128 lines
3.1 KiB
YAML
128 lines
3.1 KiB
YAML
---
|
|
|
|
# Instance (if several instances run on the same namespace)
|
|
instance: traefik
|
|
|
|
traefik:
|
|
|
|
# Version of Traefik
|
|
version: 3.0.0
|
|
|
|
# Docker image to use for Traefik
|
|
image: '[[ .docker.repo ]]traefik:[[ .traefik.version ]]-1'
|
|
|
|
# Resources for traefik instances
|
|
resources:
|
|
cpu: 500
|
|
memory: 256
|
|
memory_max: 300
|
|
|
|
# Number of traefik instances
|
|
count: 2
|
|
|
|
nomad:
|
|
# Set a high priority for the job
|
|
priority: 70
|
|
# Ensure we run on distinct hosts
|
|
constraints:
|
|
- operator: distinct_hosts
|
|
value: true
|
|
|
|
vault:
|
|
policies:
|
|
- '[[ .instance ]][[ .consul.suffix ]]'
|
|
|
|
api:
|
|
traefik:
|
|
auto_rule: false
|
|
router: '[[ .instance ]]-api[[ .consul.suffix ]]'
|
|
strip_prefix: false
|
|
entrypoints:
|
|
- https
|
|
middlewares:
|
|
99-path:
|
|
- replacepathregex.regex=^[[ (.traefik.public_url | urlParse).Path | regexp.Replace "/$" "" ]]/(.*)
|
|
- replacepathregex.replacement=/dashboard/$${1}
|
|
|
|
|
|
ping:
|
|
traefik:
|
|
auto_rule: false
|
|
router: '[[ .instance ]]-ping[[ .consul.suffix ]]'
|
|
strip_prefix: false
|
|
entrypoints:
|
|
- http
|
|
- https
|
|
priority: 2000
|
|
|
|
# List of trusted proxies from whom to trust proxy protocol v1/v2 source address
|
|
trusted_proxies: []
|
|
|
|
# List entrypoints to configure. Note that if prometheus is enabled, another entrypoint named metrics will bind on 127.0.0.1:9500
|
|
# entrypoints:
|
|
# postgres:
|
|
# static: 5432
|
|
# to: 5432
|
|
# protocol: tcp
|
|
# middlewares:
|
|
# src-ip: ip-trusted@file
|
|
# syslog:
|
|
# static: 514
|
|
# to: 5514
|
|
# protocol: udp
|
|
entrypoints:
|
|
http:
|
|
static: 80
|
|
to: 5080
|
|
http:
|
|
redirections:
|
|
entryPoint:
|
|
to: :{{ env "NOMAD_HOST_PORT_https" }}
|
|
priority: 1000
|
|
https:
|
|
static: 443
|
|
to: 5443
|
|
http:
|
|
tls: {}
|
|
|
|
# The public URL, on which the following endpoints will be exposed
|
|
# - /api : the API
|
|
# - /ping : the health check
|
|
# Note : this URL should have a path (so https://traefik.example.org/ is invalid but https://traefik/example.org/dashboard is valid)
|
|
public_url: https://traefik.example.org/dashboard
|
|
|
|
# Prometheus settings
|
|
prometheus:
|
|
enabled: '[[ .prometheus.available ]]'
|
|
# The metrics_url should point on the metrics endpoint from the container's POV
|
|
# It'll be used to exposed metrics using a nginx proxy (adding mTLS)
|
|
metrics_url: http://localhost:9500/metrics
|
|
|
|
lemonldap:
|
|
# If enabled, will run a Lemonldap::NG handler sidecar
|
|
# able to auth using the lemonldap@file middleware
|
|
enabled: False
|
|
|
|
# Docker image to use for Lemonldap::NG handler
|
|
image: '[[ .llng.engine.image ]]'
|
|
|
|
# Env vars to set in the container
|
|
env: {}
|
|
|
|
# Resources for Lemonldap::NG handlers
|
|
resources:
|
|
cpu: 200
|
|
memory: 256
|
|
|
|
config:
|
|
url: https://auth.example.org/index.psgi/config
|
|
# user: lemonldap
|
|
# password: secret
|
|
realm: Lemonldap::NG API
|
|
|
|
sessions:
|
|
url: https://auth.example.org/index.psgi/sessions
|
|
# user: lemonldap
|
|
# password: secret
|
|
realm: Lemonldap::NG API
|