2022-04-24 10:47:41 +00:00
|
|
|
job "traefik-ingress" {
|
|
|
|
datacenters = ["hetzner"]
|
2022-12-10 16:10:32 +00:00
|
|
|
priority = 90
|
2022-10-29 08:40:01 +00:00
|
|
|
type = "service"
|
2022-04-24 10:47:41 +00:00
|
|
|
|
2022-05-26 12:18:52 +00:00
|
|
|
meta {
|
2022-10-29 08:40:01 +00:00
|
|
|
force_deploy = 1
|
2022-05-26 12:18:52 +00:00
|
|
|
}
|
2022-04-24 10:47:41 +00:00
|
|
|
group "traefik-ingress" {
|
|
|
|
network {
|
|
|
|
mode = "host"
|
|
|
|
port "http" {
|
2022-10-29 08:40:01 +00:00
|
|
|
static = 80
|
2022-04-24 10:47:41 +00:00
|
|
|
host_network = "public"
|
|
|
|
}
|
|
|
|
port "https" {
|
2022-10-29 08:40:01 +00:00
|
|
|
static = 443
|
2022-04-24 10:47:41 +00:00
|
|
|
host_network = "public"
|
|
|
|
}
|
|
|
|
port "admin" {
|
2022-10-29 08:40:01 +00:00
|
|
|
static = 9080
|
2022-04-24 10:47:41 +00:00
|
|
|
host_network = "private"
|
|
|
|
}
|
2022-09-09 16:53:54 +00:00
|
|
|
port "ssh" {
|
2022-10-29 08:40:01 +00:00
|
|
|
static = 2222
|
2022-09-09 16:53:54 +00:00
|
|
|
host_network = "public"
|
|
|
|
}
|
2023-10-01 17:30:23 +00:00
|
|
|
port "smtp" {
|
2023-10-07 16:00:37 +00:00
|
|
|
static = 25
|
2023-10-01 17:30:23 +00:00
|
|
|
host_network = "public"
|
|
|
|
}
|
|
|
|
port "esmtp" {
|
|
|
|
static = 465
|
|
|
|
host_network = "public"
|
|
|
|
}
|
|
|
|
port "imap" {
|
|
|
|
static= 993
|
|
|
|
host_network = "public"
|
|
|
|
}
|
2022-04-24 10:47:41 +00:00
|
|
|
}
|
2022-10-29 08:40:01 +00:00
|
|
|
vault {
|
2023-09-17 16:28:12 +00:00
|
|
|
policies = ["traefik"]
|
2022-04-24 20:19:18 +00:00
|
|
|
}
|
2022-10-29 08:40:01 +00:00
|
|
|
task "traefik" {
|
2022-04-24 10:47:41 +00:00
|
|
|
driver = "docker"
|
|
|
|
service {
|
|
|
|
name = "traefik"
|
|
|
|
|
|
|
|
tags = ["traefik"]
|
|
|
|
port = "https"
|
|
|
|
}
|
|
|
|
|
|
|
|
service {
|
|
|
|
name = "traefik-admin"
|
|
|
|
port = "admin"
|
|
|
|
tags = [
|
2022-10-29 08:40:01 +00:00
|
|
|
"homer.enable=true",
|
|
|
|
"homer.name=Traefik admin",
|
|
|
|
"homer.subtitle=WAN",
|
|
|
|
"homer.service=Platform",
|
|
|
|
"homer.logo=https://upload.wikimedia.org/wikipedia/commons/1/1b/Traefik.logo.png",
|
|
|
|
"homer.target=_blank",
|
|
|
|
"homer.url=http://${NOMAD_ADDR_admin}",
|
2022-05-23 19:44:34 +00:00
|
|
|
|
|
|
|
|
2022-04-24 10:47:41 +00:00
|
|
|
]
|
|
|
|
}
|
|
|
|
|
|
|
|
config {
|
2024-03-17 17:58:24 +00:00
|
|
|
image = "docker.service.consul:5000/library/traefik"
|
2022-04-24 10:47:41 +00:00
|
|
|
ports = [
|
|
|
|
"http",
|
|
|
|
"https",
|
2022-09-09 16:53:54 +00:00
|
|
|
"admin",
|
2023-10-01 17:30:23 +00:00
|
|
|
"ssh",
|
|
|
|
"smtp",
|
|
|
|
"esmtp",
|
|
|
|
"imap",
|
2022-04-24 10:47:41 +00:00
|
|
|
]
|
2022-10-29 08:40:01 +00:00
|
|
|
volumes = [
|
2022-04-24 20:19:18 +00:00
|
|
|
"local/traefik.toml:/etc/traefik/traefik.toml",
|
|
|
|
"/mnt/diskstation/nomad/traefik/acme.json:/acme.json"
|
2022-04-24 10:47:41 +00:00
|
|
|
]
|
|
|
|
|
|
|
|
}
|
