nomad
/
traefik
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Adapt to new middleware model

This commit is contained in:
Daniel Berteaud 2024-01-28 23:54:36 +01:00
parent 1c2d5667fa
commit f65f15390f
3 changed files with 28 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
example/traefik.nomad.hcl
View File

@ -71,21 +71,25 @@ job "traefik" {
}
tags = [
"traefik.enable=true",
"traefik.http.routers.traefik-api.rule=(Host(`traefik.example.org`) || HostRegexp(`(.+\\.)?traefik.service.consul`)) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))",
"traefik.http.routers.traefik-api.service=api@internal",
"traefik.enable=true",
"traefik.http.routers.traefik-api.entrypoints=https",
"traefik.http.middlewares.traefik-csp.headers.contentsecuritypolicy=default-src 'self';font-src 'self' data:;img-src 'self' data:;script-src 'self' 'unsafe-inline' 'unsafe-eval';style-src 'self' 'unsafe-inline';",
"traefik.http.middlewares.traefik-path.replacepathregex.regex=^/dashboard/(.*)",
"traefik.http.middlewares.traefik-path.replacepathregex.replacement=/dashboard/$${1}",
"traefik.http.routers.traefik-api.rule=(Host(`traefik.example.org`) || HostRegexp(`(.+\\.)?traefik.service.consul`)) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))",
"traefik.http.routers.traefik-api.entrypoints=https",
"traefik.http.routers.traefik-api.service=api@internal",
"traefik.http.routers.traefik-api.middlewares=rate-limit-std@file,inflight-std@file,security-headers@file,hsts@file,ip-trusted@file,csp-strict@file,traefik-path",
"traefik.http.routers.traefik-api.middlewares=security-headers@file,rate-limit-std@file,forward-proto@file,traefik-path,inflight-std@file,hsts@file,compression@file,traefik-csp",
"traefik.http.routers.traefik-ping.rule=(Host(`traefik.example.org`) || HostRegexp(`(.+\\.)?traefik.service.consul`)) && Path(`/ping`) && Method(`GET`)",
"traefik.http.routers.traefik-ping.entrypoints=http,https",
"traefik.http.routers.traefik-ping.service=ping@internal",
"traefik.enable=true",
"traefik.http.routers.traefik-ping.entrypoints=http,https",
"traefik.http.routers.traefik-ping.priority=2000",
"traefik.http.routers.traefik-ping.middlewares=rate-limit-std@file,inflight-std@file,security-headers@file,hsts@file",
"traefik.http.middlewares.traefik-csp.headers.contentsecuritypolicy=default-src 'self';font-src 'self' data:;img-src 'self' data:;script-src 'self' 'unsafe-inline' 'unsafe-eval';style-src 'self' 'unsafe-inline';",
"traefik.http.routers.traefik-ping.middlewares=security-headers@file,rate-limit-std@file,forward-proto@file,inflight-std@file,hsts@file,compression@file,traefik-csp",
"traefik-${NOMAD_ALLOC_INDEX}"
]

18
traefik.nomad.hcl
View File

@ -1,5 +1,3 @@
[[ $c:= merge .traefik . -]]
job "[[ .instance ]]" {
[[- $c:= merge .traefik . ]]
@ -56,21 +54,15 @@ job "[[ .instance ]]" {
}
tags = [
"[[ .instance ]].enable=true",
"[[ .instance ]].http.middlewares.[[ .instance ]]-path.replacepathregex.regex=^[[ (.traefik.public_url | urlParse).Path |regexp.Replace "/$" "" ]]/(.*)",
"[[ .instance ]].http.middlewares.[[ .instance ]]-path.replacepathregex.replacement=/dashboard/$${1}",
"[[ .instance ]].http.routers.[[ .instance ]]-api.rule=(Host(`[[ (.traefik.public_url | urlParse).Hostname ]]`) || HostRegexp(`(.+\\.)?[[ .instance ]].service.[[ .consul.domain ]]`)) && (PathPrefix(`/api`) || PathPrefix(`[[ (.traefik.public_url | urlParse).Path ]]`))",
"[[ .instance ]].http.routers.[[ .instance ]]-api.entrypoints=[[ join (merge .traefik.api.traefik .traefik).entrypoints "," ]]",
[[- $a := merge $c.api $c ]]
"[[ .instance ]].http.routers.[[ .instance ]]-api.rule=(Host(`[[ ($c.public_url | urlParse).Hostname ]]`) || HostRegexp(`(.+\\.)?[[ .instance ]].service.[[ .consul.domain ]]`)) && (PathPrefix(`/api`) || PathPrefix(`[[ (.traefik.public_url | urlParse).Path ]]`))",
"[[ .instance ]].http.routers.[[ .instance ]]-api.service=api@internal",
"[[ .instance ]].http.routers.[[ .instance ]]-api.middlewares=[[ template "common/traefik_middlewares" merge .traefik.api.traefik .traefik ]],traefik-path",
[[ template "common/traefik_tags" $a ]]
[[- $p := merge $c.ping $c ]]
"[[ .instance ]].http.routers.[[ .instance ]]-ping.rule=(Host(`[[ (.traefik.public_url | urlParse).Hostname ]]`) || HostRegexp(`(.+\\.)?[[ .instance ]].service.[[ .consul.domain ]]`)) && Path(`/ping`) && Method(`GET`)",
"[[ .instance ]].http.routers.[[ .instance ]]-ping.entrypoints=[[ join (merge .traefik.ping.traefik .traefik).entrypoints "," ]]",
"[[ .instance ]].http.routers.[[ .instance ]]-ping.service=ping@internal",
"[[ .instance ]].http.routers.[[ .instance ]]-ping.priority=[[ .traefik.ping.traefik.priority ]]",
"[[ .instance ]].http.routers.[[ .instance ]]-ping.middlewares=[[ template "common/traefik_middlewares" merge .traefik.ping.traefik .traefik ]]",
[[ template "common/traefik_tags" $p ]]
"traefik-${NOMAD_ALLOC_INDEX}"
]

17
variables.yml
View File

@ -22,21 +22,26 @@ traefik:
api:
traefik:
auto_rule: false
router: '[[ .instance ]]-api[[ .consul.suffix ]]'
strip_prefix: false
entrypoints:
- https
# List of Traefik middlewares to be applied on the API / dashboard
middlewares:
- ip-trusted@file
- csp-strict@file
path:
- replacepathregex.regex=^[[ (.traefik.public_url | urlParse).Path |regexp.Replace "/$" "" ]]/(.*)
- replacepathregex.replacement=/dashboard/$${1}
ping:
traefik:
auto_rule: false
router: '[[ .instance ]]-ping[[ .consul.suffix ]]'
strip_prefix: false
entrypoints:
- http
- https
priority: 2000
# List of Traefik middlewares for the /ping endpoint
middlewares: []
# List of trusted proxies from whom to trust proxy protocol v1/v2 source address
trusted_proxies: []
@ -48,7 +53,7 @@ traefik:
# to: 5432
# protocol: tcp
# middlewares:
# - ip-trusted@file
# src-ip: ip-trusted@file
# syslog:
# static: 514
# to: 5514