Adapt to new middleware model
This commit is contained in:
parent
16cdb74532
commit
04a1a75d33
|
@ -27,6 +27,17 @@ job "lemonldap-ng" {
|
|||
}
|
||||
}
|
||||
sidecar_task {
|
||||
config {
|
||||
args = [
|
||||
"-c",
|
||||
"${NOMAD_SECRETS_DIR}/envoy_bootstrap.json",
|
||||
"-l",
|
||||
"${meta.connect.log_level}",
|
||||
"--concurrency",
|
||||
"${meta.connect.proxy_concurrency}",
|
||||
"--disable-hot-restart"
|
||||
]
|
||||
}
|
||||
|
||||
resources {
|
||||
cpu = 50
|
||||
|
@ -37,14 +48,24 @@ job "lemonldap-ng" {
|
|||
}
|
||||
|
||||
tags = [
|
||||
"traefik.enable=true",
|
||||
|
||||
"traefik.http.routers.lemonldap-ng-portal.rule=Host(`sso.example.org`) && !PathRegexp(`^/index\\.psgi/(config|sessions)`)",
|
||||
|
||||
"traefik.enable=true",
|
||||
"traefik.http.routers.lemonldap-ng-portal.entrypoints=https",
|
||||
"traefik.http.routers.lemonldap-ng-portal.priority=100",
|
||||
"traefik.http.routers.lemonldap-ng-portal.middlewares=rate-limit-std@file,inflight-std@file,security-headers@file,hsts@file",
|
||||
"traefik.http.routers.lemonldap-ng-portal.middlewares=security-headers@file,rate-limit-std@file,forward-proto@file,inflight-std@file,hsts@file",
|
||||
|
||||
|
||||
|
||||
"traefik.enable=true",
|
||||
"traefik.http.routers.lemonldap-ng-manager.rule=Host(`manager.example.org`)",
|
||||
"traefik.http.routers.lemonldap-ng-manager.entrypoints=https",
|
||||
"traefik.http.routers.lemonldap-ng-manager.middlewares=rate-limit-std@file,inflight-std@file,security-headers@file,hsts@file,compression@file,map[]",
|
||||
"traefik.http.routers.lemonldap-ng-manager.middlewares=security-headers@file,rate-limit-std@file,forward-proto@file,inflight-std@file,hsts@file,compression@file",
|
||||
|
||||
|
||||
"traefik.http.routers.lemonldap-ng-api.rule=Host(`sso.example.org`) && PathRegexp(`^/index\\.psgi/(config|sessions)`)",
|
||||
|
||||
|
||||
|
||||
]
|
||||
}
|
||||
|
|
|
@ -22,32 +22,13 @@ job "[[ .instance ]]" {
|
|||
[[- $a := merge .llng.api .llng.portal . ]]
|
||||
tags = [
|
||||
|
||||
[[- if $p.traefik.enabled ]]
|
||||
"[[ $p.traefik.instance ]].enable=true",
|
||||
"[[ $p.traefik.instance ]].http.routers.[[ .instance ]]-portal[[ .consul.suffix ]].rule=Host(`[[ (urlParse $p.public_url).Hostname ]]`) && !PathRegexp(`^/index\\.psgi/(config|sessions)`)",
|
||||
"[[ $p.traefik.instance ]].http.routers.[[ .instance ]]-portal[[ .consul.suffix ]].entrypoints=[[ join $p.traefik.entrypoints "," ]]",
|
||||
"[[ $p.traefik.instance ]].http.routers.[[ .instance ]]-portal[[ .consul.suffix ]].priority=100",
|
||||
"[[ $p.traefik.instance ]].http.routers.[[ .instance ]]-portal[[ .consul.suffix ]].middlewares=[[ template "common/traefik_middlewares" $p.traefik ]]",
|
||||
[[- end ]]
|
||||
[[ template "common/traefik_tags" $p ]]
|
||||
|
||||
[[- if $m.traefik.enabled ]]
|
||||
[[- if ne $m.traefik.instance $c.traefik.instance ]]
|
||||
"[[ $m.traefik.instance ]].enable=true",
|
||||
[[- end ]]
|
||||
"[[ $m.traefik.instance ]].http.routers.[[ .instance ]]-manager[[ .consul.suffix ]].rule=Host(`[[ (urlParse $m.public_url).Hostname ]]`)",
|
||||
"[[ $m.traefik.instance ]].http.routers.[[ .instance ]]-manager[[ .consul.suffix ]].entrypoints=[[ join $m.traefik.entrypoints "," ]]",
|
||||
