final gitea configuration without SSL

This commit is contained in:
LUXEY Adrien 2021-06-18 12:33:46 +02:00
parent 6aa3369341
commit 9acdec272b
3 changed files with 60 additions and 29 deletions

View file

@ -12,16 +12,22 @@ job "gitea" {
network {
mode = "bridge"
port "http" {
static = 3000
to = 3000
port "ssh" {
static = 22
}
port "ssh" { to = 22 }
# port "http" {
# static = 3000
# to = 3000
# }
}
service {
name = "gitea-frontend"
port = "http"
port = "3000"
connect {
sidecar_service {}
}
# check {
# name = "alive"
@ -44,7 +50,7 @@ job "gitea" {
}
service {
name = "gitea-db"
name = "gitea-postgres-connector"
connect {
sidecar_service {
@ -65,11 +71,7 @@ job "gitea" {
driver = "docker"
config {
# Exposes the http & ssh ports from the container to the host.
# Lame because anyone can access gitea bypassing nginx from :3000
# Necessary because without further mesh-net config,
# nginx can't access the container's port.
ports = ["http", "ssh"]
ports = ["ssh"]
image = "gitea/gitea:1.14.2"
volumes = [

View file

@ -1,17 +1,27 @@
upstream gitea-backend {
{{ range service "gitea-frontend" }}
server {{ .Address }}:{{ .Port }};
{{ else }}
server 127.0.0.1:65535; # force a 502
{{ end }}
upstream gitea-frontend {
server 127.0.0.1:3000;
}
server {
listen 80;
listen [::]:80;
server_name gitea.hammerhead.luxeylab.net;
listen 80;
listen [::]:80;
server_name gitea.hammerhead.luxeylab.net;
location / {
proxy_pass http://gitea-backend;
}
# Forward information from nginx to the upstream
# add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
add_header X-Frame-Options SAMEORIGIN;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
location / {
# Forward information from nginx to the upstream
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Host $http_host;
proxy_set_header X-Forwarded-Port $server_port;
proxy_pass http://gitea-frontend;
}
}

View file

@ -5,6 +5,7 @@ job "nginx" {
count = 1
network {
mode = "bridge"
port "http" {
static = 80
}
@ -24,6 +25,24 @@ job "nginx" {
port = "http"
}
service {
name = "nginx-gitea-frontend-connector"
connect {
sidecar_service {
proxy {
upstreams {
# Required
destination_name = "gitea-frontend"
local_bind_port = "3000"
# Optional
local_bind_address = "127.0.0.1"
}
}
}
}
}
task "nginx" {
driver = "docker"
@ -36,12 +55,12 @@ job "nginx" {
]
}
template {
data = file("../config/dummy-http-server.tpl")
destination = "local/dummy-http-server.conf"
change_mode = "signal"
change_signal = "SIGHUP"
}
# template {
# data = file("../config/dummy-http-server.tpl")
# destination = "local/dummy-http-server.conf"
# change_mode = "signal"
# change_signal = "SIGHUP"
# }
template {
data = file("../config/gitea.tpl")