48 lines
1.6 KiB
HCL
48 lines
1.6 KiB
HCL
locals {
|
|
default_labels = {
|
|
"managed.by" = "nebula"
|
|
}
|
|
|
|
web = {
|
|
"traefik.port" = var.web.port != null ? var.web.port : 80
|
|
"traefik.frontend.rule" = var.web.host != null ? "Host:${var.web.host}" : "Host:example.invalid"
|
|
"traefik.protocol" = var.web.protocol != null ? var.web.protocol : "http"
|
|
}
|
|
|
|
traefik_common_labels = {
|
|
"traefik.enable" = "true"
|
|
// HSTS
|
|
"traefik.frontend.headers.SSLTemporaryRedirect" = "true"
|
|
"traefik.frontend.headers.STSSeconds" = "2592000"
|
|
"traefik.frontend.headers.STSIncludeSubdomains" = "false"
|
|
// X-Powered-By, Server headers
|
|
"traefik.frontend.headers.customResponseHeaders" = var.xpoweredby
|
|
"traefik.frontend.headers.contentTypeNosniff" = "true"
|
|
"traefik.frontend.headers.browserXSSFilter" = "true"
|
|
"traefik.docker.network" = "traefik"
|
|
}
|
|
|
|
# if var.web.auth == true
|
|
traefik_auth_labels = {
|
|
"traefik.frontend.auth.basic" = var.auth_header
|
|
}
|
|
|
|
resource = {
|
|
memory = lookup(var.resource, "memory", 64)
|
|
memory_swap = lookup(var.resource, "memory_swap", 128)
|
|
}
|
|
|
|
labels = merge(
|
|
# Default labels are applied to every container
|
|
local.default_labels,
|
|
# Add the common traefik labels
|
|
var.web.expose ? local.traefik_common_labels : null,
|
|
# Apply the overwritten web labels only if the container is exposed
|
|
var.web.expose ? local.web : null,
|
|
# And finally a label for Basic Authentication if the service wants it
|
|
var.web.auth != null ? (var.web.auth ? local.traefik_auth_labels : null) : null,
|
|
)
|
|
|
|
networks = concat(var.networks, var.web.expose ? ["traefik"] : [])
|
|
}
|