Use new traefik_tags template
This commit is contained in:
parent
83749a7edd
commit
b9c3bde292
|
@ -16,21 +16,8 @@ job "[[ .instance ]]" {
|
|||
[[ template "common/connect" $c ]]
|
||||
|
||||
tags = [
|
||||
[[- if $c.traefik.enabled ]]
|
||||
"[[ $c.traefik.instance ]].enable=true",
|
||||
"[[ $c.traefik.instance ]].http.routers.[[ .instance ]][[ .consul.suffix ]].rule=Host(`[[ (urlParse .bgm.public_url).Hostname ]]`)
|
||||
[[- if not (regexp.Match "^/?$" (urlParse .bgm.public_url).Path) ]] && PathPrefix(`[[ (urlParse .bgm.public_url).Path ]]`)[[ end ]]",
|
||||
"[[ $c.traefik.instance ]].http.routers.[[ .instance ]][[ .consul.suffix ]].entrypoints=[[ join $c.traefik.entrypoints "," ]]",
|
||||
"[[ $c.traefik.instance ]].http.routers.[[ .instance ]][[ .consul.suffix ]].tls=true",
|
||||
"[[ $c.traefik.instance ]].http.middlewares.[[ .instance ]]-csp[[ .consul.suffix ]].headers.contentSecurityPolicy=default-src 'self'; img-src 'self' data: https://www.gravatar.com; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; font-src 'self' data:",
|
||||
[[- if not (regexp.Match "^/?$" (urlParse .bgm.public_url).Path) ]]
|
||||
"[[ $c.traefik.instance ]].http.middlewares.[[ .instance ]][[ .consul.suffix ]]-path.stripprefix.prefixes=[[ (urlParse .bgm.public_url).Path ]]",
|
||||
"[[ $c.traefik.instance ]].http.routers.[[ .instance ]][[ .consul.suffix ]].middlewares=[[ .instance ]][[ .consul.suffix ]]-path,[[ .instance ]]-csp[[ .consul.suffix ]],[[ template "common/traefik_middlewares" $c ]]",
|
||||
[[- else ]]
|
||||
"[[ $c.traefik.instance ]].http.routers.[[ .instance ]][[ .consul.suffix ]].middlewares=[[ .instance ]]-csp[[ .consul.suffix ]],[[ template "common/traefik_middlewares" $c ]]",
|
||||
[[- end ]]
|
||||
[[ template "common/traefik_tags" $c ]]
|
||||
]
|
||||
[[- end ]]
|
||||
}
|
||||
|
||||
volume "data" {
|
||||
|
|
|
@ -40,12 +40,13 @@ job "boardgame-manager" {
|
|||
|
||||
|
||||
tags = [
|
||||
|
||||
"traefik.enable=true",
|
||||
"traefik.http.routers.boardgame-manager.rule=Host(`bgm.example.org`)",
|
||||
"traefik.http.routers.boardgame-manager.entrypoints=https",
|
||||
"traefik.http.routers.boardgame-manager.tls=true",
|
||||
"traefik.http.middlewares.boardgame-manager-csp.headers.contentSecurityPolicy=default-src 'self'; img-src 'self' data: https://www.gravatar.com; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; font-src 'self' data:",
|
||||
"traefik.http.middlewares.boardgame-manager-csp.headers.contentsecuritypolicy=default-src 'self';font-src 'self' data:;img-src 'self' data: https://www.gravatar.com;script-src 'self' 'unsafe-inline' 'unsafe-eval';style-src 'self' 'unsafe-inline';",
|
||||
"traefik.http.routers.boardgame-manager.middlewares=boardgame-manager-csp,rate-limit-std@file,inflight-std@file,security-headers@file,hsts@file,compression@file,csp-relaxed@file",
|
||||
|
||||
]
|
||||
}
|
||||
|
||||
|
|
|
@ -35,6 +35,12 @@ bgm:
|
|||
middlewares:
|
||||
- compression@file
|
||||
- csp-relaxed@file
|
||||
csp:
|
||||
default-src: "'self'"
|
||||
img-src: "'self' data: https://www.gravatar.com"
|
||||
script-src: "'self' 'unsafe-inline' 'unsafe-eval'"
|
||||
style-src: "'self' 'unsafe-inline'"
|
||||
font-src: "'self' data:"
|
||||
|
||||
backup:
|
||||
enabled: false
|
||||
|
|
Loading…
Reference in New Issue