Cleanup
This commit is contained in:
parent
f73b6358ce
commit
6099d860a4
|
@ -1,4 +1,4 @@
|
|||
FROM danielberteaud/java:17.24.1-4 AS builder
|
||||
FROM danielberteaud/java:17.24.1-10 AS builder
|
||||
|
||||
ARG UNIFI_VERSION=8.0.26
|
||||
|
||||
|
@ -12,7 +12,7 @@ RUN set -euxo pipefail &&\
|
|||
rm -f UniFi/bin/mongod &&\
|
||||
chown -R root:root UniFi
|
||||
|
||||
FROM danielberteaud/java:17.24.1-4
|
||||
FROM danielberteaud/java:17.24.1-10
|
||||
MAINTAINER Daniel Berteaud <dbd@ehtrace.com>
|
||||
|
||||
ENV JAVA_OPTS="-Djava.awt.headless=true -Dlogback.configurationFile=/opt/unifi/logback.xml --add-opens=java.base/java.io=ALL-UNNAMED --add-opens=java.base/java.lang=ALL-UNNAMED --add-opens=java.rmi/sun.rmi.transport=ALL-UNNAMED --add-opens=java.base/java.time=ALL-UNNAMED" \
|
||||
|
|
|
@ -19,6 +19,17 @@ job "unifi" {
|
|||
sidecar_service {
|
||||
}
|
||||
sidecar_task {
|
||||
config {
|
||||
args = [
|
||||
"-c",
|
||||
"${NOMAD_SECRETS_DIR}/envoy_bootstrap.json",
|
||||
"-l",
|
||||
"${meta.connect.log_level}",
|
||||
"--concurrency",
|
||||
"${meta.connect.proxy_concurrency}",
|
||||
"--disable-hot-restart"
|
||||
]
|
||||
}
|
||||
|
||||
resources {
|
||||
cpu = 50
|
||||
|
@ -42,18 +53,17 @@ job "unifi" {
|
|||
}
|
||||
|
||||
tags = [
|
||||
|
||||
"traefik.enable=true",
|
||||
"traefik.http.routers.unifi.rule=Host(`unifi.example.org`)",
|
||||
"traefik.http.routers.unifi.entrypoints=https",
|
||||
"traefik.http.routers.unifi.middlewares=rate-limit-std@file,security-headers@file,compression@file,csp-relaxed@file",
|
||||
|
||||
|
||||
# Note : no Host as inform requests are sent without. But it's binded to the dedicated entrypoint anyway
|
||||
"traefik.http.routers.unifi-inform.rule=(Path(`/inform`) && Method(`POST`)) || (PathPrefix(`/dl/firmware-cached`) && (Method(`GET`) || Method(`HEAD`)))",
|
||||
"traefik.http.routers.unifi-inform.entrypoints=unifi-inform",
|
||||
"traefik.http.routers.unifi-inform.middlewares=rate-limit-std@file,inflight-std@file",
|
||||
|
||||
"traefik.http.routers.unifi-controller.rule=Host(`unifi.example.org`)",
|
||||
"traefik.http.routers.unifi-controller.entrypoints=https",
|
||||
"traefik.http.routers.unifi-controller.tls=true",
|
||||
"traefik.http.routers.unifi-controller.middlewares=rate-limit-std@file,security-headers@file,compression@file,csp-relaxed@file",
|
||||
|
||||
"traefik.http.routers.unifi-portal.rule=Host(`unifi-portal.example.org`) && PathPrefix(`/guest`)",
|
||||
"traefik.http.routers.unifi-portal.entrypoints=unifi-portal",
|
||||
"traefik.http.routers.unifi-portal.tls=true",
|
||||
|
@ -108,7 +118,6 @@ job "unifi" {
|
|||
attachment_mode = "file-system"
|
||||
}
|
||||
|
||||
|
||||
# wait for required services tp be ready before starting the main task
|
||||
task "wait-for" {
|
||||
|
||||
|
@ -152,11 +161,12 @@ job "unifi" {
|
|||
image = "nginxinc/nginx-unprivileged:alpine"
