Use static port for Authelia so that nomad middleware config is the same for each service
This commit is contained in:
parent
d0641f8edf
commit
744466bf07
@ -150,7 +150,7 @@
|
|||||||
"filename": "core/authelia.yml",
|
"filename": "core/authelia.yml",
|
||||||
"hashed_secret": "7cb6efb98ba5972a9b5090dc2e517fe14d12cb04",
|
"hashed_secret": "7cb6efb98ba5972a9b5090dc2e517fe14d12cb04",
|
||||||
"is_verified": false,
|
"is_verified": false,
|
||||||
"line_number": 55,
|
"line_number": 54,
|
||||||
"is_secret": false
|
"is_secret": false
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
@ -158,7 +158,7 @@
|
|||||||
"filename": "core/authelia.yml",
|
"filename": "core/authelia.yml",
|
||||||
"hashed_secret": "a32b08d97b1615dc27f58b6b17f67624c04e2c4f",
|
"hashed_secret": "a32b08d97b1615dc27f58b6b17f67624c04e2c4f",
|
||||||
"is_verified": false,
|
"is_verified": false,
|
||||||
"line_number": 186,
|
"line_number": 185,
|
||||||
"is_secret": false
|
"is_secret": false
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
@ -213,5 +213,5 @@
|
|||||||
}
|
}
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"generated_at": "2023-07-07T22:48:34Z"
|
"generated_at": "2023-07-07T23:34:07Z"
|
||||||
}
|
}
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
theme: auto
|
theme: auto
|
||||||
|
|
||||||
# jwt_secret: < in file >
|
# jwt_secret: <file>
|
||||||
|
|
||||||
{{ with nomadVar "nomad/jobs" }}
|
{{ with nomadVar "nomad/jobs" }}
|
||||||
default_redirection_url: https://authelia.{{ .base_hostname }}/
|
default_redirection_url: https://authelia.{{ .base_hostname }}/
|
||||||
@ -20,7 +20,6 @@ log:
|
|||||||
## Level of verbosity for logs: info, debug, trace.
|
## Level of verbosity for logs: info, debug, trace.
|
||||||
level: debug
|
level: debug
|
||||||
|
|
||||||
## Format the logs are written as: json, text.
|
|
||||||
format: json
|
format: json
|
||||||
|
|
||||||
telemetry:
|
telemetry:
|
||||||
|
@ -64,7 +64,9 @@ module "authelia" {
|
|||||||
args = ["--config", "$${NOMAD_TASK_DIR}/authelia.yml"]
|
args = ["--config", "$${NOMAD_TASK_DIR}/authelia.yml"]
|
||||||
ingress = true
|
ingress = true
|
||||||
service_port = 9091
|
service_port = 9091
|
||||||
|
service_port_static = true
|
||||||
# metrics_port = 9959
|
# metrics_port = 9959
|
||||||
|
|
||||||
env = {
|
env = {
|
||||||
AUTHELIA_AUTHENTICATION_BACKEND_LDAP_PASSWORD_FILE = "$${NOMAD_SECRETS_DIR}/ldap_password.txt"
|
AUTHELIA_AUTHENTICATION_BACKEND_LDAP_PASSWORD_FILE = "$${NOMAD_SECRETS_DIR}/ldap_password.txt"
|
||||||
AUTHELIA_JWT_SECRET_FILE = "$${NOMAD_SECRETS_DIR}/jwt_secret.txt"
|
AUTHELIA_JWT_SECRET_FILE = "$${NOMAD_SECRETS_DIR}/jwt_secret.txt"
|
||||||
@ -86,10 +88,10 @@ module "authelia" {
|
|||||||
|
|
||||||
service_tags = [
|
service_tags = [
|
||||||
# Configure traefik to add this middleware
|
# Configure traefik to add this middleware
|
||||||
"traefik.http.middlewares.authelia.forwardAuth.address=http://$${NOMAD_IP_main}:$${NOMAD_HOST_PORT_main}/api/verify?rd=https%3A%2F%2Fauthelia.thefij.rocks%2F",
|
"traefik.http.middlewares.authelia.forwardAuth.address=http://authelia.nomad:9091/api/verify?rd=https%3A%2F%2Fauthelia.thefij.rocks%2F",
|
||||||
"traefik.http.middlewares.authelia.forwardAuth.trustForwardHeader=true",
|
"traefik.http.middlewares.authelia.forwardAuth.trustForwardHeader=true",
|
||||||
"traefik.http.middlewares.authelia.forwardAuth.authResponseHeaders=Remote-User,Remote-Groups,Remote-Name,Remote-Email",
|
"traefik.http.middlewares.authelia.forwardAuth.authResponseHeaders=Remote-User,Remote-Groups,Remote-Name,Remote-Email",
|
||||||
"traefik.http.middlewares.authelia-basic.forwardAuth.address=http://$${NOMAD_IP_main}:$${NOMAD_HOST_PORT_main}/api/verify?auth=basic",
|
"traefik.http.middlewares.authelia-basic.forwardAuth.address=http://authelia.nomad:9091/api/verify?auth=basic",
|
||||||
"traefik.http.middlewares.authelia-basic.forwardAuth.trustForwardHeader=true",
|
"traefik.http.middlewares.authelia-basic.forwardAuth.trustForwardHeader=true",
|
||||||
"traefik.http.middlewares.authelia-basic.forwardAuth.authResponseHeaders=Remote-User,Remote-Groups,Remote-Name,Remote-Email",
|
"traefik.http.middlewares.authelia-basic.forwardAuth.authResponseHeaders=Remote-User,Remote-Groups,Remote-Name,Remote-Email",
|
||||||
]
|
]
|
||||||
|
@ -40,6 +40,15 @@ job "traefik" {
|
|||||||
port "syslog" {
|
port "syslog" {
|
||||||
static = 514
|
static = 514
|
||||||
}
|
}
|
||||||
|
|
||||||
|
dns {
|
||||||
|
servers = [
|
||||||
|
"192.168.2.101",
|
||||||
|
"192.168.2.102",
|
||||||
|
"192.168.2.30",
|
||||||
|
"192.168.2.170",
|
||||||
|
]
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
ephemeral_disk {
|
ephemeral_disk {
|
||||||
|
Loading…
Reference in New Issue
Block a user