blob: e399ef212edff49565054d8d00150c8b9aec7693 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
|
job "traefik" {
type = "service"
group "traefik" {
count = 1
network {
port "http" {
static = 80
}
port "https" {
static = 443
}
}
volume "certs" {
type = "host"
source = "ca-certificates"
}
task "traefik" {
driver = "docker"
config {
image = "traefik:v3.0"
network_mode = "host"
volumes = [
"local/traefik.toml:/etc/traefik/traefik.toml",
"local/nomad-agent-ca.pem:/etc/traefik/nomad-agent-ca.pem",
"local/dynamic-conf.yaml:/etc/traefik/dynamic-conf.yaml"
]
}
volume_mount {
volume = "certs"
destination = "/certificates"
}
template {
data = <<EOF
-----BEGIN CERTIFICATE-----
MIIDCzCCArGgAwIBAgIQbot0jxQHoG8s73hr191WtDAKBggqhkjOPQQDAjCByDEL
MAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2Nv
MRowGAYDVQQJExExMDEgU2Vjb25kIFN0cmVldDEOMAwGA1UEERMFOTQxMDUxFzAV
BgNVBAoTDkhhc2hpQ29ycCBJbmMuMQ4wDAYDVQQLEwVOb21hZDE/MD0GA1UEAxM2
Tm9tYWQgQWdlbnQgQ0EgMTQ2OTM5MTcyODk1MDE3MjcwNDk5OTgxOTYzNTQzOTI3
Njc0NTQ4MB4XDTI1MDMwNTE2MjY1OFoXDTMwMDMwNDE2MjY1OFowgcgxCzAJBgNV
BAYTAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNjbzEaMBgG
A1UECRMRMTAxIFNlY29uZCBTdHJlZXQxDjAMBgNVBBETBTk0MTA1MRcwFQYDVQQK
Ew5IYXNoaUNvcnAgSW5jLjEOMAwGA1UECxMFTm9tYWQxPzA9BgNVBAMTNk5vbWFk
IEFnZW50IENBIDE0NjkzOTE3Mjg5NTAxNzI3MDQ5OTk4MTk2MzU0MzkyNzY3NDU0
ODBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABIiynXPFpPbn1ybdwlHscUXMKC+C
CHNImr+HdySSAMrzKxglug6TBxyTGG3Xx41xCaBIvKjij9ayUMi1VgXEa7CjezB5
MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MCkGA1UdDgQiBCCGQHlJ
Jq7rUsjrK8nFttoCV25j687nsTAHRt0eGfK84zArBgNVHSMEJDAigCCGQHlJJq7r
UsjrK8nFttoCV25j687nsTAHRt0eGfK84zAKBggqhkjOPQQDAgNIADBFAiBPQ2vM
Fc0v5ctHR9f6cOHP2gIvYzIuYcBMq09TybzjrAIhAPgUAib3h9HA83SsoSa0PM8S
ZRHZBs9a7IewBXeVqgL8
-----END CERTIFICATE-----
EOF
destination = "local/nomad-agent-ca.pem"
}
template {
data = <<EOF
[entryPoints]
[entryPoints.httpredirect]
address = ":80"
[entryPoints.httpredirect.http.redirections.entryPoint]
to = "web"
scheme = "https"
permanent = "true"
[entryPoints.web]
address = ":443"
asDefault = true
[accessLog]
[log]
level = "INFO"
[api]
dashboard = true
[certificatesResolvers.default.acme]
email = "mathias+certs@magnusson.space"
storage = "/certificates/acme.json"
[certificatesResolvers.default.acme.httpChallenge]
entryPoint = "http"
# Enable Consul Catalog configuration backend.
[providers.nomad]
prefix = "traefik"
exposedByDefault = false
[providers.nomad.endpoint]
address = "https://127.0.0.1:4646"
token = "{{ with nomadVar "nomad/jobs/traefik" }}{{ .nomad_token }}{{ end }}"
[providers.nomad.endpoint.tls]
ca = "/etc/traefik/nomad-agent-ca.pem"
[providers.file]
filename = "/etc/traefik/dynamic-conf.yaml"
EOF
destination = "local/traefik.toml"
}
template {
data = <<YAML
http:
routers:
api:
rule: Host(`traefik.magnusson.space`)
service: api@internal
middlewares:
- auth
tls:
certResolver: default
ctftajm:
rule: Host(`ctftajm.se`)||Host(`www.ctftajm.se`)
service: ctftajm
tls:
certResolver: default
middlewares:
auth:
basicAuth:
users:
- mathias:$2y$05$NvMwyf/U2jh9TCYdxj8JbeDhFMGPBDid2IypQPebx4rk5WLOwR1M2
services:
ctftajm:
loadBalancer:
servers:
- url: "http://garm:8008"
YAML
destination = "local/dynamic-conf.yaml"
}
resources {
cpu = 100
memory = 128
}
}
}
}
|
