Use traefik_tags template
This commit is contained in:
parent
0167ca458b
commit
20b6495c8b
|
@ -1,4 +1,4 @@
|
|||
FROM danielberteaud/alma:9.24.1-5
|
||||
FROM danielberteaud/alma:9.24.1-6
|
||||
MAINTAINER Daniel Berteaud <dbd@ehtrace.com>
|
||||
|
||||
ARG OO_VERSION=7.5.1
|
||||
|
|
|
@ -42,6 +42,18 @@ job "onlyoffice" {
|
|||
}
|
||||
}
|
||||
sidecar_task {
|
||||
config {
|
||||
args = [
|
||||
"-c",
|
||||
"${NOMAD_SECRETS_DIR}/envoy_bootstrap.json",
|
||||
"-l",
|
||||
"${meta.connect.log_level}",
|
||||
"--concurrency",
|
||||
"${meta.connect.proxy_concurrency}",
|
||||
"--disable-hot-restart"
|
||||
]
|
||||
}
|
||||
|
||||
resources {
|
||||
cpu = 50
|
||||
memory = 64
|
||||
|
@ -66,12 +78,14 @@ job "onlyoffice" {
|
|||
}
|
||||
|
||||
tags = [
|
||||
|
||||
"traefik.enable=true",
|
||||
"traefik.http.routers.onlyoffice.rule=Host(`oods.example.org`)",
|
||||
"traefik.http.routers.onlyoffice.entrypoints=https",
|
||||
"traefik.http.middlewares.onlyoffice-headers.headers.contentsecuritypolicy=connect-src 'self' https://www.zotero.org https://cdn.jsdelivr.net https://cdn.rawgit.com https://translate.googleapis.com https://code.responsivevoice.org https://onlyoffice.github.io;default-src 'self';font-src 'self' data: https://fonts.googleapis.com https://fonts.gstatic.com;frame-src 'self' https://www.youtube.com https://onlyoffice.github.io;img-src 'self' data: https://*;media-src 'self' https://code.responsivevoice.org;script-src 'self' 'wasm-unsafe-eval' 'unsafe-inline' 'unsafe-eval' blob: https://ajax.googleapis.com https://www.youtube.com/ https://*.cloudfront.net https://cdn.rawgit.com https://code.jquery.com https://translate.googleapis.com https://code.responsivevoice.org https://cdn.jsdelivr.net https://onlyoffice.github.io;style-src 'self' 'unsafe-inline' data: https://fonts.googleapis.com https://translate.googleapis.com https://onlyoffice.github.io;",
|
||||
"traefik.http.middlewares.onlyoffice-csp.headers.contentsecuritypolicy=connect-src 'self' https://www.zotero.org https://cdn.jsdelivr.net https://cdn.rawgit.com https://translate.googleapis.com https://code.responsivevoice.org https://onlyoffice.github.io;default-src 'self';font-src 'self' data: https://fonts.googleapis.com https://fonts.gstatic.com;frame-src 'self' https://www.youtube.com https://onlyoffice.github.io;img-src 'self' data: https://*;media-src 'self' https://code.responsivevoice.org;script-src 'self' 'wasm-unsafe-eval' 'unsafe-inline' 'unsafe-eval' blob: https://ajax.googleapis.com https://www.youtube.com/ https://*.cloudfront.net https://cdn.rawgit.com https://code.jquery.com https://translate.googleapis.com https://code.responsivevoice.org https://cdn.jsdelivr.net https://onlyoffice.github.io;style-src 'self' 'unsafe-inline' data: https://fonts.googleapis.com https://translate.googleapis.com https://onlyoffice.github.io;",
