Use new traefik_tags template

2024-01-26 23:32:12 +01:00 · 2024-01-26 23:32:12 +01:00 · b9c3bde292
parent 83749a7edd
commit b9c3bde292
3 changed files with 10 additions and 16 deletions
--- a/boardgame-manager.nomad.hcl
+++ b/boardgame-manager.nomad.hcl
@ -16,21 +16,8 @@ job "[[ .instance ]]" {
 [[ template "common/connect" $c ]]

      tags = [
-[[- if $c.traefik.enabled ]]
-        "[[ $c.traefik.instance ]].enable=true",
-        "[[ $c.traefik.instance ]].http.routers.[[ .instance ]][[ .consul.suffix ]].rule=Host(`[[ (urlParse .bgm.public_url).Hostname ]]`)
-  [[- if not (regexp.Match "^/?$" (urlParse .bgm.public_url).Path) ]] && PathPrefix(`[[ (urlParse .bgm.public_url).Path ]]`)[[ end ]]",
-        "[[ $c.traefik.instance ]].http.routers.[[ .instance ]][[ .consul.suffix ]].entrypoints=[[ join $c.traefik.entrypoints "," ]]",
-        "[[ $c.traefik.instance ]].http.routers.[[ .instance ]][[ .consul.suffix ]].tls=true",
-        "[[ $c.traefik.instance ]].http.middlewares.[[ .instance ]]-csp[[ .consul.suffix ]].headers.contentSecurityPolicy=default-src 'self'; img-src 'self' data: https://www.gravatar.com; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; font-src 'self' data:",
-  [[- if not (regexp.Match "^/?$" (urlParse .bgm.public_url).Path) ]]
-        "[[ $c.traefik.instance ]].http.middlewares.[[ .instance ]][[ .consul.suffix ]]-path.stripprefix.prefixes=[[ (urlParse .bgm.public_url).Path ]]",
-        "[[ $c.traefik.instance ]].http.routers.[[ .instance ]][[ .consul.suffix ]].middlewares=[[ .instance ]][[ .consul.suffix ]]-path,[[ .instance ]]-csp[[ .consul.suffix ]],[[ template "common/traefik_middlewares" $c ]]",
-  [[- else ]]
-        "[[ $c.traefik.instance ]].http.routers.[[ .instance ]][[ .consul.suffix ]].middlewares=[[ .instance ]]-csp[[ .consul.suffix ]],[[ template "common/traefik_middlewares" $c ]]",
-  [[- end ]]
+[[ template "common/traefik_tags" $c ]]
      ]
-[[- end ]]
    }

    volume "data" {
--- a/example/boardgame-manager.nomad.hcl
+++ b/example/boardgame-manager.nomad.hcl
@ -40,12 +40,13 @@ job "boardgame-manager" {


      tags = [
+
        "traefik.enable=true",
        "traefik.http.routers.boardgame-manager.rule=Host(`bgm.example.org`)",
        "traefik.http.routers.boardgame-manager.entrypoints=https",
-        "traefik.http.routers.boardgame-manager.tls=true",
-        "traefik.http.middlewares.boardgame-manager-csp.headers.contentSecurityPolicy=default-src 'self'; img-src 'self' data: https://www.gravatar.com; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; font-src 'self' data:",
+        "traefik.http.middlewares.boardgame-manager-csp.headers.contentsecuritypolicy=default-src 'self';font-src 'self' data:;img-src 'self' data: https://www.gravatar.com;script-src 'self' 'unsafe-inline' 'unsafe-eval';style-src 'self' 'unsafe-inline';",
        "traefik.http.routers.boardgame-manager.middlewares=boardgame-manager-csp,rate-limit-std@file,inflight-std@file,security-headers@file,hsts@file,compression@file,csp-relaxed@file",
+
      ]
    }

--- a/variables.yml
+++ b/variables.yml
@ -35,6 +35,12 @@ bgm:
    middlewares:
      - compression@file
      - csp-relaxed@file
+    csp:
+      default-src: "'self'"
+      img-src: "'self' data: https://www.gravatar.com"
+      script-src: "'self' 'unsafe-inline' 'unsafe-eval'"
+      style-src: "'self' 'unsafe-inline'"
+      font-src: "'self' data:"

  backup:
    enabled: false