implement TLS
This commit is contained in:
parent
61a50e8298
commit
15d75f243a
@ -19,8 +19,12 @@ job "drone" {
|
||||
port = "http"
|
||||
tags = [
|
||||
"traefik.enable=true",
|
||||
"traefik.http.routers.${NOMAD_JOB_NAME}_insecure.rule=Host(`${NOMAD_JOB_NAME}.ducamps.win`)",
|
||||
"traefik.http.routers.${NOMAD_JOB_NAME}.rule=Host(`${NOMAD_JOB_NAME}.ducamps.win`)",
|
||||
"traefik.http.routers.${NOMAD_JOB_NAME}.tls.domains[0].sans=${NOMAD_JOB_NAME}.ducamps.win",
|
||||
"traefik.http.routers.${NOMAD_JOB_NAME}.tls.certresolver=myresolver",
|
||||
"traefik.http.middlewares.httpsRedirect.redirectscheme.scheme=https",
|
||||
"traefik.http.routers.${NOMAD_JOB_NAME}.middlewares=httpsRedirect"
|
||||
|
||||
]
|
||||
}
|
||||
config {
|
||||
|
@ -18,7 +18,9 @@ job "traefik-ingress" {
|
||||
host_network = "private"
|
||||
}
|
||||
}
|
||||
|
||||
vault{
|
||||
policies=["access-tables"]
|
||||
}
|
||||
task "server" {
|
||||
driver = "docker"
|
||||
service {
|
||||
@ -46,8 +48,8 @@ job "traefik-ingress" {
|
||||
"admin"
|
||||
]
|
||||
volumes =[
|
||||
"local/traefik.toml:/etc/traefik/traefik.toml"
|
||||
#"/mnt/diskstation/nomad/traefik/acme.json:acme.json"
|
||||
"local/traefik.toml:/etc/traefik/traefik.toml",
|
||||
"/mnt/diskstation/nomad/traefik/acme.json:/acme.json"
|
||||
]
|
||||
|
||||
}
|
||||
@ -55,6 +57,13 @@ job "traefik-ingress" {
|
||||
#}
|
||||
env {
|
||||
}
|
||||
template{
|
||||
data=<<EOH
|
||||
GANDIV5_API_KEY = "{{with secret "secrets/data/gandi"}}{{.Data.data.API_KEY}}{{end}}"
|
||||
EOH
|
||||
destination= "secrets/gandi.env"
|
||||
env = true
|
||||
}
|
||||
template{
|
||||
data= <<EOH
|
||||
[entryPoints]
|
||||
@ -76,7 +85,11 @@ job "traefik-ingress" {
|
||||
dashboard = true
|
||||
insecure = true
|
||||
[ping]
|
||||
|
||||
[certificatesResolvers.myresolver.acme]
|
||||
email = "vincent@ducamps.win"
|
||||
storage = "acme.json"
|
||||
[certificatesResolvers.myresolver.acme.httpChallenge]
|
||||
entryPoint= "web"
|
||||
EOH
|
||||
destination = "local/traefik.toml"
|
||||
env = false
|
||||
|
@ -15,6 +15,9 @@ job "traefik-local" {
|
||||
static = 9080
|
||||
}
|
||||
}
|
||||
vault{
|
||||
policies=["access-tables"]
|
||||
}
|
||||
|
||||
task "server" {
|
||||
driver = "docker"
|
||||
@ -43,8 +46,8 @@ job "traefik-local" {
|
||||
"admin"
|
||||
]
|
||||
volumes =[
|
||||
"local/traefik.toml:/etc/traefik/traefik.toml"
|
||||
#"/mnt/diskstation/nomad/traefik/acme.json:acme.json"
|
||||
"local/traefik.toml:/etc/traefik/traefik.toml",
|
||||
"/mnt/diskstation/nomad/traefik/acme-local.json:/acme.json"
|
||||
]
|
||||
|
||||
}
|
||||
@ -52,6 +55,14 @@ job "traefik-local" {
|
||||
#}
|
||||
env {
|
||||
}
|
||||
template{
|
||||
data=<<EOH
|
||||
GANDIV5_API_KEY = "{{with secret "secrets/data/gandi"}}{{.Data.data.API_KEY}}{{end}}"
|
||||
EOH
|
||||
destination= "secrets/gandi.env"
|
||||
env = true
|
||||
}
|
||||
|
||||
template{
|
||||
data= <<EOH
|
||||
[entryPoints]
|
||||
@ -67,12 +78,20 @@ job "traefik-local" {
|
||||
[providers.consulCatalog]
|
||||
exposedByDefault = false
|
||||
[providers.consulCatalog.endpoint]
|
||||
address = "127.0.0.1:8500"
|
||||
address = "172.17.0.1:8500"
|
||||
[log]
|
||||
[api]
|
||||
dashboard = true
|
||||
insecure = true
|
||||
[ping]
|
||||
[certificatesResolvers.myresolver.acme]
|
||||
email = "vincent@ducamps.win"
|
||||
storage = "acme.json"
|
||||
[certificatesResolvers.myresolver.acme.dnsChallenge]
|
||||
provider = "gandiv5"
|
||||
delayBeforeCheck = 0
|
||||
resolvers = ["173.246.100.133:53"]
|
||||
|
||||
|
||||
EOH
|
||||
destination = "local/traefik.toml"
|
||||
|
Loading…
Reference in New Issue
Block a user