Adapt to new middleware model
This commit is contained in:
parent
1c2d5667fa
commit
f65f15390f
|
@ -71,21 +71,25 @@ job "traefik" {
|
|||
}
|
||||
|
||||
tags = [
|
||||
"traefik.enable=true",
|
||||
"traefik.http.routers.traefik-api.rule=(Host(`traefik.example.org`) || HostRegexp(`(.+\\.)?traefik.service.consul`)) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))",
|
||||
"traefik.http.routers.traefik-api.service=api@internal",
|
||||
|
||||
"traefik.enable=true",
|
||||
"traefik.http.routers.traefik-api.entrypoints=https",
|
||||
"traefik.http.middlewares.traefik-csp.headers.contentsecuritypolicy=default-src 'self';font-src 'self' data:;img-src 'self' data:;script-src 'self' 'unsafe-inline' 'unsafe-eval';style-src 'self' 'unsafe-inline';",
|
||||
"traefik.http.middlewares.traefik-path.replacepathregex.regex=^/dashboard/(.*)",
|
||||
"traefik.http.middlewares.traefik-path.replacepathregex.replacement=/dashboard/$${1}",
|
||||
|
||||
"traefik.http.routers.traefik-api.rule=(Host(`traefik.example.org`) || HostRegexp(`(.+\\.)?traefik.service.consul`)) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))",
|
||||
"traefik.http.routers.traefik-api.entrypoints=https",
|
||||
"traefik.http.routers.traefik-api.service=api@internal",
|
||||
"traefik.http.routers.traefik-api.middlewares=rate-limit-std@file,inflight-std@file,security-headers@file,hsts@file,ip-trusted@file,csp-strict@file,traefik-path",
|
||||
"traefik.http.routers.traefik-api.middlewares=security-headers@file,rate-limit-std@file,forward-proto@file,traefik-path,inflight-std@file,hsts@file,compression@file,traefik-csp",
|
||||
|
||||
"traefik.http.routers.traefik-ping.rule=(Host(`traefik.example.org`) || HostRegexp(`(.+\\.)?traefik.service.consul`)) && Path(`/ping`) && Method(`GET`)",
|
||||
"traefik.http.routers.traefik-ping.entrypoints=http,https",
|
||||
"traefik.http.routers.traefik-ping.service=ping@internal",
|
||||
|
||||
"traefik.enable=true",
|
||||
"traefik.http.routers.traefik-ping.entrypoints=http,https",
|
||||
"traefik.http.routers.traefik-ping.priority=2000",
|
||||
"traefik.http.routers.traefik-ping.middlewares=rate-limit-std@file,inflight-std@file,security-headers@file,hsts@file",
|
||||
"traefik.http.middlewares.traefik-csp.headers.contentsecuritypolicy=default-src 'self';font-src 'self' data:;img-src 'self' data:;script-src 'self' 'unsafe-inline' 'unsafe-eval';style-src 'self' 'unsafe-inline';",
|
||||
"traefik.http.routers.traefik-ping.middlewares=security-headers@file,rate-limit-std@file,forward-proto@file,inflight-std@file,hsts@file,compression@file,traefik-csp",
|
||||
|
||||
|
||||
"traefik-${NOMAD_ALLOC_INDEX}"
|
||||
]
|
||||
|
|
|
@ -1,5 +1,3 @@
|
|||
[[ $c:= merge .traefik . -]]
|
||||
|
||||
job "[[ .instance ]]" {
|
||||
|
||||
[[- $c:= merge .traefik . ]]
|
||||
|
@ -56,21 +54,15 @@ job "[[ .instance ]]" {
|
|||
}
|
||||
|
||||
tags = [
|
||||
"[[ .instance ]].enable=true",
|
||||
|
||||
"[[ .instance ]].http.middlewares.[[ .instance ]]-path.replacepathregex.regex=^[[ (.traefik.public_url | urlParse).Path |regexp.Replace "/$" "" ]]/(.*)",
|
||||