|
||||
volumes = ["local/nginx.conf:/etc/nginx/conf.d/default.conf"]
|
||||
readonly_rootfs = true
|
||||
pids_limit = 20
|
||||
mount {
|
||||
type = "tmpfs"
|
||||
target = "/tmp"
|
||||
tmpfs_options {
|
||||
size = 1000000
|
||||
size = 3000000
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -239,11 +249,12 @@ _EOF
|
|||
"local/init-system.properties.sh:/entrypoint.d/10-init-system.properties.sh"
|
||||
]
|
||||
readonly_rootfs = true
|
||||
pids_limit = 200
|
||||
mount {
|
||||
type = "tmpfs"
|
||||
target = "/opt/unifi/run"
|
||||
tmpfs_options {
|
||||
size = 1000000
|
||||
size = 3000000
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -251,7 +262,7 @@ _EOF
|
|||
type = "tmpfs"
|
||||
target = "/tmp"
|
||||
tmpfs_options {
|
||||
size = 1000000
|
||||
size = 3000000
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -366,12 +377,13 @@ _EOF
|
|||
image = "danielberteaud/mongo:5.0.24.1-1"
|
||||
command = "mongod"
|
||||
readonly_rootfs = true
|
||||
pids_limit = 200
|
||||
args = ["--config", "/local/mongod.conf"]
|
||||
mount {
|
||||
type = "tmpfs"
|
||||
target = "/tmp"
|
||||
tmpfs_options {
|
||||
size = 1000000
|
||||
size = 3000000
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -32,26 +32,21 @@ job "[[ .instance ]]" {
|
|||
}
|
||||
|
||||
tags = [
|
||||
"[[ $c.traefik.instance ]].enable=true",
|
||||
[[ template "common/traefik_tags" $c ]]
|
||||
|
||||
# Note : no Host as inform requests are sent without. But it's binded to the dedicated entrypoint anyway
|
||||
[[- $i := merge .unifi.inform . ]]
|
||||
"[[ $c.traefik.instance ]].http.routers.[[ .instance ]]-inform[[ .consul.suffix ]].rule=(Path(`/inform`) && Method(`POST`)) || (PathPrefix(`/dl/firmware-cached`) && (Method(`GET`) || Method(`HEAD`)))",
|
||||
"[[ $c.traefik.instance ]].http.routers.[[ .instance ]]-inform[[ .consul.suffix ]].entrypoints=[[ join (merge .unifi.inform.traefik .traefik).entrypoints "," ]]",
|
||||
"[[ $c.traefik.instance ]].http.routers.[[ .instance ]]-inform[[ .consul.suffix ]].middlewares=[[ template "common/traefik_middlewares.tpl" merge .unifi.inform.traefik .traefik ]]",
|
||||
|
||||
"[[ $c.traefik.instance ]].http.routers.[[ .instance ]]-controller[[ .consul.suffix ]].rule=Host(`
|
||||
[[- (urlParse .unifi.controller.public_url).Hostname -]]`)
|
||||
[[- if ne "" (urlParse .unifi.controller.public_url).Path ]] && PathPrefix(`[[ (urlParse .unifi.controller.public_url).Path ]]`)[[ end ]]",
|
||||
"[[ $c.traefik.instance ]].http.routers.[[ .instance ]]-controller[[ .consul.suffix ]].entrypoints=[[ join (merge .unifi.controller.traefik .traefik).entrypoints "," ]]",
|
||||
"[[ $c.traefik.instance ]].http.routers.[[ .instance ]]-controller[[ .consul.suffix ]].tls=true",
|
||||
"[[ $c.traefik.instance ]].http.routers.[[ .instance ]]-controller[[ .consul.suffix ]].middlewares=[[ template "common/traefik_middlewares.tpl" merge .unifi.controller.traefik .traefik ]]",
