forked from clstokes/example-nomad-nginx-secrets
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathnginx-10-vault-cert.nomad
More file actions
100 lines (85 loc) · 1.99 KB
/
nginx-10-vault-cert.nomad
File metadata and controls
100 lines (85 loc) · 1.99 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
job "nginx" {
datacenters = ["dc1"]
type = "service"
group "nginx" {
count = 1
vault {
policies = ["superuser"]
}
task "nginx" {
driver = "docker"
config {
image = "nginx"
port_map {
http = 80
}
port_map {
https = 443
}
volumes = [
"custom/default.conf:/etc/nginx/conf.d/default.conf",
"secret/cert.key:/etc/nginx/ssl/nginx.key",
]
}
template {
data = <<EOH
server {
listen 443 ssl;
server_name nginx.service.consul;
# note this is slightly wonky using the same file for
# both the cert and key
ssl_certificate /etc/nginx/ssl/nginx.key;
ssl_certificate_key /etc/nginx/ssl/nginx.key;
location / {
root /local/data/;
}
}
EOH
destination = "custom/default.conf"
}
template {
data = <<EOH
{{ with secret "pki/issue/consul-service" "common_name=nginx.service.consul" "ttl=30s" }}
{{ .Data.certificate }}
{{ .Data.private_key }}
{{ end }}
EOH
destination = "secret/cert.key"
}
# consul kv put features/motd 'Good afternoon.'
template {
data = <<EOH
{{ if keyExists "features/motd" }}
{{ key "features/motd" }}
{{ else }}
Good morning.
{{ end }}
EOH
destination = "local/data/index.html"
}
resources {
cpu = 100 # 100 MHz
memory = 128 # 128 MB
network {
mbits = 10
port "http" {
static = 80
}
port "https" {
static = 443
}
}
}
service {
name = "nginx"
tags = ["frontend","urlprefix-/nginx strip=/nginx"]
port = "http"
check {
type = "tcp"
interval = "10s"
timeout = "2s"
}
}
}
}
}