45 lines
855 B
HCL
45 lines
855 B
HCL
module "acme" {
|
|
source = "../services/service"
|
|
|
|
name = "acme"
|
|
image = "caddy:2.7.4"
|
|
args = ["caddy", "--config", "$${NOMAD_TASK_DIR}/Caddyfile", "run"]
|
|
|
|
ingress = true
|
|
service_port = 80
|
|
use_wesher = var.use_wesher
|
|
|
|
templates = [
|
|
{
|
|
data = <<EOF
|
|
{
|
|
local_certs
|
|
debug
|
|
storage file_system {{ env "NOMAD_ALLOC_DIR" }}/data
|
|
}
|
|
|
|
:80, :443 {
|
|
tls internal
|
|
|
|
reverse_proxy "/chain" http://localhost:2019 {
|
|
header_up Host {upstream_hostport}
|
|
rewrite /pki/ca/local/certificates
|
|
}
|
|
|
|
@denied not remote_ip private_ranges
|
|
error @denied "Who dis?" 401
|
|
|
|
acme_server
|
|
}
|
|
EOF
|
|
dest = "Caddyfile"
|
|
mount = false
|
|
change_mode = "script"
|
|
change_script = {
|
|
command = "caddy"
|
|
args = ["reload", "--config", "$${NOMAD_TASK_DIR}/Caddyfle"]
|
|
}
|
|
},
|
|
]
|
|
}
|