github.com/hernad/nomad@v1.6.112/e2e/ui/input/proxy.nomad (about) 1 # Copyright (c) HashiCorp, Inc. 2 # SPDX-License-Identifier: MPL-2.0 3 4 job "nomad-proxy" { 5 datacenters = ["dc1", "dc2"] 6 namespace = "proxy" 7 8 constraint { 9 attribute = "${attr.kernel.name}" 10 value = "linux" 11 } 12 13 group "proxy" { 14 15 network { 16 port "www" { 17 static = 6464 18 to = 443 19 } 20 } 21 22 task "nginx" { 23 24 driver = "docker" 25 26 config { 27 image = "nginx:latest" 28 ports = ["www"] 29 30 mount { 31 type = "bind" 32 source = "local/nginx.conf" 33 target = "/etc/nginx/nginx.conf" 34 } 35 36 mount { 37 type = "bind" 38 source = "/etc/nomad.d/tls/tls_proxy.key" 39 target = "/etc/ssl/tls_proxy.key" 40 } 41 42 mount { 43 type = "bind" 44 source = "/etc/nomad.d/tls/tls_proxy.crt" 45 target = "/etc/ssl/tls_proxy.crt" 46 } 47 48 mount { 49 type = "bind" 50 source = "/etc/nomad.d/tls/self_signed.key" 51 target = "/etc/ssl/self_signed.key" 52 } 53 54 mount { 55 type = "bind" 56 source = "/etc/nomad.d/tls/self_signed.crt" 57 target = "/etc/ssl/self_signed.crt" 58 } 59 } 60 61 resources { 62 cpu = 256 63 memory = 128 64 } 65 66 # this template is mostly lifted from the Learn Guide: 67 # https://learn.hashicorp.com/tutorials/nomad/reverse-proxy-ui 68 template { 69 destination = "local/nginx.conf" 70 data = <<EOT 71 72 events {} 73 74 http { 75 server { 76 77 listen 443 ssl; 78 server_name _; 79 ssl_certificate /etc/ssl/self_signed.crt; 80 ssl_certificate_key /etc/ssl/self_signed.key; 81 82 location / { 83 proxy_pass https://nomad-ws; 84 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 85 proxy_ssl_certificate /etc/ssl/tls_proxy.crt; 86 proxy_ssl_certificate_key /etc/ssl/tls_proxy.key; 87 88 # Nomad blocking queries will remain open for a default of 5 minutes. 89 # Increase the proxy timeout to accommodate this timeout with an 90 # additional grace period. 91 proxy_read_timeout 310s; 92 93 # Nomad log streaming uses streaming HTTP requests. In order to 94 # synchronously stream logs from Nomad to NGINX to the browser 95 # proxy buffering needs to be turned off. 96 proxy_buffering off; 97 98 # The Upgrade and Connection headers are used to establish 99 # a WebSockets connection. 100 proxy_set_header Upgrade $http_upgrade; 101 proxy_set_header Connection "upgrade"; 102 103 # The default Origin header will be the proxy address, which 104 # will be rejected by Nomad. It must be rewritten to be the 105 # host address instead. 106 proxy_set_header Origin "${scheme}://${proxy_host}"; 107 } 108 } 109 110 # WebSockets are stateful connections but we're deploying only one proxy 111 # and proxying to the local Nomad client. That client will stream RPCs 112 # from the server. But we've left ip_hash here in case someone comes 113 # along and copy-and-pastes this configuration elsewhere without reading 114 # the Learn Guide. 115 upstream nomad-ws { 116 ip_hash; 117 server {{ env "attr.unique.network.ip-address" }}:4646; 118 } 119 } 120 121 EOT 122 } 123 124 125 } 126 } 127 }