blob: 638a1c9f47a9554b7c6c7b932f74ee14bb75a0de (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
|
job "virtual-hosting" {
group "nginx" {
count = 1
network {
port "http" {
static = 80
}
port "https" {
static = 443
}
}
volume "certs" {
type = "host"
source = "ca-certificates"
read_only = true
}
task "nginx" {
driver = "docker"
resources {
cpu = 50
memory = 20
}
volume_mount {
volume = "certs"
destination = "/var/local/certs"
}
config {
image = "nginx:1.25-alpine"
ports = ["http", "https"]
volumes = [
"local:/etc/nginx/conf.d",
]
}
template {
data = <<EOF
{{- range nomadServices -}}
{{- $hostname := "" -}}
{{- $certname := "" -}}
{{- $default := "" -}}
{{- range $tag := .Tags -}}
{{- if $tag | regexMatch "nginx.hostname=" -}}
{{- $hostname = $tag | replaceAll "nginx.hostname=" "" -}}
{{- end -}}
{{- if $tag | regexMatch "nginx.certname=" -}}
{{- $certname = $tag | replaceAll "nginx.certname=" "" -}}
{{- end -}}
{{- if $tag | regexMatch "nginx.default_server" -}}
{{- $default = "default_server" -}}
{{- end -}}
{{- end -}}
{{- if eq $hostname "" -}}
{{- continue -}}
{{- end -}}
{{- $upstream := .Name | toLower | regexReplaceAll "[^a-z0-9\\-._]" "" -}}
################################################
upstream {{ $upstream }} {
{{- range nomadService .Name }}
server {{ .Address }}:{{ .Port }};
{{- end }}
}
server {
listen 80 {{ $default }};
listen [::]:80 {{ $default }};
http2 on;
server_name {{ $hostname }};
location / {
proxy_pass http://{{ $upstream }};
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;
}
}
{{ if ne $certname "" -}}
server {
listen 443 ssl {{ $default }};
listen [::]:443 ssl {{ $default }};
http2 on;
server_name {{ $hostname }};
ssl_certificate /var/local/certs/certificates/{{ $certname }}.crt;
ssl_certificate_key /var/local/certs/certificates/{{ $certname }}.key;
ssl_trusted_certificate /var/local/certs/certificates/{{ $certname }}.issuer.crt;
location / {
proxy_pass http://{{ $upstream }};
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;
}
}
{{ end -}}
{{ end -}}
EOF
destination = "local/virtual-hosting.conf"
change_mode = "signal"
change_signal = "SIGHUP"
}
}
}
}
|