|
||||
"[[ $c.traefik.instance ]].http.routers.[[ .instance ]]-inform[[ .consul.suffix ]].entrypoints=[[ join $i.traefik.entrypoints "," ]]",
|
||||
"[[ $c.traefik.instance ]].http.routers.[[ .instance ]]-inform[[ .consul.suffix ]].middlewares=[[ template "common/traefik_middlewares" $i ]]",
|
||||
|
||||
[[- $p := merge .unifi.guest_portal . ]]
|
||||
"[[ $c.traefik.instance ]].http.routers.[[ .instance ]]-portal[[ .consul.suffix ]].rule=Host(`
|
||||
[[- (urlParse .unifi.guest_portal.public_url).Hostname -]]
|
||||
`) && PathPrefix(`/guest`)",
|
||||
"[[ $c.traefik.instance ]].http.routers.[[ .instance ]]-portal[[ .consul.suffix ]].entrypoints=[[ join (merge .unifi.guest_portal.traefik .traefik).entrypoints "," ]]",
|
||||
"[[ $c.traefik.instance ]].http.routers.[[ .instance ]]-portal[[ .consul.suffix ]].entrypoints=[[ join $p.traefik.entrypoints "," ]]",
|
||||
"[[ $c.traefik.instance ]].http.routers.[[ .instance ]]-portal[[ .consul.suffix ]].tls=true",
|
||||
"[[ $c.traefik.instance ]].http.routers.[[ .instance ]]-portal[[ .consul.suffix ]].middlewares=[[ template "common/traefik_middlewares.tpl" merge .unifi.guest_portal.traefik .traefik ]]"
|
||||
"[[ $c.traefik.instance ]].http.routers.[[ .instance ]]-portal[[ .consul.suffix ]].middlewares=[[ template "common/traefik_middlewares" $p ]]"
|
||||
|
||||
]
|
||||
}
|
||||
|
@ -92,7 +87,6 @@ job "[[ .instance ]]" {
|
|||
[[- end ]]
|
||||
|
||||
[[ template "common/volumes" $c ]]
|
||||
|
||||
[[ template "common/task.wait_for" $c ]]
|
||||
|
||||
task "nginx" {
|
||||
|
@ -111,7 +105,8 @@ job "[[ .instance ]]" {
|
|||
image = "[[ .unifi.nginx.image ]]"
|
||||
volumes = ["local/nginx.conf:/etc/nginx/conf.d/default.conf"]
|
||||
readonly_rootfs = true
|
||||
[[ template "common/tmpfs" dict "size" "1000000" "target" "/tmp" ]]
|
||||
pids_limit = 20
|
||||
[[ template "common/tmpfs" "/tmp" ]]
|
||||
}
|
||||
|
||||
template {
|
||||
|
@ -137,8 +132,9 @@ _EOF
|
|||
"local/init-system.properties.sh:/entrypoint.d/10-init-system.properties.sh"
|
||||
]
|
||||
readonly_rootfs = true
|
||||
[[ template "common/tmpfs" dict "size" "1000000" "target" "/opt/unifi/run" ]]
|
||||
[[ template "common/tmpfs" dict "size" "1000000" "target" "/tmp" ]]
|
||||
pids_limit = 200
|
||||
[[ template "common/tmpfs" "/opt/unifi/run" ]]
|
||||
[[ template "common/tmpfs" "/tmp" ]]
|
||||
}
|
||||
|
||||
[[ template "common/vault.policies" $c ]]
|
||||
|
@ -190,8 +186,9 @@ _EOF
|
|||
image = "[[ $c.image ]]"
|
||||
command = "mongod"
|
||||
readonly_rootfs = true
|
||||
pids_limit = 200
|
||||
args = ["--config", "/local/mongod.conf" ]
|
||||
[[ template "common/tmpfs" dict "size" "1000000" "target" "/tmp" ]]
|
||||
[[ template "common/tmpfs" "/tmp" ]]
|
||||
}
|
||||
|
||||
template {
|
||||
|
|
Loading…
Reference in New Issue