115 lines
2.5 KiB
HCL
115 lines
2.5 KiB
HCL
variable "config_data" {
|
|
type = string
|
|
description = "Authelia YAML config"
|
|
}
|
|
|
|
job "authelia" {
|
|
datacenters = ["dc1"]
|
|
type = "service"
|
|
priority = 80
|
|
|
|
group "authelia" {
|
|
count = 1
|
|
|
|
network {
|
|
mode = "bridge"
|
|
|
|
port "main" {
|
|
host_network = "loopback"
|
|
to = 9091
|
|
}
|
|
|
|
port "metrics" {
|
|
to = 9959
|
|
}
|
|
}
|
|
|
|
service {
|
|
name = "authelia"
|
|
port = "main"
|
|
|
|
meta {
|
|
metrics_addr = "${NOMAD_ADDR_metrics}"
|
|
}
|
|
|
|
connect {
|
|
sidecar_service {
|
|
proxy {
|
|
local_service_port = 9091
|
|
|
|
expose {
|
|
path {
|
|
path = "/metrics"
|
|
protocol = "http"
|
|
local_path_port = 9959
|
|
listener_port = "metrics"
|
|
}
|
|
}
|
|
|
|
upstreams {
|
|
destination_name = "ldap"
|
|
local_bind_port = 4820
|
|
}
|
|
|
|
upstreams {
|
|
destination_name = "redis"
|
|
local_bind_port = 6379
|
|
}
|
|
}
|
|
}
|
|
|
|
sidecar_task {
|
|
resources {
|
|
cpu = 50
|
|
memory = 50
|
|
}
|
|
}
|
|
}
|
|
|
|
tags = [
|
|
"traefik.enable=true",
|
|
"traefik.http.routers.authelia.entryPoints=websecure,auth",
|
|
"traefik.http.middlewares.authelia.forwardAuth.address=http://localhost:8999/api/verify?rd=https%3A%2F%2Fauthelia.thefij.rocks%2F",
|
|
"traefik.http.middlewares.authelia.forwardAuth.trustForwardHeader=true",
|
|
"traefik.http.middlewares.authelia.forwardAuth.authResponseHeaders=Remote-User,Remote-Groups,Remote-Name,Remote-Email",
|
|
"traefik.http.middlewares.authelia-basic.forwardAuth.address=http://http://localhost:8999/api/verify?auth=basic",
|
|
"traefik.http.middlewares.authelia-basic.forwardAuth.trustForwardHeader=true",
|
|
"traefik.http.middlewares.authelia-basic.forwardAuth.authResponseHeaders=Remote-User,Remote-Groups,Remote-Name,Remote-Email",
|
|
]
|
|
}
|
|
|
|
task "authelia" {
|
|
driver = "docker"
|
|
|
|
config {
|
|
image = "authelia/authelia"
|
|
|
|
ports = ["main"]
|
|
|
|
mount {
|
|
type = "bind"
|
|
target = "/config"
|
|
source = "config"
|
|
}
|
|
}
|
|
|
|
vault {
|
|
policies = [
|
|
"access-tables",
|
|
"nomad-task",
|
|
]
|
|
}
|
|
|
|
template {
|
|
data = var.config_data
|
|
destination = "/config/configuration.yml"
|
|
}
|
|
|
|
resources {
|
|
cpu = 50
|
|
memory = 50
|
|
}
|
|
}
|
|
}
|
|
}
|