blob: 1107117a24ce1402bc15b4953cdc9622c3d7ed8a (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
|
job "traefik" {
type = "service"
group "traefik" {
count = 1
network {
port "http" {
static = 80
}
port "https" {
static = 443
}
}
volume "certs" {
type = "host"
source = "ca-certificates"
}
task "traefik" {
driver = "docker"
config {
image = "traefik:v3.0"
network_mode = "host"
volumes = [
"local/traefik.toml:/etc/traefik/traefik.toml",
"local/nomad-agent-ca.pem:/etc/traefik/nomad-agent-ca.pem",
"local/dynamic-conf.yaml:/etc/traefik/dynamic-conf.yaml"
]
}
volume_mount {
volume = "certs"
destination = "/certificates"
}
template {
data = <<EOF
-----BEGIN CERTIFICATE-----
MIIDDTCCArKgAwIBAgIRAIYjjhWbJ80SG4cXZF6bGVIwCgYIKoZIzj0EAwIwgcgx
CzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNj
bzEaMBgGA1UECRMRMTAxIFNlY29uZCBTdHJlZXQxDjAMBgNVBBETBTk0MTA1MRcw
FQYDVQQKEw5IYXNoaUNvcnAgSW5jLjEOMAwGA1UECxMFTm9tYWQxPzA9BgNVBAMT
Nk5vbWFkIEFnZW50IENBIDE3ODMwMTE2MzYzOTIwMDg3MDMyMTI4NzQyMTA5ODEy
MTE3MzMzMDAeFw0yMzA4MjAyMDE0MzdaFw0yODA4MTgyMDE0MzdaMIHIMQswCQYD
VQQGEwJVUzELMAkGA1UECBMCQ0ExFjAUBgNVBAcTDVNhbiBGcmFuY2lzY28xGjAY
BgNVBAkTETEwMSBTZWNvbmQgU3RyZWV0MQ4wDAYDVQQREwU5NDEwNTEXMBUGA1UE
ChMOSGFzaGlDb3JwIEluYy4xDjAMBgNVBAsTBU5vbWFkMT8wPQYDVQQDEzZOb21h
ZCBBZ2VudCBDQSAxNzgzMDExNjM2MzkyMDA4NzAzMjEyODc0MjEwOTgxMjExNzMz
MzAwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQnSx/6sQkxGuL9kaDAyUGoqWYJ
bAzrBrhyNLMkjjYXQ7QrzSOIzGfUGj2A4AzpHbU0t9k+JKaVHaKevcPVFyLMo3sw
eTAOBgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zApBgNVHQ4EIgQgqgrh
OUp/Z5bL0pf20U6mGO57+PdAU88f3U6MbvYPaqMwKwYDVR0jBCQwIoAgqgrhOUp/
Z5bL0pf20U6mGO57+PdAU88f3U6MbvYPaqMwCgYIKoZIzj0EAwIDSQAwRgIhAOuN
l6lMSJW7er6SN22jKxR+oxrk9755eKm0b4GCDscCAiEAjlyxJnwTSF1v23cCS4c+
V435uuYooblwdUaga7fTDkE=
-----END CERTIFICATE-----
EOF
destination = "local/nomad-agent-ca.pem"
}
template {
data = <<EOF
[entryPoints]
[entryPoints.http]
address = ":80"
[entryPoints.http.http.redirections.entryPoint]
to = "https"
scheme = "https"
permanent = "true"
[entryPoints.https]
address = ":443"
[accessLog]
[log]
level = "INFO"
[api]
dashboard = true
[certificatesResolvers.default.acme]
email = "mathias+certs@magnusson.space"
storage = "/certificates/acme.json"
[certificatesResolvers.default.acme.httpChallenge]
entryPoint = "http"
# Enable Consul Catalog configuration backend.
[providers.nomad]
prefix = "traefik"
exposedByDefault = false
[providers.nomad.endpoint]
address = "https://127.0.0.1:4646"
token = "{{ with nomadVar "nomad/jobs/traefik" }}{{ .nomad_token }}{{ end }}"
[providers.nomad.endpoint.tls]
ca = "/etc/traefik/nomad-agent-ca.pem"
[providers.file]
filename = "/etc/traefik/dynamic-conf.yaml"
EOF
destination = "local/traefik.toml"
}
template {
data = <<YAML
http:
routers:
api:
rule: Host(`traefik.magnusson.space`)
service: api@internal
middlewares:
- auth
tls:
certResolver: default
entrypoints: https
ctftajm:
rule: Host(`ctftajm.se`)||Host(`www.ctftajm.se`)
service: ctftajm
tls:
certResolver: default
entrypoints: https
middlewares:
auth:
basicAuth:
users:
- mathias:$2y$05$NvMwyf/U2jh9TCYdxj8JbeDhFMGPBDid2IypQPebx4rk5WLOwR1M2
services:
ctftajm:
loadBalancer:
servers:
- url: "http://garm:8008"
YAML
destination = "local/dynamic-conf.yaml"
}
resources {
cpu = 100
memory = 128
}
}
}
}
|
