Created
November 1, 2023 20:27
-
-
Save schmichael/57ac7a4a958c52807e22a01fb96c2713 to your computer and use it in GitHub Desktop.
Exposes Nomad's HTTP API on port 8080 with /.well-known/ endpoints available without auth.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| job "nginx-proxy" { | |
| group "nginx" { | |
| network { | |
| port "http" { | |
| static = 8080 | |
| to = 8080 | |
| } | |
| } | |
| task "nginx" { | |
| driver = "docker" | |
| config { | |
| image = "nginx:mainline" | |
| command = "nginx" | |
| args = ["-c", "/local/nginx.conf"] | |
| ports = ["http"] | |
| auth_soft_fail = true | |
| } | |
| identity { | |
| env = true | |
| file = true | |
| } | |
| resources { | |
| cpu = 500 | |
| memory = 256 | |
| } | |
| template { | |
| destination = "local/nginx.conf" | |
| data = <<EOF | |
| daemon off; | |
| events {} | |
| http { | |
| server { | |
| listen 8080; | |
| location /.well-known/jwks.json { | |
| proxy_pass http://unix:/secrets/api.sock:$request_uri; | |
| proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
| # Public endpoint so set auth token | |
| proxy_set_header Authorization "Bearer {{ env "NOMAD_TOKEN" }}"; | |
| } | |
| location /.well-known/openid-configuration { | |
| proxy_pass http://unix:/secrets/api.sock:$request_uri; | |
| proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
| # Public endpoint so set auth token | |
| proxy_set_header Authorization "Bearer {{ env "NOMAD_TOKEN" }}"; | |
| } | |
| location / { | |
| proxy_pass http://unix:/secrets/api.sock:$request_uri; | |
| proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
| } | |
| } | |
| } | |
| EOF | |
| } | |
| } # task | |
| } # group | |
| } # job |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment