iamthefij/orchestration-tests
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Get letsencrypt certs working with Traefik

Browse Source
This commit is contained in:
IamTheFij 2022-07-27 11:12:08 -07:00
parent 85fccea867
commit fe11b03a43
1 changed files with 27 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
nomad/traefik/traefik.nomad
View File

@ -54,10 +54,8 @@ job "traefik" {
tags = [ tags = [
"traefik.enable=true", "traefik.enable=true",
"traefik.http.routers.traefik_dashboard.entryPoints=websecure", "traefik.http.routers.traefik.entryPoints=websecure",
"traefik.http.routers.traefik_dashboard.rule=Host(`traefik.${var.base_hostname}`)", "traefik.http.routers.traefik.service=api@internal",
"traefik.http.routers.traefik_dashboard.service=api@internal",
"traefik.http.routers.traefik_dashboard.tls=true",
] ]
} }
@ -107,7 +105,9 @@ job "traefik" {
[entryPoints.websecure] [entryPoints.websecure]
address = ":443" address = ":443"
[entryPoints.websecure.http.tls] [entryPoints.websecure.http.tls]
# certResolver = "letsEncrypt" << if keyExists "traefik/acme/email" ->>
certResolver = "letsEncrypt"
<< end ->>
[entryPoints.metrics] [entryPoints.metrics]
address = ":8989" address = ":8989"
@ -131,13 +131,34 @@ job "traefik" {
connectAware = true connectAware = true
connectByDefault = true connectByDefault = true
exposedByDefault = false exposedByDefault = false
defaultRule = "Host(`{{normalize .Name}}.${var.base_hostname}`)" defaultRule = "Host(`{{normalize .Name}}.<< keyOrDefault "global/base_hostname" "${var.base_hostname}" >>`)"
[providers.consulCatalog.endpoint] [providers.consulCatalog.endpoint]
address = "http://<< env "CONSUL_HTTP_ADDR" >>" address = "http://<< env "CONSUL_HTTP_ADDR" >>"
<< if keyExists "traefik/acme/email" ->>
[certificatesResolvers.letsEncrypt.acme]
email = "<< key "traefik/acme/email" >>"
storage = "acme.json"
[certificatesResolvers.letsEncrypt.acme.dnsChallenge]
provider = "cloudflare"
resolvers = ["1.1.1.1:53", "8.8.8.8:53"]
delayBeforeCheck = 0
<< end ->>
EOH EOH
destination = "local/config/traefik.toml" destination = "local/config/traefik.toml"
} }
template {
data = <<EOH
{{ with secret "kv/data/cloudflare" }}
CF_DNS_API_TOKEN={{ .Data.data.api_token_dns_edit }}
CF_ZONE_API_TOKEN={{ .Data.data.api_token_zone_read }}
{{ end }}
EOH
destination = "secrets/cloudflare.env"
env = true
}
template { template {
data = <<EOH data = <<EOH
[http] [http]