From 67df91275585afbf83c54ffa62feb3afb33d8137 Mon Sep 17 00:00:00 2001
From: Ian Fijolek <ian@iamthefij.com>
Date: Sun, 4 Sep 2022 20:21:02 -0700
Subject: [PATCH] Fix syslog proxy

Apparently traefik only supports http proxy over connect.

https://github.com/traefik/traefik/issues/7803
---
 .secrets-baseline           |  6 +++---
 nomad/syslogng.nomad        | 16 ++------------
 nomad/traefik/traefik.nomad | 42 +++++++++++++++++++++++++++++++++++++
 3 files changed, 47 insertions(+), 17 deletions(-)

diff --git a/.secrets-baseline b/.secrets-baseline
index 14c9d0a..fc3063a 100644
--- a/.secrets-baseline
+++ b/.secrets-baseline
@@ -171,7 +171,7 @@
         "filename": "nomad/syslogng.nomad",
         "hashed_secret": "298b5925fe7c7458cb8a12a74621fdedafea5ad6",
         "is_verified": false,
-        "line_number": 171,
+        "line_number": 159,
         "is_secret": false
       },
       {
@@ -179,7 +179,7 @@
         "filename": "nomad/syslogng.nomad",
         "hashed_secret": "3a1cec2d3c3de7e4da4d99c6731ca696c24b72b4",
         "is_verified": false,
-        "line_number": 171,
+        "line_number": 159,
         "is_secret": false
       }
     ],
@@ -210,5 +210,5 @@
       }
     ]
   },
-  "generated_at": "2022-09-04T21:06:55Z"
+  "generated_at": "2022-09-05T03:20:56Z"
 }
diff --git a/nomad/syslogng.nomad b/nomad/syslogng.nomad
index 7ffc5b0..ac38e0b 100644
--- a/nomad/syslogng.nomad
+++ b/nomad/syslogng.nomad
@@ -92,13 +92,6 @@ EOF
   group "syslogng" {
     count = 1
 
-    constraint {
-      attribute = "${node.unique.name}"
-      # Needs to be on a predictable node for routing
-      # Maybe a loadbalancer could be used for routing from any node
-      value = "n2"
-    }
-
     network {
       mode = "bridge"
       port "main" {
@@ -113,6 +106,8 @@ EOF
       connect {
         sidecar_service {
           proxy {
+            local_service_port = 514
+
             upstreams {
               destination_name = "syslogng-promtail"
               local_bind_port = 1000
@@ -128,13 +123,6 @@ EOF
           }
         }
       }
-
-      tags = [
-        "traefik.enable=true",
-        "traefik.tcp.routers.syslogngtcp.entrypoints=syslogtcp",
-        "traefik.tcp.routers.syslogngtcp.rule=HostSNI(`*`)",
-        "traefik.udp.routers.syslogngudp.entrypoints=syslogudp",
-      ]
     }
 
     task "syslogng" {
diff --git a/nomad/traefik/traefik.nomad b/nomad/traefik/traefik.nomad
index 921773c..1300670 100644
--- a/nomad/traefik/traefik.nomad
+++ b/nomad/traefik/traefik.nomad
@@ -32,9 +32,14 @@ job "traefik" {
       port "web" {
         static = 80
       }
+
       port "websecure" {
         static = 443
       }
+
+      port "syslog" {
+        static = 514
+      }
     }
 
     ephemeral_disk {
@@ -224,6 +229,43 @@ CF_ZONE_API_TOKEN={{ .Data.data.api_token_zone_read }}
         change_mode = "noop"
       }
 
+      template {
+        data = <<EOH
+{{ with service "syslogng" -}}
+[tcp.routers]
+  [tcp.routers.syslogtcp]
+    entryPoints = ["syslogtcp"]
+    service = "syslogngtcp"
+    rule = "HostSNI(`*`)"
+
+[tcp.services]
+  [tcp.services.syslogngtcp]
+    [tcp.services.syslogngtcp.loadBalancer]
+      {{ range . -}}
+      [[tcp.services.syslogngtcp.loadBalancer.servers]]
+        address = "{{ .Address }}:{{ .Port }}"
+      {{ end -}}
+{{ end }}
+
+{{ with service "syslogng" -}}
+[udp.routers]
+  [udp.routers.syslogudp]
+    entryPoints = ["syslogudp"]
+    service = "syslogngudp"
+
+[udp.services]
+  [udp.services.syslogngudp]
+    [udp.services.syslogngudp.loadBalancer]
+      {{ range . -}}
+      [[udp.services.syslogngudp.loadBalancer.servers]]
+        address = "{{ .Address }}:{{ .Port }}"
+      {{ end -}}
+{{ end }}
+        EOH
+        destination = "local/config/conf/route-syslog-ng.toml"
+        change_mode = "noop"
+      }
+
       template {
         data = <<EOH
 [http.middlewares]