09 +00:00
"traefik.http.routers.traefik.tls.certResolver=letsencrypt",
"traefik.http.routers.traefik.middlewares=authelia",
]
}
task "traefik" {
driver = "docker"
config {
image = "traefik:v2.2"
network_mode = "host"
volumes = [
"/opt/traefik/acme.json:/acme.json",
"local/traefik.toml:/etc/traefik/traefik.toml",
]
}
template {
data = <<EOF
[entryPoints]
[entryPoints.http]
address = ":80"
[entryPoints.https]
address = ":443"
[entryPoints.traefik]
address = ":8081"
[certificatesResolvers.letsencrypt.acme]
email = "you@example.com"
storage = "acme.json"
[certificatesResolvers.letsencrypt.acme.httpChallenge]
entryPoint = "http"
[api]
dashboard = true
insecure = true
# Enable Consul Catalog configuration backend.
[providers.consulCatalog]
prefix = "traefik"
exposedByDefault = false
[providers.consulCatalog.endpoint]
address = "127.0.0.1:8500"
scheme = "http"
EOF
destination = "local/traefik.toml"
}
resources {
cpu = 100
memory = 128
}
}
}
}