diff options
| author | Mathias Magnusson <mathias@magnusson.space> | 2023-09-18 23:50:05 +0200 |
|---|---|---|
| committer | Mathias Magnusson <mathias@magnusson.space> | 2023-09-18 23:50:11 +0200 |
| commit | 5ec0fdc9932242ec6cc6b1dd68a37a2d3a83fc3a (patch) | |
| tree | ddf86a30522bf7ba81127f8da379c06d7cf04e95 /jobs/virtual-hosting.nomad.hcl | |
| parent | 820b717359ccd22ec9297d4023ba54cd7b685c00 (diff) | |
| download | garm-5ec0fdc9932242ec6cc6b1dd68a37a2d3a83fc3a.tar.gz | |
Move nginx job spec
Diffstat (limited to 'jobs/virtual-hosting.nomad.hcl')
| -rw-r--r-- | jobs/virtual-hosting.nomad.hcl | 123 |
1 files changed, 123 insertions, 0 deletions
diff --git a/jobs/virtual-hosting.nomad.hcl b/jobs/virtual-hosting.nomad.hcl new file mode 100644 index 0000000..2ed377f --- /dev/null +++ b/jobs/virtual-hosting.nomad.hcl @@ -0,0 +1,123 @@ +job "virtual-hosting" { + group "nginx" { + count = 1 + + network { + port "http" { + static = 80 + } + port "https" { + static = 443 + } + } + + volume "certs" { + type = "host" + source = "ca-certificates" + read_only = true + } + + task "nginx" { + driver = "docker" + + resources { + cpu = 50 + memory = 20 + } + + volume_mount { + volume = "certs" + destination = "/var/local/certs" + } + + config { + image = "nginx:1.25-alpine" + ports = ["http", "https"] + + volumes = [ + "local:/etc/nginx/conf.d", + ] + } + + template { + data = <<EOF +{{- range nomadServices -}} + {{- $hostname := "" -}} + {{- $certname := "" -}} + {{- $default := "" -}} + {{- range $tag := .Tags -}} + {{- if $tag | regexMatch "nginx.hostname=" -}} + {{- $hostname = $tag | replaceAll "nginx.hostname=" "" -}} + {{- end -}} + {{- if $tag | regexMatch "nginx.certname=" -}} + {{- $certname = $tag | replaceAll "nginx.certname=" "" -}} + {{- end -}} + {{- if $tag | regexMatch "nginx.default_server" -}} + {{- $default = "default_server" -}} + {{- end -}} + {{- end -}} + {{- if eq $hostname "" -}} + {{- continue -}} + {{- end -}} + + {{- $upstream := .Name | toLower | regexReplaceAll "[^a-z0-9\\-._]" "" -}} + +################################################ +upstream {{ $upstream }} { + {{- range nomadService .Name }} + server {{ .Address }}:{{ .Port }}; + {{- end }} +} + +server { + listen 80 {{ $default }}; + listen [::]:80 {{ $default }}; + http2 on; + server_name {{ $hostname }}; + + location / { + proxy_pass http://{{ $upstream }}; + + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-Host $host; + proxy_set_header X-Forwarded-Port $server_port; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + + proxy_set_header Upgrade $http_upgrade; + } +} + +{{ if ne $certname "" -}} +server { + listen 443 ssl {{ $default }}; + listen [::]:443 ssl {{ $default }}; + http2 on; + server_name {{ $hostname }}; + + ssl_certificate /var/local/certs/certificates/{{ $certname }}.crt; + ssl_certificate_key /var/local/certs/certificates/{{ $certname }}.key; + ssl_trusted_certificate /var/local/certs/certificates/{{ $certname }}.issuer.crt; + + location / { + proxy_pass http://{{ $upstream }}; + + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-Host $host; + proxy_set_header X-Forwarded-Port $server_port; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + + proxy_set_header Upgrade $http_upgrade; + } +} +{{ end -}} + +{{ end -}} +EOF + + destination = "local/virtual-hosting.conf" + change_mode = "signal" + change_signal = "SIGHUP" + } + } + } +} |