~damien/infrastructure

061fa525bb7c81da6d4b079b4ffc4f9a77c274ce — Damien Radtke 9 months ago 4d5e432
More family photos work
3 files changed, 81 insertions(+), 1 deletions(-)

M jobs/fabio.nomad.erb
A jobs/family-photos.nomad.erb
M terraform/domains.tf
M jobs/fabio.nomad.erb => jobs/fabio.nomad.erb +13 -1
@@ 4,6 4,16 @@
  @fabio_checksum = "sha256:716aaa264e2ffb7a98a574220e0e20d7d40e2f1b2717584d6f260e01f89220fc"
%>

// TODO: The porter program shouldn't be necessary to have, and redirecting http://photos.radtke.family
// to an HTTPS address results in two "untrusted certificate" warnings (one for redirecting to HTTPS,
// the second for redirecting to the final destination). Unfortunately, Fabio doesn't seem to support
// redirecting HTTP to HTTPS natively. https://github.com/fabiolb/fabio/issues/87
//
// The best solution will probably be to have two Fabio instances running: one for HTTP requests,
// the other for HTTPS. damienradtke.com would forward HTTP requests to the HTTPS Fabio, which would
// terminate SSL and then serve the request. photos.radtke.family would forward HTTP requests directly
// to the final address.

job "fabio" {
	region = "global"
	datacenters = ["ca-central"]


@@ 68,7 78,9 @@ job "fabio" {
			driver = "raw_exec"
			config {
				command = "porter",
				args = ["-to", "localhost:${NOMAD_PORT_fabio_balancer}"]
				args = [
					"-to", "localhost:${NOMAD_PORT_fabio_balancer}",
				]
			}

			artifact {

A jobs/family-photos.nomad.erb => jobs/family-photos.nomad.erb +61 -0
@@ 0,0 1,61 @@
<%
		@url = "https://207.237.216.92:4430/photo/"
%>
job "family-photos" {
	region = "global"
	datacenters = ["ca-central"]
	type = "service"

	group "porters" {
		constraint {
			attribute = "${node.class}"
			operator  = "!="
			value     = "load-balancer"
		}

		task "porter" {
			driver = "raw_exec"
			config {
				command = "porter",
				args = [
					"-from", "${NOMAD_PORT_http}",
					"-to", "<%= @url %>",
					"-redirect",
				]
			}

			service {
				name = "${JOB}-${TASK}"
				port = "http"

				check {
				      type = "http"
				      protocol = "http"
				      port = "http"
				      interval = "10s"
				      timeout = "2s"
				      path = "/healthcheck"
				}

				tags = ["urlprefix-photos.radtke.family/"]
			}

			artifact {
				source = "s3::http://45.33.126.243:9000/artifacts/porter/porter"
				options {
					aws_access_key_id = "<%= secret('minio', 'access_key') %>"
					aws_access_key_secret = "<%= secret('minio', 'secret_key') %>"
				}
			}

			resources {
				memory = 50  # MB
				network {
					port "http" {}
				}
			}
		}
	}
}

// vim: set tabstop=4 shiftwidth=4:

M terraform/domains.tf => terraform/domains.tf +7 -0
@@ 11,6 11,13 @@ module "www-damienradtke-com" {
	instances = module.nomad-client-load-balancer.instances
}

module "photos-radtke-family" {
	source = "./domain-address"
	domain = "radtke.family"
	name = "photos"
	instances = module.nomad-client-load-balancer.instances
}

module "consul-damienradtke-com" {
	source = "./domain-address"
	domain = "damienradtke.com"