implement TLS
This commit is contained in:
parent
61a50e8298
commit
15d75f243a
@ -19,8 +19,12 @@ job "drone" {
|
|||||||
port = "http"
|
port = "http"
|
||||||
tags = [
|
tags = [
|
||||||
"traefik.enable=true",
|
"traefik.enable=true",
|
||||||
"traefik.http.routers.${NOMAD_JOB_NAME}_insecure.rule=Host(`${NOMAD_JOB_NAME}.ducamps.win`)",
|
"traefik.http.routers.${NOMAD_JOB_NAME}.rule=Host(`${NOMAD_JOB_NAME}.ducamps.win`)",
|
||||||
"traefik.http.routers.${NOMAD_JOB_NAME}.tls.domains[0].sans=${NOMAD_JOB_NAME}.ducamps.win",
|
"traefik.http.routers.${NOMAD_JOB_NAME}.tls.domains[0].sans=${NOMAD_JOB_NAME}.ducamps.win",
|
||||||
|
"traefik.http.routers.${NOMAD_JOB_NAME}.tls.certresolver=myresolver",
|
||||||
|
"traefik.http.middlewares.httpsRedirect.redirectscheme.scheme=https",
|
||||||
|
"traefik.http.routers.${NOMAD_JOB_NAME}.middlewares=httpsRedirect"
|
||||||
|
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
config {
|
config {
|
||||||
|
@ -18,7 +18,9 @@ job "traefik-ingress" {
|
|||||||
host_network = "private"
|
host_network = "private"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
vault{
|
||||||
|
policies=["access-tables"]
|
||||||
|
}
|
||||||
task "server" {
|
task "server" {
|
||||||
driver = "docker"
|
driver = "docker"
|
||||||
service {
|
service {
|
||||||
@ -46,8 +48,8 @@ job "traefik-ingress" {
|
|||||||
"admin"
|
"admin"
|
||||||
]
|
]
|
||||||
volumes =[
|
volumes =[
|
||||||
"local/traefik.toml:/etc/traefik/traefik.toml"
|
"local/traefik.toml:/etc/traefik/traefik.toml",
|
||||||
#"/mnt/diskstation/nomad/traefik/acme.json:acme.json"
|
"/mnt/diskstation/nomad/traefik/acme.json:/acme.json"
|
||||||
]
|
]
|
||||||
|
|
||||||
}
|
}
|
||||||
@ -55,6 +57,13 @@ job "traefik-ingress" {
|
|||||||
#}
|
#}
|
||||||
env {
|
env {
|
||||||
}
|
}
|
||||||
|
template{
|
||||||
|
data=<<EOH
|
||||||
|
GANDIV5_API_KEY = "{{with secret "secrets/data/gandi"}}{{.Data.data.API_KEY}}{{end}}"
|
||||||
|
EOH
|
||||||
|
destination= "secrets/gandi.env"
|
||||||
|
env = true
|
||||||
|
}
|
||||||
template{
|
template{
|
||||||
data= <<EOH
|
data= <<EOH
|
||||||
[entryPoints]
|
[entryPoints]
|
||||||
@ -76,7 +85,11 @@ job "traefik-ingress" {
|
|||||||
dashboard = true
|
dashboard = true
|
||||||
insecure = true
|
insecure = true
|
||||||
[ping]
|
[ping]
|
||||||
|
[certificatesResolvers.myresolver.acme]
|
||||||
|
email = "vincent@ducamps.win"
|
||||||
|
storage = "acme.json"
|
||||||
|
[certificatesResolvers.myresolver.acme.httpChallenge]
|
||||||
|
entryPoint= "web"
|
||||||
EOH
|
EOH
|
||||||
destination = "local/traefik.toml"
|
destination = "local/traefik.toml"
|
||||||
env = false
|
env = false
|
||||||
|
@ -15,6 +15,9 @@ job "traefik-local" {
|
|||||||
static = 9080
|
static = 9080
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
vault{
|
||||||
|
policies=["access-tables"]
|
||||||
|
}
|
||||||
|
|
||||||
task "server" {
|
task "server" {
|
||||||
driver = "docker"
|
driver = "docker"
|
||||||
@ -43,8 +46,8 @@ job "traefik-local" {
|
|||||||
"admin"
|
"admin"
|
||||||
]
|
]
|
||||||
volumes =[
|
volumes =[
|
||||||
"local/traefik.toml:/etc/traefik/traefik.toml"
|
"local/traefik.toml:/etc/traefik/traefik.toml",
|
||||||
#"/mnt/diskstation/nomad/traefik/acme.json:acme.json"
|
"/mnt/diskstation/nomad/traefik/acme-local.json:/acme.json"
|
||||||
]
|
]
|
||||||
|
|
||||||
}
|
}
|
||||||
@ -52,6 +55,14 @@ job "traefik-local" {
|
|||||||
#}
|
#}
|
||||||
env {
|
env {
|
||||||
}
|
}
|
||||||
|
template{
|
||||||
|
data=<<EOH
|
||||||
|
GANDIV5_API_KEY = "{{with secret "secrets/data/gandi"}}{{.Data.data.API_KEY}}{{end}}"
|
||||||
|
EOH
|
||||||
|
destination= "secrets/gandi.env"
|
||||||
|
env = true
|
||||||
|
}
|
||||||
|
|
||||||
template{
|
template{
|
||||||
data= <<EOH
|
data= <<EOH
|
||||||
[entryPoints]
|
[entryPoints]
|
||||||
@ -67,12 +78,20 @@ job "traefik-local" {
|
|||||||
[providers.consulCatalog]
|
[providers.consulCatalog]
|
||||||
exposedByDefault = false
|
exposedByDefault = false
|
||||||
[providers.consulCatalog.endpoint]
|
[providers.consulCatalog.endpoint]
|
||||||
address = "127.0.0.1:8500"
|
address = "172.17.0.1:8500"
|
||||||
[log]
|
[log]
|
||||||
[api]
|
[api]
|
||||||
dashboard = true
|
dashboard = true
|
||||||
insecure = true
|
insecure = true
|
||||||
[ping]
|
[ping]
|
||||||
|
[certificatesResolvers.myresolver.acme]
|
||||||
|
email = "vincent@ducamps.win"
|
||||||
|
storage = "acme.json"
|
||||||
|
[certificatesResolvers.myresolver.acme.dnsChallenge]
|
||||||
|
provider = "gandiv5"
|
||||||
|
delayBeforeCheck = 0
|
||||||
|
resolvers = ["173.246.100.133:53"]
|
||||||
|
|
||||||
|
|
||||||
EOH
|
EOH
|
||||||
destination = "local/traefik.toml"
|
destination = "local/traefik.toml"
|
||||||
|
Loading…
Reference in New Issue
Block a user