"[[ .instance ]].http.middlewares.[[ .instance ]]-path.replacepathregex.replacement=/dashboard/$${1}",
|
||||
|
||||
"[[ .instance ]].http.routers.[[ .instance ]]-api.rule=(Host(`[[ (.traefik.public_url | urlParse).Hostname ]]`) || HostRegexp(`(.+\\.)?[[ .instance ]].service.[[ .consul.domain ]]`)) && (PathPrefix(`/api`) || PathPrefix(`[[ (.traefik.public_url | urlParse).Path ]]`))",
|
||||
"[[ .instance ]].http.routers.[[ .instance ]]-api.entrypoints=[[ join (merge .traefik.api.traefik .traefik).entrypoints "," ]]",
|
||||
[[- $a := merge $c.api $c ]]
|
||||
"[[ .instance ]].http.routers.[[ .instance ]]-api.rule=(Host(`[[ ($c.public_url | urlParse).Hostname ]]`) || HostRegexp(`(.+\\.)?[[ .instance ]].service.[[ .consul.domain ]]`)) && (PathPrefix(`/api`) || PathPrefix(`[[ (.traefik.public_url | urlParse).Path ]]`))",
|
||||
"[[ .instance ]].http.routers.[[ .instance ]]-api.service=api@internal",
|
||||
"[[ .instance ]].http.routers.[[ .instance ]]-api.middlewares=[[ template "common/traefik_middlewares" merge .traefik.api.traefik .traefik ]],traefik-path",
|
||||
[[ template "common/traefik_tags" $a ]]
|
||||
|
||||
[[- $p := merge $c.ping $c ]]
|
||||
"[[ .instance ]].http.routers.[[ .instance ]]-ping.rule=(Host(`[[ (.traefik.public_url | urlParse).Hostname ]]`) || HostRegexp(`(.+\\.)?[[ .instance ]].service.[[ .consul.domain ]]`)) && Path(`/ping`) && Method(`GET`)",
|
||||
"[[ .instance ]].http.routers.[[ .instance ]]-ping.entrypoints=[[ join (merge .traefik.ping.traefik .traefik).entrypoints "," ]]",
|
||||
"[[ .instance ]].http.routers.[[ .instance ]]-ping.service=ping@internal",
|
||||
"[[ .instance ]].http.routers.[[ .instance ]]-ping.priority=[[ .traefik.ping.traefik.priority ]]",
|
||||
"[[ .instance ]].http.routers.[[ .instance ]]-ping.middlewares=[[ template "common/traefik_middlewares" merge .traefik.ping.traefik .traefik ]]",
|
||||
[[ template "common/traefik_tags" $p ]]
|
||||
|
||||
"traefik-${NOMAD_ALLOC_INDEX}"
|
||||
]
|
||||
|
|
|
@ -22,21 +22,26 @@ traefik:
|
|||
|
||||
api:
|
||||
traefik:
|
||||
auto_rule: false
|
||||
router: '[[ .instance ]]-api[[ .consul.suffix ]]'
|
||||
strip_prefix: false
|
||||
entrypoints:
|
||||
- https
|
||||
# List of Traefik middlewares to be applied on the API / dashboard
|
||||
middlewares:
|
||||
- ip-trusted@file
|
||||
- csp-strict@file
|
||||
path:
|
||||
- replacepathregex.regex=^[[ (.traefik.public_url | urlParse).Path |regexp.Replace "/$" "" ]]/(.*)
|
||||
- replacepathregex.replacement=/dashboard/$${1}
|
||||
|
||||
|
||||
ping:
|
||||
traefik:
|
||||
auto_rule: false
|
||||
router: '[[ .instance ]]-ping[[ .consul.suffix ]]'
|
||||
strip_prefix: false
|
||||
entrypoints:
|
||||
- http
|
||||
- https
|
||||
priority: 2000
|
||||
# List of Traefik middlewares for the /ping endpoint
|
||||
middlewares: []
|
||||
|
||||
# List of trusted proxies from whom to trust proxy protocol v1/v2 source address
|
||||
trusted_proxies: []
|
||||
|
@ -48,7 +53,7 @@ traefik:
|
|||
# to: 5432
|
||||
# protocol: tcp
|
||||
# middlewares:
|
||||
# - ip-trusted@file
|
||||
# src-ip: ip-trusted@file
|
||||
# syslog:
|
||||
# static: 514
|
||||
# to: 5514
|
||||
|
|
Loading…
Reference in New Issue