nomad
/
unifi
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Comment variables and remove proxy handling (already done by the base 

java image)
This commit is contained in:
Daniel Berteaud 2023-08-31 17:01:31 +02:00
parent 679e68f5c9
commit 5cc2802dea
3 changed files with 98 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
deps/common vendored

@ -1 +1 @@
Subproject commit 8cfe263f274b066e8021e5f821ef6fd465f645f9
Subproject commit df3e7fd52e5758d54c0dcad522260b1416d92884

3
unifi.nomad.hcl
View File

@ -163,8 +163,7 @@ _EOF
}
env {
JAVA_OPTS = "-Djava.awt.headless=true -Dlogback.configurationFile=/local/logback.xml
[[- if has .proxy "address" ]] -Dhttp.proxyHost=[[ (urlParse .proxy.address).Hostname ]] -Dhttp.proxyPort=[[ (urlParse .proxy.address).Port ]] -Dhttps.proxyHost=[[ (urlParse .proxy.address).Hostname ]] -Dhttps.proxyPort=[[ (urlParse .proxy.address).Port ]] -Dhttp.nonProxyHosts=[[ join .proxy.no_proxy "|" ]][[ end ]]"
JAVA_OPTS = "-Dlogback.configurationFile=/local/logback.xml"
[[ template "common/proxy_env.tpl" . ]]
[[ template "common/env.tpl" .unifi.controller.env ]]
}

98
variables.yml
View File

@ -1,43 +1,88 @@
---
# Unifi controller has several components :
# - The controller itself (which also include the inform, the guest_portal and the stun service)
# - A small nginx proxy to expose all the various web service of unifi through a single port
# - A mongodb server (optional, can use an external mongodb)
# - A firmware downloader helper : this is because the Unifi Controller can't use an outbound web proxy
unifi:
# This is for the web management console
controller:
# The driver to use (docker or podman)
driver: docker
# The image for the controller
image: danielberteaud/unifi:latest
# Resource allocation for the controller
resources:
cpu: 200
memory: 1024
# Mongo instance to use
mongo:
address: mongodb://127.0.0.1:27017/unifi
# The address of the mongo service. Leave the default
# unless you use an external mongo service
address: mongodb://127.0.0.1:27017/
# DB names for unifi and the statistics
db: unifi
stats_db: unifi_stats
# Service name of the mongo service. This is used to wait for mongo to be
# up before starting the controller
service_name: unifi-mongo
# Set to true if you want to use an external mongo service
is_external: False
# Additional environment vars to pass to the container
env: {}
# Public URL to reach the controller web interface
public_url: https://unifi.example.org
traefik: {}
# Traefik settings
traefik:
# List of entrypoints where the management console will be exposed
#entrypoints:
# - https
# Override the default base_middleware to remove the inflight-std@file middleware
base_middlewares:
- rate-limit-std@file
- security-headers@file
- forward-headers@file
- compression@file
- csp-relaxed@file
# List of additional middlewares to load
#middlewares:
# - ip-trusted@file
# This volume will hold controller data (like cached firmwares)
volume:
type: csi
source: unifi-data
# The inform endpoint is used by the devices to contact the controller
inform:
# Public URL of the inform endpoint
# Note : this MUST be http, not https
public_url: http://unifi-inform.example.org:8080/inform
# Traefik settings
traefik:
# List of entrypoints where the inform endpoint will be exposed.
entrypoints:
- unifi-inform
# Override the base middlewares list to remove hsts@file as we're on http
base_middlewares:
- rate-limit-std@file
- inflight-std@file
@ -45,44 +90,93 @@ unifi:
- forward-headers@file
- compression@file
- csp-relaxed@file
# List of additional middleware to load
middlewares: []
# The guest portal
guest_portal:
# Public URL where the guest portal will be reachable
public_url: https://unifi-portal.example.org:8843/
# Traefik settings
traefik:
# List of entrypoints on which the service will be exposed
# Note: UniFi doesn't allow custommisation of the port, this entrypoint must be listening on port 8843
entrypoints:
- unifi-portal
# List of middlewares to load
middlewares: []
# The STUN service
stun:
# Traefik settings
traefik:
# List of entrypoints the STUN service wil be exposed on
# Note: This must be UDP entrypoints !
entrypoints:
- unifi-stun
# The nginx reverse proxy is used to expose all Unifi service over a single port
# So we don't need to run one envoy proxy per port
nginx:
# The image to use
image: nginxinc/nginx-unprivileged:alpine
# The driver to use (docker or podman)
driver: docker
# Resource allocation
resources:
cpu: 10
memory: 15
# MongoDB service.
# Note : this will be ignored if .unifi.controller.mongo.is_external is set to true
mongo:
# The image to use
image: danielberteaud/mongo:4.0-1
# The driver to use (docker or podman)
driver: docker
# Resource allocation
resources:
cpu: 100
memory: 256
# Persistant volume
volume:
type: csi
source: unifi-mongo
# This componant will be used if a proxy is set.
# It's needed because the UniFi controller do not send outbound web requests
# through the configured proxy to download firmwares
fw_dl:
# The image to use
image: danielberteaud/ubnt-firmware-downloader:latest
# The driver (docker or podman)
driver: docker
# Resource allocation
resources:
cpu: 10
memory: 64
# Additionnal environment to set on the container
env:
# The dir where firmwares will be stored
UBNT_FIRMWARE_DIR: /data/unifi/firmware
# A list of platforms for which firmware will be downloaded (other ones will be ignored)
UBNT_PLATFORMS: U7HD,US48PRO
# A cron expression to run the update
UBNT_CRON: 48 22 * * *