Add basic auth to traefik
This commit is contained in:
parent
7554509671
commit
594609db64
@ -73,8 +73,18 @@ job "traefik" {
|
|||||||
mount {
|
mount {
|
||||||
type = "bind"
|
type = "bind"
|
||||||
target = "/etc/traefik"
|
target = "/etc/traefik"
|
||||||
source = "config"
|
source = "local/config"
|
||||||
}
|
}
|
||||||
|
|
||||||
|
mount {
|
||||||
|
type = "bind"
|
||||||
|
target = "/etc/traefik/usersfile"
|
||||||
|
source = "secrets/usersfile"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
vault {
|
||||||
|
policies = ["access-tables", "nomad-task"]
|
||||||
}
|
}
|
||||||
|
|
||||||
template {
|
template {
|
||||||
@ -125,13 +135,10 @@ job "traefik" {
|
|||||||
[providers.consulCatalog.endpoint]
|
[providers.consulCatalog.endpoint]
|
||||||
address = "http://<< env "CONSUL_HTTP_ADDR" >>"
|
address = "http://<< env "CONSUL_HTTP_ADDR" >>"
|
||||||
EOH
|
EOH
|
||||||
destination = "/config/traefik.toml"
|
destination = "local/config/traefik.toml"
|
||||||
}
|
}
|
||||||
|
|
||||||
template {
|
template {
|
||||||
# Avoid conflict with TOML lists [[ ]] and Go templates {{ }}
|
|
||||||
left_delimiter = "<<"
|
|
||||||
right_delimiter = ">>"
|
|
||||||
data = <<EOH
|
data = <<EOH
|
||||||
[http]
|
[http]
|
||||||
[http.routers]
|
[http.routers]
|
||||||
@ -139,46 +146,70 @@ job "traefik" {
|
|||||||
entryPoints = ["websecure"]
|
entryPoints = ["websecure"]
|
||||||
# middlewares = []
|
# middlewares = []
|
||||||
service = "nomad"
|
service = "nomad"
|
||||||
rule = "Host(`nomad.${var.base_hostname}`)"
|
rule = "Host(`nomad.{{ keyOrDefault "global/base_hostname" "${var.base_hostname}" }}`)"
|
||||||
[http.routers.consul]
|
[http.routers.consul]
|
||||||
entryPoints = ["websecure"]
|
entryPoints = ["websecure"]
|
||||||
# middlewares = []
|
# middlewares = []
|
||||||
service = "consul"
|
service = "consul"
|
||||||
rule = "Host(`consul.${var.base_hostname}`)"
|
rule = "Host(`consul.{{ keyOrDefault "global/base_hostname" "${var.base_hostname}" }}`)"
|
||||||
[http.routers.vault]
|
[http.routers.vault]
|
||||||
entryPoints = ["websecure"]
|
entryPoints = ["websecure"]
|
||||||
# middlewares = []
|
# middlewares = []
|
||||||
service = "vault"
|
service = "vault"
|
||||||
rule = "Host(`vault.${var.base_hostname}`)"
|
rule = "Host(`vault.{{ keyOrDefault "global/base_hostname" "${var.base_hostname}" }}`)"
|
||||||
|
|
||||||
[http.services]
|
[http.services]
|
||||||
<< with service "nomad-client" ->>
|
{{ with service "nomad-client" -}}
|
||||||
[http.services.nomad]
|
[http.services.nomad]
|
||||||
[http.services.nomad.loadBalancer]
|
[http.services.nomad.loadBalancer]
|
||||||
<< range . ->>
|
{{ range . -}}
|
||||||
[[http.services.nomad.loadBalancer.servers]]
|
[[http.services.nomad.loadBalancer.servers]]
|
||||||
url = "http://<< .Address >>:<< .Port >>"
|
url = "http://{{ .Address }}:{{ .Port }}"
|
||||||
<< end >>
|
{{ end }}
|
||||||
<<- end >>
|
{{- end }}
|
||||||
<< with service "consul" ->>
|
{{ with service "consul" -}}
|
||||||
[http.services.consul]
|
[http.services.consul]
|
||||||
[http.services.consul.loadBalancer]
|
[http.services.consul.loadBalancer]
|
||||||
<< range . ->>
|
{{ range . -}}
|
||||||
[[http.services.consul.loadBalancer.servers]]
|
[[http.services.consul.loadBalancer.servers]]
|
||||||
# Not using .Port because that's an RPC port
|
# Not using .Port because that's an RPC port
|
||||||
url = "http://<< .Address >>:8500"
|
url = "http://{{ .Address }}:8500"
|
||||||
<< end >>
|
{{ end }}
|
||||||
<<- end >>
|
{{- end }}
|
||||||
<< with service "vault" ->>
|
{{ with service "vault" -}}
|
||||||
[http.services.vault]
|
[http.services.vault]
|
||||||
[http.services.vault.loadBalancer]
|
[http.services.vault.loadBalancer]
|
||||||
<< range . ->>
|
{{ range . -}}
|
||||||
[[http.services.vault.loadBalancer.servers]]
|
[[http.services.vault.loadBalancer.servers]]
|
||||||
url = "http://<< .Address >>:<< .Port >>"
|
url = "http://{{ .Address }}:{{ .Port }}"
|
||||||
<< end >>
|
{{ end }}
|
||||||
<<- end >>
|
{{- end }}
|
||||||
EOH
|
EOH
|
||||||
destination = "/config/conf/route-hashi.toml"
|
destination = "local/config/conf/route-hashi.toml"
|
||||||
|
change_mode = "noop"
|
||||||
|
}
|
||||||
|
|
||||||
|
template {
|
||||||
|
data = <<EOH
|
||||||
|
[http.middlewares]
|
||||||
|
{{ with secret "kv/data/traefik" }}
|
||||||
|
{{ if .Data.data.usersfile }}
|
||||||
|
[http.middlewares.basic-auth.basicAuth]
|
||||||
|
usersFile = "/etc/traefik/usersfile"
|
||||||
|
{{ end }}
|
||||||
|
{{ end }}
|
||||||
|
EOH
|
||||||
|
destination = "local/config/conf/middlewares.toml"
|
||||||
|
change_mode = "noop"
|
||||||
|
}
|
||||||
|
|
||||||
|
template {
|
||||||
|
data = <<EOH
|
||||||
|
{{ with secret "kv/data/traefik" }}
|
||||||
|
{{ .Data.data.usersfile }}
|
||||||
|
{{ end }}
|
||||||
|
EOH
|
||||||
|
destination = "secrets/usersfile"
|
||||||
change_mode = "noop"
|
change_mode = "noop"
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -50,6 +50,7 @@ job "whoami" {
|
|||||||
tags = [
|
tags = [
|
||||||
"traefik.enable=true",
|
"traefik.enable=true",
|
||||||
"traefik.http.routers.whoami.entryPoints=websecure",
|
"traefik.http.routers.whoami.entryPoints=websecure",
|
||||||
|
"traefik.http.routers.whoami.middlewares=basic-auth@file",
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user