Skip to content

Instantly share code, notes, and snippets.

@wyattwalter
Last active May 28, 2020 21:21
Show Gist options
  • Save wyattwalter/9986d34b5fba9cb1d86dbce1345035a4 to your computer and use it in GitHub Desktop.
Save wyattwalter/9986d34b5fba9cb1d86dbce1345035a4 to your computer and use it in GitHub Desktop.
traefik 2.x nomad example
job "docs" {
datacenters = ["home"]
group "example" {
count = "1"
task "server" {
driver = "docker"
config {
image = "hashicorp/http-echo"
args = [
"-listen",
":${NOMAD_PORT_http}",
"-text",
"hi there",
]
}
resources {
network {
mbits = 10
port "http"{}
}
}
service {
name = "hello-there"
port = "http"
tags = [
"traefik.tags=service",
"traefik.http.routers.helloworld.rule=Host(`hello.domain.com`)",
"traefik.http.routers.helloworld.tls=true",
"traefik.http.routers.helloworld.tls.certresolver=myresolver",
"traefik.http.routers.helloworld.tls.domains[0].main=domain.com",
"traefik.http.routers.helloworld.tls.domains[0].sans=hello.domain.com",
]
check {
type = "http"
path = "/"
interval = "2s"
timeout = "2s"
}
}
}
}
}
# Example Traefik Nomad config with Let's Encrypt integration using Route53 validation
job "traefik" {
region = "<region>"
datacenters = ["<dc>"]
type = "service"
group "traefik" {
count = 1
task "traefik" {
driver = "docker"
config {
image = "traefik:2.2"
network_mode = "host"
volumes = [
"local/etc:/etc/traefik",
]
}
template {
data = <<EOF
[entryPoints]
[entryPoints.http]
address = ":8080"
[entryPoints.websecure]
address = ":443"
[entryPoints.traefik]
address = ":8081"
[providers]
providersThrottleDuration = "2s"
[providers.consulCatalog]
constraints = "Tag(`traefik.tags=service`)"
[api]
insecure = true
dashboard = true
[log]
[certificatesResolvers.myresolver.acme]
email = "<email>"
storage = "acme.json"
[certificatesResolvers.myresolver.acme.dnsChallenge]
provider = "route53"
EOF
destination = "local/etc/traefik.toml"
}
template {
destination = "secrets/env"
env = true
data = <<EOF
{{ with secret "kv/data/route53_iam" }}
AWS_ACCESS_KEY_ID={{ .Data.data.KEY }}
AWS_SECRET_ACCESS_KEY={{ .Data.data.SECRET }}
{{ end }}
EOF
}
resources {
cpu = 100
memory = 128
network {
mbits = 10
port "http" {
static = 8080
}
port "api" {
static = 8081
}
}
}
service {
name = "traefik"
check {
name = "alive"
type = "tcp"
port = "http"
interval = "10s"
timeout = "2s"
}
}
}
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment