nomad

HCL and Docker files for Nomad deployments
git clone https://git.in0rdr.ch/nomad.git
Log | Files | Refs | Pull requests |Archive
commit a1ce091713bc7bfb0f804f930621d65f9b45286d
parent 06db61bccf5e5b9688f8814b68e0ce002427462e
Author: Andreas Gruhler <agruhl@gmx.ch>
Date:   Sat, 14 Jun 2025 11:51:15 +0200

feat(xmpp-webb): add xmpp-webb with Prosody upstream

Diffstat:

Ahcl/default/xmpp-web/templates/nginx.conf.tmpl | 32++++++++++++++++++++++++++++++++


Ahcl/default/xmpp-web/xmpp-web.nomad | 81+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


2 files changed, 113 insertions(+), 0 deletions(-)

diff --git a/hcl/default/xmpp-web/templates/nginx.conf.tmpl b/hcl/default/xmpp-web/templates/nginx.conf.tmpl
@@ -0,0 +1,32 @@
+# https://github.com/nioc/xmpp-web/blob/master/docs/docker/default.conf.template
+
+server {
+    listen               {{ env "NOMAD_PORT_https" }} ssl;
+
+    ssl_certificate      /etc/letsencrypt/live/chat.in0rdr.ch-0003/fullchain.pem;
+    ssl_certificate_key  /etc/letsencrypt/live/chat.in0rdr.ch-0003/privkey.pem;
+
+    # serve xmpp-web app
+    location / {
+        proxy_pass       http://{{ env "NOMAD_ADDR_server" }};
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+    }
+
+    # proxy XMPP websocket directly to Prosody upstream
+    location /xmpp-websocket {
+        proxy_pass       https://in0rdr.ch:5281/xmpp-websocket;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+
+        # WebSocket proxying
+        # https://nginx.org/en/docs/http/websocket.html
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "upgrade";
+    }
+}
diff --git a/hcl/default/xmpp-web/xmpp-web.nomad b/hcl/default/xmpp-web/xmpp-web.nomad
@@ -0,0 +1,81 @@
+job "xmpp-web" {
+  datacenters = ["dc1"]
+
+  group "server" {
+    count = 1
+
+    volume "tls" {
+      type = "csi"
+      source = "certbot"
+      access_mode = "multi-node-multi-writer"
+      attachment_mode = "file-system"
+    }
+    network {
+      port "server" {
+        to = 80
+      }
+      port "https" {
+        static = 44410
+      }
+    }
+
+    task "nginx" {
+      driver = "podman"
+
+      config {
+        image = "docker.io/library/nginx:stable-alpine"
+        ports = ["https"]
+        volumes = [
+          # mount the templated config from the task directory to the container
+          "local/xmpp-web.conf:/etc/nginx/conf.d/xmpp-web.conf",
+        ]
+      }
+
+      volume_mount {
+        volume = "tls"
+        destination = "/etc/letsencrypt"
+      }
+
+      template {
+        destination = "${NOMAD_TASK_DIR}/xmpp-web.conf"
+        data = file("./templates/nginx.conf.tmpl")
+      }
+
+      resources {
+        memory = 50
+        memory_max = 128
+        cpu    = 100
+      }
+    }
+
+    task "server" {
+      driver = "podman"
+
+      env {
+        APP_DEFAULT_DOMAIN = "in0rdr.ch"
+
+        # The server container passes to upstream XMPP_WS
+        # https://github.com/nioc/xmpp-web/blob/master/docs/docker/default.conf.template
+        # https://github.com/nioc/xmpp-web/blob/master/docs/docker/Dockerfile
+        XMPP_WS = "https://in0rdr.ch:5281/xmpp-websocket"
+
+        # APP_WS is the websocket used locally in the web app (local.js).
+        # We route the websocket request directly to the upstream server.
+        # https://github.com/nioc/xmpp-web/blob/master/public/local.js
+        APP_WS = "wss://chat.in0rdr.ch/xmpp-websocket"
+      }
+
+      config {
+        image = "docker.io/nioc/xmpp-web:latest"
+        force_pull = true
+        ports = ["server"]
+      }
+
+      resources {
+        memory = 150
+        memory_max = 300
+        cpu    = 300
+      }
+    }
+  }
+}