Add basic auth to traefik

This commit is contained in:
IamTheFij 2022-07-26 21:45:06 -07:00
parent 963a863e2d
commit d70dce8ab5
2 changed files with 56 additions and 24 deletions

View File

@ -73,8 +73,18 @@ job "traefik" {
mount { mount {
type = "bind" type = "bind"
target = "/etc/traefik" target = "/etc/traefik"
source = "config" source = "local/config"
} }
mount {
type = "bind"
target = "/etc/traefik/usersfile"
source = "secrets/usersfile"
}
}
vault {
policies = ["access-tables", "nomad-task"]
} }
template { template {
@ -125,13 +135,10 @@ job "traefik" {
[providers.consulCatalog.endpoint] [providers.consulCatalog.endpoint]
address = "http://<< env "CONSUL_HTTP_ADDR" >>" address = "http://<< env "CONSUL_HTTP_ADDR" >>"
EOH EOH
destination = "/config/traefik.toml" destination = "local/config/traefik.toml"
} }
template { template {
# Avoid conflict with TOML lists [[ ]] and Go templates {{ }}
left_delimiter = "<<"
right_delimiter = ">>"
data = <<EOH data = <<EOH
[http] [http]
[http.routers] [http.routers]
@ -139,46 +146,70 @@ job "traefik" {
entryPoints = ["websecure"] entryPoints = ["websecure"]
# middlewares = [] # middlewares = []
service = "nomad" service = "nomad"
rule = "Host(`nomad.${var.base_hostname}`)" rule = "Host(`nomad.{{ keyOrDefault "global/base_hostname" "${var.base_hostname}" }}`)"
[http.routers.consul] [http.routers.consul]
entryPoints = ["websecure"] entryPoints = ["websecure"]
# middlewares = [] # middlewares = []
service = "consul" service = "consul"
rule = "Host(`consul.${var.base_hostname}`)" rule = "Host(`consul.{{ keyOrDefault "global/base_hostname" "${var.base_hostname}" }}`)"
[http.routers.vault] [http.routers.vault]
entryPoints = ["websecure"] entryPoints = ["websecure"]
# middlewares = [] # middlewares = []
service = "vault" service = "vault"
rule = "Host(`vault.${var.base_hostname}`)" rule = "Host(`vault.{{ keyOrDefault "global/base_hostname" "${var.base_hostname}" }}`)"
[http.services] [http.services]
<< with service "nomad-client" ->> {{ with service "nomad-client" -}}
[http.services.nomad] [http.services.nomad]
[http.services.nomad.loadBalancer] [http.services.nomad.loadBalancer]
<< range . ->> {{ range . -}}
[[http.services.nomad.loadBalancer.servers]] [[http.services.nomad.loadBalancer.servers]]
url = "http://<< .Address >>:<< .Port >>" url = "http://{{ .Address }}:{{ .Port }}"
<< end >> {{ end }}
<<- end >> {{- end }}
<< with service "consul" ->> {{ with service "consul" -}}
[http.services.consul] [http.services.consul]
[http.services.consul.loadBalancer] [http.services.consul.loadBalancer]
<< range . ->> {{ range . -}}
[[http.services.consul.loadBalancer.servers]] [[http.services.consul.loadBalancer.servers]]
# Not using .Port because that's an RPC port # Not using .Port because that's an RPC port
url = "http://<< .Address >>:8500" url = "http://{{ .Address }}:8500"
<< end >> {{ end }}
<<- end >> {{- end }}
<< with service "vault" ->> {{ with service "vault" -}}
[http.services.vault] [http.services.vault]
[http.services.vault.loadBalancer] [http.services.vault.loadBalancer]
<< range . ->> {{ range . -}}
[[http.services.vault.loadBalancer.servers]] [[http.services.vault.loadBalancer.servers]]
url = "http://<< .Address >>:<< .Port >>" url = "http://{{ .Address }}:{{ .Port }}"
<< end >> {{ end }}
<<- end >> {{- end }}
EOH EOH
destination = "/config/conf/route-hashi.toml" destination = "local/config/conf/route-hashi.toml"
change_mode = "noop"
}
template {
data = <<EOH
[http.middlewares]
{{ with secret "kv/data/traefik" }}
{{ if .Data.data.usersfile }}
[http.middlewares.basic-auth.basicAuth]
usersFile = "/etc/traefik/usersfile"
{{ end }}
{{ end }}
EOH
destination = "local/config/conf/middlewares.toml"
change_mode = "noop"
}
template {
data = <<EOH
{{ with secret "kv/data/traefik" }}
{{ .Data.data.usersfile }}
{{ end }}
EOH
destination = "secrets/usersfile"
change_mode = "noop" change_mode = "noop"
} }

View File

@ -50,6 +50,7 @@ job "whoami" {
tags = [ tags = [
"traefik.enable=true", "traefik.enable=true",
"traefik.http.routers.whoami.entryPoints=websecure", "traefik.http.routers.whoami.entryPoints=websecure",
"traefik.http.routers.whoami.middlewares=basic-auth@file",
] ]
} }