dashboard / nomad / feat: add webssh #5 rss

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35

diff --git a/hcl/default/webssh/templates/nginx.conf.tmpl b/hcl/default/webssh/templates/nginx.conf.tmpl
new file mode 100644
index 0000000..4a9c434
--- /dev/null
+++ b/hcl/default/webssh/templates/nginx.conf.tmpl
@@ -0,0 +1,29 @@
+# https://github.com/huashengdun/webssh/blob/master/README.md#deployment
+server {
+    listen               {{ env "NOMAD_PORT_https" }} ssl;
+
+    ssl_certificate      /etc/letsencrypt/live/ssh.in0rdr.ch/fullchain.pem;
+    ssl_certificate_key  /etc/letsencrypt/live/ssh.in0rdr.ch/privkey.pem;
+
+    location / {
+        proxy_pass       http://{{ env "NOMAD_ADDR_http" }};
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+    }
+
+    location /ws {
+        proxy_pass       http://{{ env "NOMAD_ADDR_http" }};
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+
+        # WebSocket proxying
+        # https://nginx.org/en/docs/http/websocket.html
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "upgrade";
+    }
+}

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79

diff --git a/hcl/default/webssh/webssh.nomad b/hcl/default/webssh/webssh.nomad
new file mode 100644
index 0000000..6926c14
--- /dev/null
+++ b/hcl/default/webssh/webssh.nomad
@@ -0,0 +1,73 @@
+# https://github.com/huashengdun/webssh/blob/master/README.md#deployment
+
+job "webssh" {
+  datacenters = ["dc1"]
+
+  vault {}
+
+  group "server" {
+    count = 1
+
+    volume "tls" {
+      type = "csi"
+      source = "certbot"
+      access_mode = "multi-node-multi-writer"
+      attachment_mode = "file-system"
+    }
+
+    network {
+      port "http" {
+      }
+      port "https" {
+        static = 44414
+      }
+    }
+
+    task "nginx" {
+      driver = "podman"
+
+      config {
+        image = "docker.io/library/nginx:stable-alpine"
+        ports = ["https"]
+        volumes = [
+          # mount the templated config from the task directory to the container
+          "local/webssh.conf:/etc/nginx/conf.d/webssh.conf",
+        ]
+      }
+
+      volume_mount {
+        volume = "tls"
+        destination = "/etc/letsencrypt"
+      }
+
+      template {
+        destination = "${NOMAD_TASK_DIR}/webssh.conf"
+        data = file("./templates/nginx.conf.tmpl")
+      }
+
+      resources {
+        memory = 50
+        memory_max = 256
+        cpu    = 200
+      }
+    }
+
+    task "webssh" {
+      driver = "podman"
+
+      config {
+        image = "haproxy.lan:5000/webssh:latest"
+        command = "/usr/local/bin/python3"
+        args = ["run.py", "--address=0.0.0.0", "--port=${NOMAD_PORT_http}"]
+        force_pull = true
+        ports = ["http"]
+      }
+
+      resources {
+        memory = 512
+        memory_max = 1024
+        cpu    = 500
+      }
+    }
+  }
+}