3 files changed, 196 insertions, 0 deletions
diff --git a/app/frontend/config/traefik.toml b/app/frontend/config/traefik.toml
new file mode 100644
index 0000000..e274be8
--- /dev/null
+++ b/app/frontend/config/traefik.toml
@@ -0,0 +1,59 @@
+InsecureSkipVerify = true
+defaultEntryPoints = ["http", "https"]
+
+[entryPoints]
+  [entryPoints.admin]
+    address = ":8082"
+
+  [entryPoints.http]
+  address = ":80"
+    [entryPoints.http.redirect]
+    entryPoint = "https"
+
+  [entryPoints.https]
+  address = ":443"
+  compress = true
+    [entryPoints.https.tls]
+    minVersion = "VersionTLS12"
+    cipherSuites = [
+      "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305",
+      "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305",
+      "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
+      "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
+      "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
+      "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"
+    ]
+
+[ping]
+entrypoint = "admin"
+
+[retry]
+
+[acme]
+  email = "quentin@dufour.io"
+  storage = "traefik/acme/account"
+  entryPoint = "https"
+  onHostRule = true
+
+  [acme.httpChallenge]
+    entryPoint = "http"
+
+[api]
+  entryPoint = "admin"
+  dashboard = true
+
+[consul]
+  endpoint = "172.17.0.1:8500"
+  watch = true
+  prefix = "traefik"
+
+[consulCatalog]
+  endpoint = "172.17.0.1:8500"
+  prefix = "traefik"
+  domain = "web.deuxfleurs.fr"
+  exposedByDefault = false
+
+[metrics]
+  [metrics.prometheus]
+    # -- below is for traefik 1.7 see https://doc.traefik.io/traefik/v1.7/configuration/metrics/
+    entryPoint = "admin" 
diff --git a/app/frontend/deploy/frontend-traefik.hcl b/app/frontend/deploy/frontend-traefik.hcl
new file mode 100644
index 0000000..be22df6
--- /dev/null
+++ b/app/frontend/deploy/frontend-traefik.hcl
@@ -0,0 +1,72 @@
+job "frontend" {
+  datacenters = ["dc1"]
+  type = "service"
+  priority = 80
+
+  group "traefik" {
+  
+    network {
+      port "http_port" { static = 80 }
+      port "https_port" { static = 443 }
+      port "admin_port" { static = 8082 }
+    }
+
+    task "server" {
+      driver = "docker"
+
+      config {
+        image = "amd64/traefik:1.7.28"
+        readonly_rootfs = true
+        network_mode = "host"
+        volumes = [
+          "secrets/traefik.toml:/etc/traefik/traefik.toml",
+        ]
+        ports = [ "http_port", "https_port", "admin_port" ]
+      }
+
+      resources {
+        memory = 265
+      }
+
+      template {
+        data = file("../config/traefik.toml")
+        destination = "secrets/traefik.toml"
+      }
+
+      service {
+        name = "traefik-http"
+        port = "http_port"
+        tags = [ "(diplonat (tcp_port 80))" ]
+        address_mode = "host"
+      }
+
+      service {
+        name = "traefik-https"
+        port = "https_port"
+        tags = [ "(diplonat (tcp_port 443))" ]
+        address_mode = "host"
+      }
+
+      service {
+        name = "traefik-admin"
+        port = "admin_port"
+        address_mode = "host"
+        check {
+          type = "http"
+          protocol = "http"
+          port = 8082
+          address_mode = "driver"
+          path = "/ping"
+          interval = "60s"
+          timeout = "5s"
+          check_restart {
+            limit = 3
+            grace = "90s"
+            ignore_warnings = false
+          }
+        }
+      }
+    }
+  }
+}
+
diff --git a/app/frontend/deploy/frontend-tricot.hcl b/app/frontend/deploy/frontend-tricot.hcl
new file mode 100644
index 0000000..01b7097
--- /dev/null
+++ b/app/frontend/deploy/frontend-tricot.hcl
@@ -0,0 +1,65 @@
+job "frontend" {
+  datacenters = ["dc1", "neptune"]
+  type = "system"
+  priority = 90
+
+  update {
+    max_parallel = 1
+    stagger = "1m"
+  }
+
+  group "tricot" {
+    network {
+      port "http_port" { static = 80 }
+      port "https_port" { static = 443 }
+      port "admin_port" { static = 8082 }
+    }
+
+    task "server" {
+      driver = "docker"
+
+      config {
+        image = "lxpz/amd64_tricot:4"
+        network_mode = "host"
+        readonly_rootfs = true
+        ports = [ "http_port", "https_port", "admin_port" ]
+      }
+
+      resources {
+        cpu = 1000
+        memory = 100
+      }
+
+      restart {
+        interval = "30m"
+        attempts = 2
+        delay    = "15s"
+        mode     = "delay"
+      }
+
+      template {
+        data = <<EOH
+TRICOT_NODE_NAME={{ env "attr.unique.hostname" }}
+TRICOT_LETSENCRYPT_EMAIL=alex@adnab.me
+RUST_LOG=tricot=debug
+EOH
+        destination = "secrets/env"
+        env = true
+      }
+
+      service {
+        name = "tricot-http"
+        port = "http_port"
+        tags = [ "(diplonat (tcp_port 80))" ]
+        address_mode = "host"
+      }
+
+      service {
+        name = "tricot-https"
+        port = "https_port"
+        tags = [ "(diplonat (tcp_port 443))" ]
+        address_mode = "host"
+      }
+    }
+  }
+}