-job "prod-nginx" {
+job "${job_name}" {
# The "region" parameter specifies the region in which to execute the job.
# If omitted, this inherits the default region name of "global".
# region = "global"
#
# The "datacenters" parameter specifies the list of datacenters which should
# be considered when placing this task. This must be provided.
- datacenters = [ "yul1" ]
+ datacenters = "${datacenters}"
# The "type" parameter controls the type of job, which impacts the scheduler's
# decision on placement. This configuration is optional and defaults to
unlimited = true
}
-
# The "group" stanza defines a series of tasks that should be co-located on
# the same Nomad client. Any task within a group will be placed on the same
# client.
mode = "fail"
}
- # All groups in this job should be scheduled on different hosts.
- constraint {
- operator = "distinct_hosts"
- value = "false"
- }
-
- # Prioritize one node.
- affinity {
- attribute = "${attr.unique.hostname}"
- value = "s46-nomad"
- weight = 100
- }
-
- # The volume stanza allows the group to specify that it requires a given
- # volume from the cluster.
- #
- # For more information and examples on the "volume" stanza, please see
- # the online documentation at:
- #
- # https://www.nomadproject.io/docs/job-specification/volume
- volume "prod-volume1-storage" {
- type = "host"
- read_only = false
- source = "prod-volume-data1-1"
- }
-
# The "task" stanza creates an individual unit of work, such as a Docker
# container, web application, or batch processing.
#
# run the task.
driver = "docker"
- volume_mount {
- volume = "prod-volume1-storage"
- destination = "/data/"
- read_only = true
- }
-
# The "config" stanza specifies the driver configuration, which is passed
# directly to the driver to start the task. The details of configurations
# are specific to each driver, so please see specific driver
# documentation for more information.
config {
image = "nginx:stable"
- dns_servers = [ "${attr.unique.network.ip-address}" ]
+ dns_servers = [ "$${attr.unique.network.ip-address}" ]
port_map {
https = 443
}
volumes = [
"/etc/consul.d/ssl/consul.pem:/etc/ssl/certs/nginx-cert.pem",
"/etc/consul.d/ssl/consul-key.pem:/etc/ssl/private/nginx-key.pem",
+ "custom/upstream.conf:/etc/nginx/conf.d/upstream.conf",
"custom/logs.conf:/etc/nginx/conf.d/logs.conf",
"custom/docs.conf:/etc/nginx/conf.d/docs.conf"
]
#
# https://www.nomadproject.io/docs/job-specification/template.html
#
+ template {
+ data = <<EOH
+ upstream storage {
+ server storage0.storage.service.consul:9000;
+ server storage1.storage.service.consul:9000;
+ server storage2.storage.service.consul:9000;
+ server storage3.storage.service.consul:9000;
+ }
+ EOH
+ destination = "custom/upstream.conf"
+ }
template {
data = <<EOH
server {
ssl_certificate /etc/ssl/certs/nginx-cert.pem;
ssl_certificate_key /etc/ssl/private/nginx-key.pem;
location / {
- root /data/logs.fd.io;
- index _;
- autoindex on;
- autoindex_exact_size on;
- autoindex_format html;
- autoindex_localtime off;
+ chunked_transfer_encoding off;
+ proxy_connect_timeout 300;
+ proxy_http_version 1.1;
+ proxy_set_header Host $host:$server_port;
+ proxy_set_header Connection "";
+ proxy_pass http://storage/logs.fd.io/;
+ server_name_in_redirect off;
}
- location ~ \.(html.gz)$ {
- root /data/logs.fd.io;
+ location ~ (.*html.gz)$ {
add_header Content-Encoding gzip;
add_header Content-Type text/html;
+ chunked_transfer_encoding off;
+ proxy_connect_timeout 300;
+ proxy_http_version 1.1;
+ proxy_set_header Host $host:$server_port;
+ proxy_set_header Connection "";
+ proxy_pass http://storage/logs.fd.io/$1;
+ server_name_in_redirect off;
}
- location ~ \.(txt.gz|log.gz)$ {
- root /data/logs.fd.io;
+ location ~ (.*txt.gz|.*log.gz)$ {
add_header Content-Encoding gzip;
add_header Content-Type text/plain;
+ chunked_transfer_encoding off;
+ proxy_connect_timeout 300;
+ proxy_http_version 1.1;
+ proxy_set_header Host $host:$server_port;
+ proxy_set_header Connection "";
+ proxy_pass http://storage/logs.fd.io/$1;
+ server_name_in_redirect off;
}
- location ~ \.(xml.gz)$ {
- root /data/logs.fd.io;
+ location ~ (.*xml.gz)$ {
add_header Content-Encoding gzip;
add_header Content-Type application/xml;
+ chunked_transfer_encoding off;
+ proxy_connect_timeout 300;
+ proxy_http_version 1.1;
+ proxy_set_header Host $host:$server_port;
+ proxy_set_header Connection "";
+ proxy_pass http://storage/logs.fd.io/$1;
+ server_name_in_redirect off;
}
- }
+ }
EOH
destination = "custom/logs.conf"
}
server {
listen 443 ssl;
server_name docs.nginx.service.consul;
- keepalive_timeout 70;
- ssl_session_cache shared:SSL:10m;
- ssl_session_timeout 10m;
- ssl_protocols TLSv1.2;
- ssl_prefer_server_ciphers on;
- ssl_ciphers "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384";
+ keepalive_timeout 70;
+ ssl_session_cache shared:SSL:10m;
+ ssl_session_timeout 10m;
+ ssl_protocols TLSv1.2;
+ ssl_prefer_server_ciphers on;
+ ssl_ciphers "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384";
ssl_certificate /etc/ssl/certs/nginx-cert.pem;
ssl_certificate_key /etc/ssl/private/nginx-key.pem;
location / {
- root /data/docs.fd.io;
- index index.html index.htm;
+ chunked_transfer_encoding off;
+ proxy_connect_timeout 300;
+ proxy_http_version 1.1;
+ proxy_set_header Host $host:$server_port;
+ proxy_set_header Connection "";
+ proxy_pass http://storage/docs.fd.io/;
+ server_name_in_redirect off;
}
}
EOH
Code Review / csit.git / blobdiff