job "redis" { datacenters = ["dc1"] type = "service" priority = 60 group "cache" { count = 1 ephemeral_disk { migrate = true sticky = true size = 300 } network { mode = "bridge" port "tls" {} } service { name = "redis-tls" provider = "nomad" port = "tls" } task "redis" { driver = "docker" config { image = "redis:6" args = ["redis-server", "--save", "60", "1", "--loglevel", "warning", "--dir", "${NOMAD_ALLOC_DIR}/data"] ports = ["main"] } resources { cpu = 100 memory = 128 memory_max = 512 } } task "stunnel" { driver = "docker" config { image = "alpine:3.17" ports = ["tls"] args = ["/bin/sh", "${NOMAD_TASK_DIR}/start.sh"] } resources { cpu = 100 memory = 100 } template { data = <<EOF set -e apk add stunnel exec stunnel ${NOMAD_TASK_DIR}/stunnel.conf EOF destination = "${NOMAD_TASK_DIR}/start.sh" } template { data = <<EOF syslog = no foreground = yes delay = yes [redis_server] accept = {{ env "NOMAD_PORT_tls" }} connect = 127.0.0.1:6379 ciphers = PSK PSKsecrets = {{ env "NOMAD_SECRETS_DIR" }}/stunnel_psk.txt EOF destination = "${NOMAD_TASK_DIR}/stunnel.conf" } template { data = <<EOF {{ with nomadVar "nomad/jobs/redis" -}} {{ .allowed_psks }} {{- end }} EOF destination = "${NOMAD_SECRETS_DIR}/stunnel_psk.txt" } } } }