"[[ $m.traefik.instance ]].http.routers.[[ .instance ]]-manager[[ .consul.suffix ]].middlewares=[[ template "common/traefik_middlewares" $m.traefik ]]",
|
||||
[[- end ]]
|
||||
[[ template "common/traefik_tags" $m ]]
|
||||
|
||||
[[- if $a.traefik.enabled ]]
|
||||
[[- if ne $a.traefik.instance $p.traefik.instance ]]
|
||||
"[[ $a.traefik.instance ]].enable=true",
|
||||
[[- end ]]
|
||||
"[[ $a.traefik.instance ]].http.routers.[[ .instance ]]-api[[ .consul.suffix ]].rule=Host(`[[ (urlParse $p.public_url).Hostname ]]`) && PathRegexp(`^/index\\.psgi/(config|sessions)`)",
|
||||
"[[ $a.traefik.instance ]].http.routers.[[ .instance ]]-api[[ .consul.suffix ]].entrypoints=[[ join $a.traefik.entrypoints "," ]]",
|
||||
"[[ $a.traefik.instance ]].http.routers.[[ .instance ]]-api[[ .consul.suffix ]].priority=200",
|
||||
"[[ $a.traefik.instance ]].http.routers.[[ .instance ]]-api[[ .consul.suffix ]].middlewares=[[ template "common/traefik_middlewares" $a.traefik ]]",
|
||||
[[- end ]]
|
||||
[[ template "common/traefik_tags" $a ]]
|
||||
|
||||
]
|
||||
}
|
||||
|
|
|
@ -79,17 +79,14 @@ llng:
|
|||
# If disabled, the portal won't be exposed by Traefik
|
||||
enabled: true
|
||||
|
||||
# Override base_middleware to remove csp-relaxed@file as Lemonldap::NG handle CSP itself
|
||||
base_middlewares:
|
||||
- rate-limit-std@file
|
||||
- inflight-std@file
|
||||
- security-headers@file
|
||||
- hsts@file
|
||||
# Disable default CSP as Lemonldap::NG handles it itself
|
||||
csp: false
|
||||
middlewares:
|
||||
# Disable compression until https://github.com/traefik/traefik/pull/10178 is available in a release
|
||||
#- compression@file
|
||||
compression: false
|
||||
|
||||
# List of middlewares to apply
|
||||
middlewares: []
|
||||
auto_rule: false
|
||||
router: '[[ .instance ]]-portal[[ .consul.suffix ]]'
|
||||
|
||||
# Cron jobs
|
||||
cron:
|
||||
|
@ -123,16 +120,10 @@ llng:
|
|||
# If disabled, the manager will not be exposed by Traefik
|
||||
enabled: true
|
||||
|
||||
# Override base_middleware to remove csp-relaxed@file as Lemonldap::NG handle CSP itself
|
||||
base_middlewares:
|
||||
- rate-limit-std@file
|
||||
- inflight-std@file
|
||||
- security-headers@file
|
||||
- hsts@file
|
||||
- compression@file
|
||||
# Disable default CSP as Lemonldap::NG handle CSP itself
|
||||
csp: false
|
||||
|
||||
# List of middlewares to apply
|
||||
middlewares: {}
|
||||
router: '[[ .instance ]]-manager[[ .consul.suffix ]]'
|
||||
|
||||
# The API is exposed by the portal, but usually must be secured differently
|
||||
# The following settings only apply to the REST/SOAP API
|
||||
|
@ -144,14 +135,11 @@ llng:
|
|||
# If disabled, Traefik won't expose the API
|
||||
enabled: false
|
||||
|
||||
# Override base_middleware to remove csp-relaxed@file as Lemonldap::NG handle CSP itself
|
||||
base_middlewares:
|
||||
- rate-limit-std@file
|
||||
- inflight-std@file
|
||||
- security-headers@file
|
||||
- hsts@file
|
||||
#- compression@file
|
||||
csp: false
|
||||
|
||||
# List of middlewares to apply
|
||||
middlewares: {}
|
||||
middlewares:
|
||||
compression: false
|
||||
|
||||
auto_rule: false
|
||||
router: '[[ .instance ]]-api[[ .consul.suffix ]]'
|
||||
|
||||
|
|
Loading…
Reference in New Issue