Use the new traefik_tags template
This commit is contained in:
parent
23d46f69d0
commit
a9042820f2
|
@ -19,20 +19,7 @@ job "[[ .instance ]]" {
|
||||||
[[ template "common/connect" $c ]]
|
[[ template "common/connect" $c ]]
|
||||||
|
|
||||||
tags = [
|
tags = [
|
||||||
"[[ $c.traefik.instance ]].enable=[[ $c.traefik.enabled ]]",
|
[[ template "common/traefik_tags" $c ]]
|
||||||
|
|
||||||
# Define a middleware to set custom CSP headers
|
|
||||||
"[[ $c.traefik.instance ]].http.middlewares.[[ .instance ]]-headers[[ .consul.suffix ]].headers.contentsecuritypolicy=[[ range $k, $v := $c.traefik.csp ]][[ $k ]] [[ $v ]];[[ end ]]",
|
|
||||||
|
|
||||||
"[[ $c.traefik.instance ]].http.routers.[[ .instance ]][[ .consul.suffix ]].rule=Host(`[[ (urlParse $c.public_url).Hostname ]]`)
|
|
||||||
[[- if not (regexp.Match "^/?$" (urlParse $c.public_url).Path) ]] && PathPrefix(`[[ (urlParse $c.public_url).Path ]]`)[[ end ]]",
|
|
||||||
"[[ $c.traefik.instance ]].http.routers.[[ .instance ]][[ .consul.suffix ]].entrypoints=[[ join $c.traefik.entrypoints "," ]]",
|
|
||||||
[[- if not (regexp.Match "^/?$" (urlParse $c.public_url).Path) ]]
|
|
||||||
"[[ $c.traefik.instance ]].http.middlewares.[[ .instance ]]-prefix[[ .consul.suffix ]].stripprefix.prefixes=[[ (urlParse $c.public_url).Path ]]",
|
|
||||||
"[[ $c.traefik.instance ]].http.routers.[[ .instance ]][[ .consul.suffix ]].middlewares=[[ .instance ]]-headers[[ .consul.suffix ]],[[ .instance ]]-prefix[[ .consul.suffix ]],[[ template "common/traefik_middlewares" $c ]]",
|
|
||||||
[[- else ]]
|
|
||||||
"[[ $c.traefik.instance ]].http.routers.[[ .instance ]][[ .consul.suffix ]].middlewares=[[ .instance ]]-headers[[ .consul.suffix ]],[[ template "common/traefik_middlewares" $c ]]"
|
|
||||||
[[- end ]]
|
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -37,6 +37,17 @@ job "bookstack" {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
sidecar_task {
|
sidecar_task {
|
||||||
|
config {
|
||||||
|
args = [
|
||||||
|
"-c",
|
||||||
|
"${NOMAD_SECRETS_DIR}/envoy_bootstrap.json",
|
||||||
|
"-l",
|
||||||
|
"${meta.connect.log_level}",
|
||||||
|
"--concurrency",
|
||||||
|
"${meta.connect.proxy_concurrency}",
|
||||||
|
"--disable-hot-restart"
|
||||||
|
]
|
||||||
|
}
|
||||||
|
|
||||||
resources {
|
resources {
|
||||||
cpu = 50
|
cpu = 50
|
||||||
|
@ -48,14 +59,13 @@ job "bookstack" {
|
||||||
|
|
||||||
|
|
||||||
tags = [
|
tags = [
|
||||||
|
|
||||||
"traefik.enable=true",
|
"traefik.enable=true",
|
||||||
|
|
||||||
# Define a middleware to set custom CSP headers
|
|
||||||
"traefik.http.middlewares.bookstack-headers.headers.contentsecuritypolicy=default-src 'self';font-src 'self' data:;img-src 'self' blob: data:;script-src 'self' 'unsafe-inline';style-src 'self' 'unsafe-inline';",
|
|
||||||
|
|
||||||
"traefik.http.routers.bookstack.rule=Host(`bookstack.example.org`)",
|
"traefik.http.routers.bookstack.rule=Host(`bookstack.example.org`)",
|
||||||
"traefik.http.routers.bookstack.entrypoints=https",
|
"traefik.http.routers.bookstack.entrypoints=https",
|
||||||
"traefik.http.routers.bookstack.middlewares=bookstack-headers,rate-limit-std@file,inflight-std@file,security-headers@file,hsts@file,compression@file"
|
"traefik.http.middlewares.bookstack-csp.headers.contentsecuritypolicy=default-src 'self';font-src 'self' data:;img-src 'self' blob: data:;script-src 'self' 'unsafe-inline';style-src 'self' 'unsafe-inline';",
|
||||||
|
"traefik.http.routers.bookstack.middlewares=bookstack-csp,rate-limit-std@file,inflight-std@file,security-headers@file,hsts@file,compression@file",
|
||||||
|
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -1,19 +0,0 @@
|
||||||
#!/bin/sh
|
|
||||||
|
|
||||||
set -eu
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
if [ "bookstack" != "bookstack" ]; then
|
|
||||||
for DIR in vault consul nomad; do
|
|
||||||
if [ -d output/${DIR} ]; then
|
|
||||||
for FILE in $(find output/${DIR} -name "*bookstack*.hcl" -type f); do
|
|
||||||
NEW_FILE=$(echo "${FILE}" | sed -E "s/bookstack/bookstack/g")
|
|
||||||
mv "${FILE}" "${NEW_FILE}"
|
|
||||||
done
|
|
||||||
fi
|
|
||||||
done
|
|
||||||
fi
|
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -1 +0,0 @@
|
||||||
[[ template "common/mv_conf.sh" dict "ctx" . "services" (dict "bookstack" .instance) ]]
|
|
Loading…
Reference in New Issue