variable "config_data" { type = string description = "Authelia YAML config" } job "authelia" { datacenters = ["dc1"] type = "service" priority = 80 group "authelia" { count = 1 network { mode = "bridge" port "main" { host_network = "loopback" to = 9091 } port "metrics" { to = 9959 } } service { name = "authelia" port = "main" meta { metrics_addr = "${NOMAD_ADDR_metrics}" } connect { sidecar_service { proxy { local_service_port = 9091 expose { path { path = "/metrics" protocol = "http" local_path_port = 9959 listener_port = "metrics" } } upstreams { destination_name = "ldap" local_bind_port = 4820 } upstreams { destination_name = "redis" local_bind_port = 6379 } } } sidecar_task { resources { cpu = 50 memory = 50 } } } tags = [ "traefik.enable=true", "traefik.http.middlewares.authelia.forwardAuth.address=http://authelia.service.consul/api/verify?rd=https%3A%2F%2Fauthelia.thefij.rocks%2F", "traefik.http.middlewares.authelia.forwardAuth.trustForwardHeader=true", "traefik.http.middlewares.authelia.forwardAuth.authResponseHeaders=Remote-User,Remote-Groups,Remote-Name,Remote-Email", "traefik.http.middlewares.authelia-basic.forwardAuth.address=http://authelia.service.consul/api/verify?auth=basic", "traefik.http.middlewares.authelia-basic.forwardAuth.trustForwardHeader=true", "traefik.http.middlewares.authelia-basic.forwardAuth.authResponseHeaders=Remote-User,Remote-Groups,Remote-Name,Remote-Email", ] } task "authelia" { driver = "docker" config { image = "authelia/authelia" ports = ["main"] mount { type = "bind" target = "/config" source = "config" } } vault { policies = [ "access-tables", "nomad-task", ] } template { data = var.config_data destination = "/config/configuration.yml" } resources { cpu = 50 memory = 50 } } } }