job "auth" { datacenters = ["dc1"] type = "service" constraint { attribute = "${attr.kernel.name}" value = "linux" } constraint { attribute = "${attr.unique.hostname}" operator = "regexp" value = "odroid.*" } group "auth" { count = 1 task "fwdauth" { driver = "docker" config { // image = "npawelek/traefik-forward-auth" image = "thomseddon/traefik-forward-auth:2-arm" port_map { auth = 4181 } volumes = [ "/etc/localtime:/etc/localtime:ro", ] } env { PROVIDERS_GOOGLE_CLIENT_ID = "807888907647-uog95jmiolsuh6ql1t8jm53l1jvuajck.apps.googleusercontent.com" PROVIDERS_GOOGLE_CLIENT_SECRET = "B8bDri5mFvGv-Ghzbt8fLj4W" SECRET = "ladskfdjmqwermnnbasfnmldas" CONFIG = "/local/config.ini" LIFETIME = "31536000" WHITELIST = "stuart.stent@gmail.com,stephen.bunt@gmail.com" // AUTH_HOST = "fwdauth.fbleagh.duckdns.org" COOKIE_DOMAIN = "fbleagh.duckdns.org" } template { data = "{{ key \"Dex\" }}" destination = "local/config.ini" change_mode = "restart" } resources { cpu = 100 # 100 MHz memory = 64 # 128 MB network { port "auth" { static = 4181 } } } service { name = "dex" tags = [ "fwdauth", "web", "traefik.http.routers.dex.rule=Host(`fwdauth.fbleagh.duckdns.org`,`fwdauth.fbleagh.dedyn.io`)", "traefik.http.routers.dex.entrypoints=websecure", "traefik.http.routers.dex.tls=true", // "traefik.http.routers.dex.tls.certresolver=myresolver", "traefik.http.middlewares.dex.forwardauth.address=http://dex.service.dc1.consul:4181", "traefik.http.middlewares.dex.forwardauth.trustForwardHeader=true", "traefik.http.middlewares.dex.forwardauth.authResponseHeaders=X-Forwarded-User", "traefik.http.routers.auth.middlewares=dex", "traefik.http.routers.traefik-forward-auth.middlewares=dex", ] port = "auth" check { type = "tcp" interval = "10s" timeout = "2s" } } } #end Dex } }