205 lines
4.6 KiB
HCL
205 lines
4.6 KiB
HCL
job "traefik" {
|
|
datacenters = ["aperture"]
|
|
node_pool = "ingress"
|
|
type = "service"
|
|
|
|
group "traefik" {
|
|
network {
|
|
port "http" {
|
|
static = 80
|
|
}
|
|
port "https" {
|
|
static = 443
|
|
}
|
|
port "admin" {
|
|
static = 8080
|
|
}
|
|
port "ssh" {
|
|
static = 22
|
|
}
|
|
port "smtp" {
|
|
static = 25
|
|
}
|
|
port "submission" {
|
|
static = 587
|
|
}
|
|
port "submissions" {
|
|
static = 465
|
|
}
|
|
port "imap" {
|
|
static = 143
|
|
}
|
|
port "imaps" {
|
|
static = 993
|
|
}
|
|
port "pop3" {
|
|
static = 110
|
|
}
|
|
port "pop3s" {
|
|
static = 995
|
|
}
|
|
port "managesieve" {
|
|
static = 4190
|
|
}
|
|
port "voice-tcp" {
|
|
static = 4502
|
|
}
|
|
port "voice-udp" {
|
|
static = 4503
|
|
}
|
|
}
|
|
|
|
service {
|
|
name = "traefik-http"
|
|
provider = "nomad"
|
|
port = "https"
|
|
}
|
|
|
|
task "traefik" {
|
|
driver = "docker"
|
|
config {
|
|
image = "traefik"
|
|
network_mode = "host"
|
|
|
|
volumes = [
|
|
"local/traefik.toml:/etc/traefik/traefik.toml",
|
|
"/storage/nomad/traefik/acme/acme.json:/acme.json",
|
|
"/storage/nomad/traefik/access.log:/access.log",
|
|
]
|
|
}
|
|
|
|
template {
|
|
data = <<EOF
|
|
[entryPoints]
|
|
[entryPoints.web]
|
|
address = ":80"
|
|
[entryPoints.web.http.redirections.entryPoint]
|
|
to = "websecure"
|
|
scheme = "https"
|
|
|
|
[entryPoints.websecure]
|
|
address = ":443"
|
|
|
|
[entryPoints.traefik]
|
|
address = ":8080"
|
|
|
|
[entryPoints.ssh]
|
|
address = ":22"
|
|
|
|
[entryPoints.smtp]
|
|
address = ":25"
|
|
|
|
[entryPoints.submission]
|
|
address = ":587"
|
|
|
|
[entryPoints.submissions]
|
|
address = ":465"
|
|
|
|
[entryPoints.imap]
|
|
address = ":143"
|
|
|
|
[entryPoints.imaps]
|
|
address = ":993"
|
|
|
|
[entryPoints.pop3]
|
|
address = ":110"
|
|
|
|
[entryPoints.pop3s]
|
|
address = ":995"
|
|
|
|
[entryPoints.managesieve]
|
|
address = ":4190"
|
|
|
|
[entryPoints.voice-tcp]
|
|
address = ":4502"
|
|
|
|
[entryPoints.voice-udp]
|
|
address = ":4503/udp"
|
|
[entryPoints.voice-udp.udp]
|
|
timeout = "15s" # this will help reduce random dropouts in audio https://github.com/mumble-voip/mumble/issues/3550#issuecomment-441495977
|
|
|
|
[tls.options]
|
|
[tls.options.default]
|
|
minVersion = "VersionTLS12"
|
|
cipherSuites = [
|
|
"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
|
|
"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305",
|
|
"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
|
|
"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
|
|
"TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256",
|
|
"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256"
|
|
]
|
|
|
|
[api]
|
|
dashboard = true
|
|
insecure = true
|
|
|
|
# Enable Consul Catalog configuration backend.
|
|
[providers.consulCatalog]
|
|
prefix = "traefik"
|
|
exposedByDefault = false
|
|
|
|
[providers.consulCatalog.endpoint]
|
|
address = "127.0.0.1:8500"
|
|
scheme = "http"
|
|
|
|
# Enable the file provider for dynamic configuration.
|
|
[providers.file]
|
|
filename = "/local/dynamic.toml"
|
|
|
|
#[providers.nomad]
|
|
# [providers.nomad.endpoint]
|
|
# address = "127.0.0.1:4646"
|
|
# scheme = "http"
|
|
|
|
[certificatesResolvers.lets-encrypt.acme]
|
|
email = "elected-admins@redbrick.dcu.ie"
|
|
storage = "acme.json"
|
|
[certificatesResolvers.lets-encrypt.acme.tlsChallenge]
|
|
|
|
[tracing]
|
|
|
|
[accessLog]
|
|
filePath = "/access.log"
|
|
EOF
|
|
destination = "/local/traefik.toml"
|
|
}
|
|
template {
|
|
data = <<EOF
|
|
[http]
|
|
|
|
[http.middlewares]
|
|
|
|
# handle redirects for short links
|
|
# NOTE: this is a consul template, add entries via consul kv
|
|
# create the middlewares with replacements for each redirect
|
|
{{ range $pair := tree "redirect/redbrick" }}
|
|
[http.middlewares.redirect-{{ trimPrefix "redirect/redbrick/" $pair.Key }}.redirectRegex]
|
|
regex = ".*" # match everything - hosts are handled by the router
|
|
replacement = "{{ $pair.Value }}"
|
|
permanent = true
|
|
{{- end }}
|
|
|
|
[http.routers]
|
|
|
|
# create routers with middlewares for each redirect
|
|
{{ range $pair := tree "redirect/redbrick" }}
|
|
[http.routers.{{ trimPrefix "redirect/redbrick/" $pair.Key }}-redirect]
|
|
rule = "Host(`{{ trimPrefix "redirect/redbrick/" $pair.Key }}.redbrick.dcu.ie`)"
|
|
entryPoints = ["web", "websecure"]
|
|
middlewares = ["redirect-{{ trimPrefix "redirect/redbrick/" $pair.Key }}"]
|
|
service = "dummy-service" # all routers need a service, this isn't used
|
|
[http.routers.{{ trimPrefix "redirect/redbrick/" $pair.Key }}-redirect.tls]
|
|
{{- end }}
|
|
|
|
[http.services]
|
|
[http.services.dummy-service.loadBalancer]
|
|
[[http.services.dummy-service.loadBalancer.servers]]
|
|
url = "http://127.0.0.1" # Dummy service - not used
|
|
EOF
|
|
destination = "local/dynamic.toml"
|
|
change_mode = "noop"
|
|
}
|
|
}
|
|
}
|
|
}
|