|
|
|
# vault{
|
|
|
|
#}
|
2022-10-29 08:40:01 +00:00
|
|
|
env {
|
|
|
|
}
|
|
|
|
template {
|
|
|
|
data = <<EOH
|
2023-09-17 16:28:12 +00:00
|
|
|
HETZNER_API_KEY = "{{with secret "secrets/data/nomad/traefik"}}{{.Data.data.hetznerdnstoken}}{{end}}"
|
2022-04-24 20:19:18 +00:00
|
|
|
EOH
|
2022-10-29 08:40:01 +00:00
|
|
|
destination = "secrets/gandi.env"
|
|
|
|
env = true
|
|
|
|
}
|
|
|
|
template {
|
|
|
|
data = <<EOH
|
2022-04-24 10:47:41 +00:00
|
|
|
[entryPoints]
|
2022-09-09 15:50:28 +00:00
|
|
|
|
|
|
|
[entrypoints.ssh]
|
|
|
|
address = ":2222"
|
2022-04-24 10:47:41 +00:00
|
|
|
[entryPoints.web]
|
|
|
|
address = ":80"
|
2022-05-23 17:48:35 +00:00
|
|
|
[entryPoints.web.http]
|
|
|
|
[entryPoints.web.http.redirections]
|
|
|
|
[entryPoints.web.http.redirections.entryPoint]
|
|
|
|
to = "websecure"
|
|
|
|
scheme = "https"
|
2024-04-12 06:59:20 +00:00
|
|
|
|
2022-04-24 10:47:41 +00:00
|
|
|
[entryPoints.websecure]
|
2024-04-12 06:59:20 +00:00
|
|
|
|
2022-04-24 10:47:41 +00:00
|
|
|
address = ":443"
|
2024-04-12 06:59:20 +00:00
|
|
|
[entryPoints.websecure.forwardedHeaders]
|
|
|
|
trustedIPs = ["127.0.0.1/32", "192.168.0.0/24" ,"10.0.0.0/8","172.16.0.0/12"]
|
|
|
|
[entryPoints.websecure.proxyProtocol]
|
|
|
|
trustedIPs = ["127.0.0.1/32", "192.168.0.0/24" ,"10.0.0.0/8","172.16.0.0/12"]
|
2022-04-24 10:47:41 +00:00
|
|
|
[entryPoints.traefik]
|
|
|
|
address = ":9080"
|
2023-10-01 17:30:23 +00:00
|
|
|
[entrypoints.smtp]
|
|
|
|
address = ":25"
|
|
|
|
[entrypoints.esmtp]
|
|
|
|
address = ":465"
|
|
|
|
[entrypoints.imap]
|
|
|
|
address = ":993"
|
2022-04-24 10:47:41 +00:00
|
|
|
[http.middlewares]
|
|
|
|
[http.middlewares.https-redirect.redirectscheme]
|
|
|
|
scheme = "https"
|
|
|
|
[providers.consulCatalog]
|
|
|
|
exposedByDefault = false
|
|
|
|
[providers.consulCatalog.endpoint]
|
2022-06-20 19:54:45 +00:00
|
|
|
address = "{{{env "NOMAD_IP_admin"}}}:8500"
|
2022-04-24 10:47:41 +00:00
|
|
|
[log]
|
2022-05-26 12:18:52 +00:00
|
|
|
[accessLog]
|
2022-04-24 10:47:41 +00:00
|
|
|
[api]
|
|
|
|
dashboard = true
|
|
|
|
insecure = true
|
|
|
|
[ping]
|
2022-04-24 20:19:18 +00:00
|
|
|
[certificatesResolvers.myresolver.acme]
|
2023-11-05 18:08:17 +00:00
|
|
|
email = "vincent@ducamps.eu"
|
2022-04-24 20:19:18 +00:00
|
|
|
storage = "acme.json"
|
|
|
|
[certificatesResolvers.myresolver.acme.httpChallenge]
|
|
|
|
entryPoint= "web"
|
2022-05-13 09:43:07 +00:00
|
|
|
[metrics]
|
|
|
|
[metrics.prometheus]
|
|
|
|
|
|
|
|
|
2022-04-24 10:47:41 +00:00
|
|
|
EOH
|
2022-10-29 08:40:01 +00:00
|
|
|
destination = "local/traefik.toml"
|
|
|
|
env = false
|
|
|
|
change_mode = "noop"
|
|
|
|
left_delimiter = "{{{"
|
2022-04-24 10:47:41 +00:00
|
|
|
right_delimiter = "}}}"
|
2022-10-29 08:40:01 +00:00
|
|
|
}
|
|
|
|
resources {
|
|
|
|
memory = 200
|
|
|
|
}
|
2022-04-24 10:47:41 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|