diff --git a/hosts/alo-cloud-1/default.nix b/hosts/alo-cloud-1/default.nix index 2b5867e..ee790d2 100644 --- a/hosts/alo-cloud-1/default.nix +++ b/hosts/alo-cloud-1/default.nix @@ -4,6 +4,7 @@ ../../common/global ../../common/cloud-node.nix ./hardware.nix + ./reverse-proxy.nix ]; boot.initrd.kernelModules = [ "virtio_gpu" ]; diff --git a/hosts/alo-cloud-1/reverse-proxy.nix b/hosts/alo-cloud-1/reverse-proxy.nix new file mode 100644 index 0000000..73a016b --- /dev/null +++ b/hosts/alo-cloud-1/reverse-proxy.nix @@ -0,0 +1,120 @@ +{ pkgs, ... }: +{ + environment.systemPackages = [ pkgs.traefik ]; + environment.persistence."/persist".files = [ + "/acme/acme.json" + ]; + + services.traefik = { + enable = true; + + staticConfigOptions = { + global = { + checkNewVersion = false; + sendAnonymousUsage = false; + }; + + accessLog = {}; + + certificatesResolvers = { + letsencrypt = { + acme = { + email = "petru@paler.net"; + storage = "/acme/acme.json"; + tlsChallenge = {}; + }; + }; + }; + + entryPoints = { + web = { + address = ":80"; + http = { + redirections = { + entrypoint = { + to = "websecure"; + scheme = "https"; + permanent = true; + }; + }; + }; + }; + websecure = { + address = ":443"; + http = { + tls = { + certResolver = "letsencrypt"; + }; + }; + }; + }; + }; + + dynamicConfigOptions = { + http = { + services = { + alo-cluster = { + loadBalancer = { + servers = [ + { + # edgy over Tailscale + url = "http://100.64.229.126:10080"; + } + ]; + }; + }; + }; + + routers = { + wordpress-paler-net = { + entryPoints = "websecure"; + rule = "Host(`wordpress.paler.net`)"; + service = "alo-cluster"; + }; + + ines-paler-net = { + entryPoints = "websecure"; + rule = "Host(`ines.paler.net`)"; + service = "alo-cluster"; + }; + + coachingfor-me = { + entryPoints = "websecure"; + rule = "Host(`coachingfor.me`)"; + service = "alo-cluster"; + }; + + coachingfor-work = { + entryPoints = "websecure"; + rule = "Host(`coachingfor.work`)"; + service = "alo-cluster"; + }; + + petru-ines-paler-net = { + entryPoints = "websecure"; + rule = "Host(`petru.ines.paler.net`)"; + service = "alo-cluster"; + }; + + liam-paler-net = { + entryPoints = "websecure"; + rule = "Host(`liam.paler.net`)"; + service = "alo-cluster"; + }; + + tomas-paler-net = { + entryPoints = "websecure"; + rule = "Host(`tomas.paler.net`)"; + service = "alo-cluster"; + }; + + musictogethersilvercoast-pt = { + entryPoints = "websecure"; + rule = "Host(`musictogethersilvercoast.pt`)"; + service = "alo-cluster"; + }; + }; + }; + }; + }; +} diff --git a/services/traefik.hcl b/services/traefik.hcl index 58c3e98..c0b44e4 100644 --- a/services/traefik.hcl +++ b/services/traefik.hcl @@ -16,6 +16,9 @@ job "traefik" { #host_network = "tailscale" static = "9002" } + port "http4proxy" { + static = 10080 + } } task "traefik" { @@ -52,7 +55,7 @@ job "traefik" { config { image = "traefik:latest" - ports = ["http", "https", "admin"] + ports = ["http", "https", "admin", "http4proxy"] network_mode = "host" volumes = [ "local/traefik.yml:/etc/traefik/traefik.yml", @@ -112,6 +115,9 @@ entryPoints: scheme: https permanent: true + web4proxy: + address: ":{{{ env "NOMAD_PORT_http4proxy" }}}" + websecure: address: ":{{{ env "NOMAD_PORT_https" }}}" http: diff --git a/services/wordpress.hcl b/services/wordpress.hcl index bc30129..02f3d76 100644 --- a/services/wordpress.hcl +++ b/services/wordpress.hcl @@ -46,9 +46,8 @@ job "wordpress" { tags = [ "traefik.enable=true", - "traefik.http.routers.wordpress.entryPoints=websecure", - "traefik.http.routers.wordpress.middlewares=authentik@file", - "traefik.http.routers.wordpress.rule=Host(`wordpress.paler.net`)", + "traefik.http.routers.wordpress.entryPoints=web4proxy", + "traefik.http.routers.wordpress.rule=Host(`wordpress.paler.net`) || Host(`ines.paler.net`) || Host(`coachingfor.me`) || Host(`coachingfor.work`) || Host(`petru.ines.paler.net`) || Host(`liam.paler.net`) || Host(`tomas.paler.net`) || Host(`musictogethersilvercoast.pt`)", ] } }