{"id":16930900,"url":"https://github.com/schmichael/nomad-nginx-ui","last_synced_at":"2025-08-18T12:11:04.696Z","repository":{"id":136249376,"uuid":"602281780","full_name":"schmichael/nomad-nginx-ui","owner":"schmichael","description":"Experiment running Nginx UI proxy on Nomad 1.5+","archived":false,"fork":false,"pushed_at":"2023-02-15T22:09:02.000Z","size":3,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-06-21T05:06:33.472Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"HCL","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"unlicense","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/schmichael.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2023-02-15T21:58:21.000Z","updated_at":"2023-02-15T22:09:05.000Z","dependencies_parsed_at":"2023-03-13T11:04:16.578Z","dependency_job_id":null,"html_url":"https://github.com/schmichael/nomad-nginx-ui","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/schmichael/nomad-nginx-ui","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/schmichael%2Fnomad-nginx-ui","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/schmichael%2Fnomad-nginx-ui/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/schmichael%2Fnomad-nginx-ui/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/schmichael%2Fnomad-nginx-ui/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/schmichael","download_url":"https://codeload.github.com/schmichael/nomad-nginx-ui/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/schmichael%2Fnomad-nginx-ui/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":266324447,"owners_count":23911226,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-07-21T11:47:31.412Z","response_time":64,"last_error":null,"robots_txt_status":null,"robots_txt_updated_at":null,"robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-10-13T20:42:46.731Z","updated_at":"2025-07-21T15:05:09.003Z","avatar_url":"https://github.com/schmichael.png","language":"HCL","funding_links":[],"categories":[],"sub_categories":[],"readme":"# nomad-nginx-ui\n\nnomad-nginx-ui contains a [Nomad](https://nomadproject.io)\n[jobspec](https://developer.hashicorp.com/nomad/docs/job-specification) for\naccessing [Nomad's\nUI](https://developer.hashicorp.com/nomad/tutorials/web-ui/web-ui-access) when\nNomad has [ACLs](https://developer.hashicorp.com/nomad/docs/configuration/acl)\nand [mTLS](https://developer.hashicorp.com/nomad/docs/configuration/tls)\nenabled.\n\nThe goal of this effort is to use all of the [fancy new features in Nomad\n1.5+](https://www.hashicorp.com/blog/nomad-1-5-adds-single-sign-on-and-dynamic-node-metadata)\nto evolve the [pre-1.5 tutortial on accessing Nomad's UI when ACLs and mTLS\nare\nenabled](https://developer.hashicorp.com/nomad/tutorials/manage-clusters/reverse-proxy-ui).\n\nThe complication in this approach vs pre-1.5 is that the [Task\nAPI](https://developer.hashicorp.com/nomad/api-docs/task-api) always requires\nauthentication. The UI relies on the Agent API's unauthenticated behavior to\nenable access to the UI and sign in form.\n\nThis experiment does 2 things to workaround these limitations:\n\n1. Use the nginx proxy's workload identity to authenticate requests to /ui/ so\n\t the UI's assets may be served prior to user authnetication.\n2. Redirect / to /ui/settings/tokens to skip an error message and ease the\n\t user sign in flow.\n\n## Implementation\n\nThe goal of Nomad UI proxies is to use browser-friendly DNS and TLS for\naccessing the Nomad UI.\n\nThis experiment provides browser-friendliness by...\n\n1. ...using [mkcert](https://github.com/FiloSottile/mkcert) to generate\n\t certificates and store the CA where browsers will find them.\n2. ...leaving DNS up to you. The easiest is to add an `/etc/hosts` entry for\n\t `example.test` and the IP the alloc is scheduled on.\n\nGenerating certs with Vault and using something like Consul or CoreDNS for DNS\nare more realistic.\n\n## Using\n\n1. Install [mkcert](https://mkcert.dev/)\n2. Run `make` to generate and install certificates.\n3. Add `example.test` to `/etc/hosts` for the IP Nomad exposes nginx on.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fschmichael%2Fnomad-nginx-ui","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fschmichael%2Fnomad-nginx-ui","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fschmichael%2Fnomad-nginx-ui/lists"}