|
||||
"traefik.http.routers.onlyoffice.middlewares=onlyoffice-csp,onlyoffice-headers,rate-limit-std@file,inflight-std@file,security-headers@file,hsts@file,compression@file",
|
||||
|
||||
"traefik.http.middlewares.onlyoffice-headers.headers.customrequestheaders.X-Forwarded-Proto=https",
|
||||
"traefik.http.routers.onlyoffice.middlewares=onlyoffice-headers,rate-limit-std@file,inflight-std@file,security-headers@file,hsts@file,compression@file",
|
||||
]
|
||||
|
||||
}
|
||||
|
@ -156,6 +170,7 @@ _EOT
|
|||
destination = "/var/lib/onlyoffice/documentserver/App_Data/"
|
||||
}
|
||||
|
||||
|
||||
resources {
|
||||
cpu = 300
|
||||
memory = 512
|
||||
|
@ -277,6 +292,7 @@ _EOT
|
|||
destination = "/var/lib/rabbitmq"
|
||||
}
|
||||
|
||||
|
||||
resources {
|
||||
cpu = 200
|
||||
memory = 156
|
||||
|
|
|
@ -38,20 +38,8 @@ job "[[ .instance ]]" {
|
|||
}
|
||||
|
||||
tags = [
|
||||
[[- if $c.traefik.enabled ]]
|
||||
"[[ $c.traefik.instance ]].enable=true",
|
||||
"[[ $c.traefik.instance ]].http.routers.[[ .instance ]][[ $c.consul.suffix ]].rule=Host(`[[ (urlParse .oo.ds.public_url).Hostname ]]`)
|
||||
[[- if not (regexp.Match "^/?$" (urlParse .oo.ds.public_url).Path) ]] && PathPrefix(`[[ (urlParse .oo.ds.public_url).Path ]]`)[[ end ]]",
|
||||
"[[ $c.traefik.instance ]].http.routers.[[ .instance ]][[ $c.consul.suffix ]].entrypoints=[[ join $c.traefik.entrypoints "," ]]",
|
||||
"[[ $c.traefik.instance ]].http.middlewares.[[ .instance ]]-headers[[ $c.consul.suffix ]].headers.contentsecuritypolicy=[[ range $k, $v := $c.traefik.csp ]][[ $k ]] [[ $v ]];[[ end ]]",
|
||||
[[ template "common/traefik_tags" $c ]]
|
||||
"[[ $c.traefik.instance ]].http.middlewares.[[ .instance ]]-headers[[ $c.consul.suffix ]].headers.customrequestheaders.X-Forwarded-Proto=https",
|
||||
[[- if not (regexp.Match "^/?$" (urlParse .oo.ds.public_url).Path) ]]
|
||||
"[[ $c.traefik.instance ]].http.middlewares.[[ .instance ]][[ $c.consul.suffix ]]-prefix.stripprefix.prefixes=[[ (urlParse .oo.ds.public_url).Path ]]",
|
||||
"[[ $c.traefik.instance ]].http.routers.[[ .instance ]][[ $c.consul.suffix ]].middlewares=[[ .instance ]]-headers[[ $c.consul.suffix ]],[[ .instance ]][[ $c.consul.suffix ]]-prefix,[[ template "common/traefik_middlewares" $c ]]",
|
||||
[[- else ]]
|
||||
"[[ $c.traefik.instance ]].http.routers.[[ .instance ]][[ $c.consul.suffix ]].middlewares=[[ .instance ]]-headers[[ $c.consul.suffix ]],[[ template "common/traefik_middlewares" $c ]]",
|
||||
[[- end ]]
|
||||
[[- end ]]
|
||||
]
|
||||
|
||||
}
|
||||
|
|
|
@ -36,6 +36,8 @@ oo:
|
|||
# Controls how the service will be exposed with Traefik
|
||||
traefik:
|
||||
enabled: true
|
||||
specific_middlewares:
|
||||
- '[[ .instance ]]-headers[[ .consul.suffix ]]'
|
||||
|
||||
# OnlyOffice needs some specific CSP rules
|
||||
csp:
|
||||
|
|
Loading…
Reference in New Issue