# https://github.com/hashicorp/nomad-pack-community-registry/tree/main/packs/nomad_ingress_nginx
job "nomad_ingress_nginx" {
type = "system"
region = "global"
datacenters = [
"dc1"
]
namespace = "default"
constraint {
attribute = "${attr.consul.version}"
operator = "is_set"
}
group "nginx" {
count = 1
network {
port "http" {
static = 80
}
}
service {
name = "nomad-ingress-nginx"
port = "http"
check {
type = "http"
port = "http"
path = "/health"
interval = "5s"
timeout = "2s"
}
}
task "nginx" {
driver = "docker"
config {
image = "nginx:1.21"
ports = [
"http",
]
volumes = [
"local:/etc/nginx/conf.d",
"nginx.conf:/etc/nginx/nginx.conf",
]
}
template {
data = <<EOF
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log notice;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
client_max_body_size 2048m; #设置文件上传限制
#gzip on;
include /etc/nginx/conf.d/*.conf;
}
EOF
destination = "nginx.conf"
change_mode = "signal"
change_signal = "SIGHUP"
}
template {
data = <<EOF
server {
listen 80 default_server;
server_name _;
access_log off;
location /health {
default_type text/plain;
return 200;
}
}
EOF
destination = "local/health.conf"
change_mode = "signal"
change_signal = "SIGHUP"
}
template {
data = <<EOF
{{- range services -}}
{{- with service .Name -}}
{{- with index . 0}}
{{- $enabled := false -}}
{{- $hostname := "" -}}
{{- $path := "/" -}}
{{- $port := 80 -}}
{{- $allow := "" -}}
{{- $deny := "" -}}
{{- if (index .ServiceMeta "nomad_ingress_enabled") -}}
{{$enabled = true}}
{{- if (index .ServiceMeta "nomad_ingress_hostname") -}}
{{- $hostname = (index .ServiceMeta "nomad_ingress_hostname") -}}
{{- end -}}
{{- if (index .ServiceMeta "nomad_ingress_path") -}}
{{- $path = (index .ServiceMeta "nomad_ingress_path") -}}
{{- end -}}
{{- if (index .ServiceMeta "nomad_ingress_port") -}}
{{- $port = (index .ServiceMeta "nomad_ingress_port") -}}
{{- end -}}
{{- if (index .ServiceMeta "nomad_ingress_allow") -}}
{{- $allow = (index .ServiceMeta "nomad_ingress_allow") -}}
{{- end -}}
{{- if (index .ServiceMeta "nomad_ingress_deny") -}}
{{- $deny = (index .ServiceMeta "nomad_ingress_deny") -}}
{{- end -}}
{{- else if .Tags | contains "nomad_ingress_enabled=true" -}}
{{$enabled = true}}
{{- range .Tags -}}
{{- $kv := (. | split "=") -}}
{{- if eq (index $kv 0) "nomad_ingress_hostname" -}}
{{- $hostname = (index $kv 1) -}}
{{- end -}}
{{- if eq (index $kv 0) "nomad_ingress_path" -}}
{{- $path = (index $kv 1) -}}
{{- end -}}
{{- if eq (index $kv 0) "nomad_ingress_port" -}}
{{- $port = (index $kv 1) -}}
{{- end -}}
{{- if eq (index $kv 0) "nomad_ingress_allow" -}}
{{- $allow = (index $kv 1) -}}
{{- end -}}
{{- if eq (index $kv 0) "nomad_ingress_deny" -}}
{{- $ = (index $kv 1) -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- if $enabled -}}
{{- $upstream := .Name | toLower -}}
# Configuration for service {{.Name}}.
upstream {{$upstream}} {
{{- range service .Name}}
server {{.Address}}:{{.Port}};
{{- end}}
}
server {
listen {{$port}};
{{- if $hostname}}
server_name {{$hostname}};
{{- end}}
{{- range ($allow | split ",")}}
allow {{.}};
{{- end}}
{{- if ne $allow ""}}
deny all;
{{- end}}
{{- range ($deny | split ",")}}
deny {{.}};
{{- end}}
{{- if ne $deny ""}}
allow all;
{{- end}}
proxy_set_header Upgrade $http_upgrade;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Port $server_port;
location {{$path}} {
proxy_pass http://{{$upstream}};
}
}
{{- else}}
# Service {{.Name}} not enabled for ingress.
{{end}}
{{end}}
{{- end -}}
{{end}}
EOF
destination = "local/ingress.conf"
change_mode = "signal"
change_signal = "SIGHUP"
}
resources {
cpu = 200
memory = 256
}
}
}
}
