--- profiles::packages::include: python3.12: {} python3.12-pip: {} hiera_include: - docker - profiles::nginx::simpleproxy # manage docker docker::version: latest docker::curl_ensure: false docker::root_dir: /data/docker # manage a simple nginx reverse proxy profiles::nginx::simpleproxy::nginx_vhost: 'jupyterhub.query.consul' profiles::nginx::simpleproxy::nginx_aliases: - jupyterhub.service.consul - jupyterhub.query.consul - "jupyterhub.service.%{facts.country}-%{facts.region}.consul" profiles::nginx::simpleproxy::proxy_host: 127.0.0.1 profiles::nginx::simpleproxy::proxy_port: 8000 profiles::nginx::simpleproxy::proxy_path: '/' profiles::nginx::simpleproxy::use_default_location: false nginx::client_max_body_size: 20M profiles::nginx::simpleproxy::locations: # authorised access from external default: ensure: 'present' server: "%{lookup('profiles::nginx::simpleproxy::nginx_vhost')}" ssl_only: true location: '/' proxy: "http://%{lookup('profiles::nginx::simpleproxy::proxy_host')}:%{lookup('profiles::nginx::simpleproxy::proxy_port')}" proxy_set_header: - 'Host $host' - 'X-Real-IP $remote_addr' - 'X-Forwarded-For $proxy_add_x_forwarded_for' - 'X-Forwarded-Host $host' - 'X-Forwarded-Proto $scheme' - 'Upgrade $http_upgrade' - 'Connection $http_connection' - 'X-Scheme $scheme' proxy_redirect: 'off' proxy_http_version: '1.1' proxy_buffering: 'off' # additional altnames profiles::pki::vault::alt_names: - jupyterhub.service.consul - jupyterhub.query.consul - "jupyterhub.service.%{facts.country}-%{facts.region}.consul" # configure consul service consul::services: jupyterhub: service_name: 'jupyterhub' tags: - 'jupyterhub' address: "%{facts.networking.ip}" port: 443 checks: - id: 'jupyterhub_http_check' name: 'jupyterhub HTTP Check' http: "https://%{facts.networking.fqdn}" method: 'GET' tls_skip_verify: true interval: '10s' timeout: '1s' profiles::consul::client::node_rules: - resource: service segment: jupyterhub disposition: write