diff --git a/2-nomad-config/authelia.nomad.hcl b/2-nomad-config/authelia.nomad.hcl index e4af33a..3c8ecdc 100644 --- a/2-nomad-config/authelia.nomad.hcl +++ b/2-nomad-config/authelia.nomad.hcl @@ -28,6 +28,10 @@ job "authelia" { "traefik.enable=true", ] + connect { + sidecar_service {} + } + check { type = "http" path = "/health" diff --git a/2-nomad-config/traefik.nomad.hcl b/2-nomad-config/traefik.nomad.hcl index a8402b3..0406697 100644 --- a/2-nomad-config/traefik.nomad.hcl +++ b/2-nomad-config/traefik.nomad.hcl @@ -1,6 +1,7 @@ job "traefik" { group "traefik" { network { + mode = "bridge" port "http" { static = 80 } @@ -13,6 +14,18 @@ job "traefik" { static = 8081 } } + service { + connect { + sidecar_service { + proxy { + upstreams { + destination_name = "auth" + local_bind_port = 9091 + } + } + } + } + } service { name = "traefik" @@ -45,8 +58,8 @@ job "traefik" { driver = "docker" config { - image = "traefik:v3.3" - network_mode = "host" + image = "traefik:v3.3" + ports = ["http", "https", "api"] volumes = [ "local/traefik.yml:/etc/traefik/traefik.yml", @@ -91,7 +104,7 @@ providers: exposedByDefault: false defaultRule: {{"Host(`{{ .Name }}.othrayte.one`)"}} endpoint: - address: "127.0.0.1:8500" + address: "{{ env "NOMAD_HOST_IP_http" }}:8500" scheme: "http" certificatesResolvers: @@ -112,7 +125,7 @@ http: middlewares: auth: forwardAuth: - address: "http://jaglan-beta-m21:9091/api/authz/forward-auth" + address: "http://localhost:9091/api/authz/forward-auth" trustForwardHeader: true auth-allow-token: chain: @@ -165,11 +178,11 @@ http: nomad-ui: loadBalancer: servers: - - url: "http://127.0.0.1:4646" + - url: "http://{{ env "NOMAD_HOST_IP_http" }}:4646" consul-ui: loadBalancer: servers: - - url: "http://127.0.0.1:8500" + - url: "http://{{ env "NOMAD_HOST_IP_http" }}:8500" unraid: loadBalancer: servers: