forked from Deuxfleurs/infrastructure
final gitea configuration without SSL
This commit is contained in:
parent
6aa3369341
commit
9acdec272b
3 changed files with 60 additions and 29 deletions
|
@ -12,16 +12,22 @@ job "gitea" {
|
||||||
|
|
||||||
network {
|
network {
|
||||||
mode = "bridge"
|
mode = "bridge"
|
||||||
port "http" {
|
port "ssh" {
|
||||||
static = 3000
|
static = 22
|
||||||
to = 3000
|
|
||||||
}
|
}
|
||||||
port "ssh" { to = 22 }
|
# port "http" {
|
||||||
|
# static = 3000
|
||||||
|
# to = 3000
|
||||||
|
# }
|
||||||
}
|
}
|
||||||
|
|
||||||
service {
|
service {
|
||||||
name = "gitea-frontend"
|
name = "gitea-frontend"
|
||||||
port = "http"
|
port = "3000"
|
||||||
|
|
||||||
|
connect {
|
||||||
|
sidecar_service {}
|
||||||
|
}
|
||||||
|
|
||||||
# check {
|
# check {
|
||||||
# name = "alive"
|
# name = "alive"
|
||||||
|
@ -44,7 +50,7 @@ job "gitea" {
|
||||||
}
|
}
|
||||||
|
|
||||||
service {
|
service {
|
||||||
name = "gitea-db"
|
name = "gitea-postgres-connector"
|
||||||
|
|
||||||
connect {
|
connect {
|
||||||
sidecar_service {
|
sidecar_service {
|
||||||
|
@ -65,11 +71,7 @@ job "gitea" {
|
||||||
driver = "docker"
|
driver = "docker"
|
||||||
|
|
||||||
config {
|
config {
|
||||||
# Exposes the http & ssh ports from the container to the host.
|
ports = ["ssh"]
|
||||||
# Lame because anyone can access gitea bypassing nginx from :3000
|
|
||||||
# Necessary because without further mesh-net config,
|
|
||||||
# nginx can't access the container's port.
|
|
||||||
ports = ["http", "ssh"]
|
|
||||||
image = "gitea/gitea:1.14.2"
|
image = "gitea/gitea:1.14.2"
|
||||||
|
|
||||||
volumes = [
|
volumes = [
|
||||||
|
|
|
@ -1,9 +1,5 @@
|
||||||
upstream gitea-backend {
|
upstream gitea-frontend {
|
||||||
{{ range service "gitea-frontend" }}
|
server 127.0.0.1:3000;
|
||||||
server {{ .Address }}:{{ .Port }};
|
|
||||||
{{ else }}
|
|
||||||
server 127.0.0.1:65535; # force a 502
|
|
||||||
{{ end }}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
server {
|
server {
|
||||||
|
@ -11,7 +7,21 @@ server {
|
||||||
listen [::]:80;
|
listen [::]:80;
|
||||||
server_name gitea.hammerhead.luxeylab.net;
|
server_name gitea.hammerhead.luxeylab.net;
|
||||||
|
|
||||||
|
|
||||||
|
# Forward information from nginx to the upstream
|
||||||
|
# add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
|
||||||
|
add_header X-Frame-Options SAMEORIGIN;
|
||||||
|
add_header X-Content-Type-Options nosniff;
|
||||||
|
add_header X-XSS-Protection "1; mode=block";
|
||||||
location / {
|
location / {
|
||||||
proxy_pass http://gitea-backend;
|
# Forward information from nginx to the upstream
|
||||||
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
|
proxy_set_header X-Forwarded-Proto $scheme;
|
||||||
|
proxy_set_header Host $http_host;
|
||||||
|
proxy_set_header X-Forwarded-Host $http_host;
|
||||||
|
proxy_set_header X-Forwarded-Port $server_port;
|
||||||
|
|
||||||
|
proxy_pass http://gitea-frontend;
|
||||||
}
|
}
|
||||||
}
|
}
|
|
@ -5,6 +5,7 @@ job "nginx" {
|
||||||
count = 1
|
count = 1
|
||||||
|
|
||||||
network {
|
network {
|
||||||
|
mode = "bridge"
|
||||||
port "http" {
|
port "http" {
|
||||||
static = 80
|
static = 80
|
||||||
}
|
}
|
||||||
|
@ -24,6 +25,24 @@ job "nginx" {
|
||||||
port = "http"
|
port = "http"
|
||||||
}
|
}
|
||||||
|
|
||||||
|
service {
|
||||||
|
name = "nginx-gitea-frontend-connector"
|
||||||
|
|
||||||
|
connect {
|
||||||
|
sidecar_service {
|
||||||
|
proxy {
|
||||||
|
upstreams {
|
||||||
|
# Required
|
||||||
|
destination_name = "gitea-frontend"
|
||||||
|
local_bind_port = "3000"
|
||||||
|
# Optional
|
||||||
|
local_bind_address = "127.0.0.1"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
task "nginx" {
|
task "nginx" {
|
||||||
driver = "docker"
|
driver = "docker"
|
||||||
|
|
||||||
|
@ -36,12 +55,12 @@ job "nginx" {
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
|
||||||
template {
|
# template {
|
||||||
data = file("../config/dummy-http-server.tpl")
|
# data = file("../config/dummy-http-server.tpl")
|
||||||
destination = "local/dummy-http-server.conf"
|
# destination = "local/dummy-http-server.conf"
|
||||||
change_mode = "signal"
|
# change_mode = "signal"
|
||||||
change_signal = "SIGHUP"
|
# change_signal = "SIGHUP"
|
||||||
}
|
# }
|
||||||
|
|
||||||
template {
|
template {
|
||||||
data = file("../config/gitea.tpl")
|
data = file("../config/gitea.tpl")
|
||||||
|
|
Loading…
Reference in a new issue