diff --git a/bookstack.nomad.hcl b/bookstack.nomad.hcl index f8b6392..9c03787 100644 --- a/bookstack.nomad.hcl +++ b/bookstack.nomad.hcl @@ -19,20 +19,7 @@ job "[[ .instance ]]" { [[ template "common/connect" $c ]] tags = [ - "[[ $c.traefik.instance ]].enable=[[ $c.traefik.enabled ]]", - - # Define a middleware to set custom CSP headers - "[[ $c.traefik.instance ]].http.middlewares.[[ .instance ]]-headers[[ .consul.suffix ]].headers.contentsecuritypolicy=[[ range $k, $v := $c.traefik.csp ]][[ $k ]] [[ $v ]];[[ end ]]", - - "[[ $c.traefik.instance ]].http.routers.[[ .instance ]][[ .consul.suffix ]].rule=Host(`[[ (urlParse $c.public_url).Hostname ]]`) - [[- if not (regexp.Match "^/?$" (urlParse $c.public_url).Path) ]] && PathPrefix(`[[ (urlParse $c.public_url).Path ]]`)[[ end ]]", - "[[ $c.traefik.instance ]].http.routers.[[ .instance ]][[ .consul.suffix ]].entrypoints=[[ join $c.traefik.entrypoints "," ]]", -[[- if not (regexp.Match "^/?$" (urlParse $c.public_url).Path) ]] - "[[ $c.traefik.instance ]].http.middlewares.[[ .instance ]]-prefix[[ .consul.suffix ]].stripprefix.prefixes=[[ (urlParse $c.public_url).Path ]]", - "[[ $c.traefik.instance ]].http.routers.[[ .instance ]][[ .consul.suffix ]].middlewares=[[ .instance ]]-headers[[ .consul.suffix ]],[[ .instance ]]-prefix[[ .consul.suffix ]],[[ template "common/traefik_middlewares" $c ]]", -[[- else ]] - "[[ $c.traefik.instance ]].http.routers.[[ .instance ]][[ .consul.suffix ]].middlewares=[[ .instance ]]-headers[[ .consul.suffix ]],[[ template "common/traefik_middlewares" $c ]]" -[[- end ]] +[[ template "common/traefik_tags" $c ]] ] } diff --git a/example/bookstack.nomad.hcl b/example/bookstack.nomad.hcl index 76b6400..27307e5 100644 --- a/example/bookstack.nomad.hcl +++ b/example/bookstack.nomad.hcl @@ -37,6 +37,17 @@ job "bookstack" { } } sidecar_task { + config { + args = [ + "-c", + "${NOMAD_SECRETS_DIR}/envoy_bootstrap.json", + "-l", + "${meta.connect.log_level}", + "--concurrency", + "${meta.connect.proxy_concurrency}", + "--disable-hot-restart" + ] + } resources { cpu = 50 @@ -48,14 +59,13 @@ job "bookstack" { tags = [ + "traefik.enable=true", - - # Define a middleware to set custom CSP headers - "traefik.http.middlewares.bookstack-headers.headers.contentsecuritypolicy=default-src 'self';font-src 'self' data:;img-src 'self' blob: data:;script-src 'self' 'unsafe-inline';style-src 'self' 'unsafe-inline';", - "traefik.http.routers.bookstack.rule=Host(`bookstack.example.org`)", "traefik.http.routers.bookstack.entrypoints=https", - "traefik.http.routers.bookstack.middlewares=bookstack-headers,rate-limit-std@file,inflight-std@file,security-headers@file,hsts@file,compression@file" + "traefik.http.middlewares.bookstack-csp.headers.contentsecuritypolicy=default-src 'self';font-src 'self' data:;img-src 'self' blob: data:;script-src 'self' 'unsafe-inline';style-src 'self' 'unsafe-inline';", + "traefik.http.routers.bookstack.middlewares=bookstack-csp,rate-limit-std@file,inflight-std@file,security-headers@file,hsts@file,compression@file", + ] } diff --git a/example/prep.d/10-mv-conf.sh b/example/prep.d/10-mv-conf.sh deleted file mode 100755 index 3346d6c..0000000 --- a/example/prep.d/10-mv-conf.sh +++ /dev/null @@ -1,19 +0,0 @@ -#!/bin/sh - -set -eu - - - -if [ "bookstack" != "bookstack" ]; then - for DIR in vault consul nomad; do - if [ -d output/${DIR} ]; then - for FILE in $(find output/${DIR} -name "*bookstack*.hcl" -type f); do - NEW_FILE=$(echo "${FILE}" | sed -E "s/bookstack/bookstack/g") - mv "${FILE}" "${NEW_FILE}" - done - fi - done -fi - - - diff --git a/prep.d/10-mv-conf.sh b/prep.d/10-mv-conf.sh deleted file mode 100755 index 69ce5e5..0000000 --- a/prep.d/10-mv-conf.sh +++ /dev/null @@ -1 +0,0 @@ -[[ template "common/mv_conf.sh" dict "ctx" . "services" (dict "bookstack" .instance) ]]