implement TLS

This commit is contained in:
vincent 2022-04-24 22:19:18 +02:00
parent 61a50e8298
commit 15d75f243a
3 changed files with 44 additions and 8 deletions

View File

@ -19,8 +19,12 @@ job "drone" {
port = "http"
tags = [
"traefik.enable=true",
"traefik.http.routers.${NOMAD_JOB_NAME}_insecure.rule=Host(`${NOMAD_JOB_NAME}.ducamps.win`)",
"traefik.http.routers.${NOMAD_JOB_NAME}.rule=Host(`${NOMAD_JOB_NAME}.ducamps.win`)",
"traefik.http.routers.${NOMAD_JOB_NAME}.tls.domains[0].sans=${NOMAD_JOB_NAME}.ducamps.win",
"traefik.http.routers.${NOMAD_JOB_NAME}.tls.certresolver=myresolver",
"traefik.http.middlewares.httpsRedirect.redirectscheme.scheme=https",
"traefik.http.routers.${NOMAD_JOB_NAME}.middlewares=httpsRedirect"
]
}
config {

View File

@ -18,7 +18,9 @@ job "traefik-ingress" {
host_network = "private"
}
}
vault{
policies=["access-tables"]
}
task "server" {
driver = "docker"
service {
@ -46,8 +48,8 @@ job "traefik-ingress" {
"admin"
]
volumes =[
"local/traefik.toml:/etc/traefik/traefik.toml"
#"/mnt/diskstation/nomad/traefik/acme.json:acme.json"
"local/traefik.toml:/etc/traefik/traefik.toml",
"/mnt/diskstation/nomad/traefik/acme.json:/acme.json"
]
}
@ -55,6 +57,13 @@ job "traefik-ingress" {
#}
env {
}
template{
data=<<EOH
GANDIV5_API_KEY = "{{with secret "secrets/data/gandi"}}{{.Data.data.API_KEY}}{{end}}"
EOH
destination= "secrets/gandi.env"
env = true
}
template{
data= <<EOH
[entryPoints]
@ -76,7 +85,11 @@ job "traefik-ingress" {
dashboard = true
insecure = true
[ping]
[certificatesResolvers.myresolver.acme]
email = "vincent@ducamps.win"
storage = "acme.json"
[certificatesResolvers.myresolver.acme.httpChallenge]
entryPoint= "web"
EOH
destination = "local/traefik.toml"
env = false

View File

@ -15,6 +15,9 @@ job "traefik-local" {
static = 9080
}
}
vault{
policies=["access-tables"]
}
task "server" {
driver = "docker"
@ -43,8 +46,8 @@ job "traefik-local" {
"admin"
]
volumes =[
"local/traefik.toml:/etc/traefik/traefik.toml"
#"/mnt/diskstation/nomad/traefik/acme.json:acme.json"
"local/traefik.toml:/etc/traefik/traefik.toml",
"/mnt/diskstation/nomad/traefik/acme-local.json:/acme.json"
]
}
@ -52,6 +55,14 @@ job "traefik-local" {
#}
env {
}
template{
data=<<EOH
GANDIV5_API_KEY = "{{with secret "secrets/data/gandi"}}{{.Data.data.API_KEY}}{{end}}"
EOH
destination= "secrets/gandi.env"
env = true
}
template{
data= <<EOH
[entryPoints]
@ -67,12 +78,20 @@ job "traefik-local" {
[providers.consulCatalog]
exposedByDefault = false
[providers.consulCatalog.endpoint]
address = "127.0.0.1:8500"
address = "172.17.0.1:8500"
[log]
[api]
dashboard = true
insecure = true
[ping]
[certificatesResolvers.myresolver.acme]
email = "vincent@ducamps.win"
storage = "acme.json"
[certificatesResolvers.myresolver.acme.dnsChallenge]
provider = "gandiv5"
delayBeforeCheck = 0
resolvers = ["173.246.100.133:53"]
EOH
destination = "local/traefik.toml"