Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

traefik: user customization #4

Closed
wants to merge 1 commit into from
Closed

traefik: user customization #4

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
20 changes: 19 additions & 1 deletion roles/traefik/defaults/main.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,18 +9,36 @@ traefik_enabled: false
# directories
traefik_data_directory: "{{ docker_home }}/traefik"

# files
traefik_template_files:
- src: traefik.toml.j2
dest: "{{ traefik_data_directory }}/traefik.toml"
force: "Yes"
traefik_template_files_custom: []

# network
traefik_port_http: "80"
traefik_port_https: "443"
traefik_port_ui: "8083"
traefik_trusted_ips: []

traefik_docker_image: traefik:latest
traefik_image: traefik:v2.5
traefik_volumes:
- "{{ traefik_data_directory }}/letsencrypt:/letsencrypt:rw"
- "{{ traefik_data_directory }}/traefik.toml:/etc/traefik/traefik.toml:ro"
- "/var/run/docker.sock:/var/run/docker.sock:ro"
traefik_volumes_custom: []
traefik_log_level: "INFO"

# find the relevant name and environment variables for your DNS provider at https://go-acme.github.io/lego/dns/
traefik_dns_provider: cloudflare
traefik_environment_variables:
CF_DNS_API_TOKEN: "abcdabcd123412341234"
traefik_letsencrypt_tls: no

traefik_domain_san:
- "*.{{ ansible_nas_domain_root }}"
traefik_domain_san_custom: []

# Ansible-NAS requests a wildcard certificate for your domain, so there should be no reason to have to use the staging
# letsencrypt acme server. If you do want to flip between staging/production, you might need to stop Traefik and clear
Expand Down
46 changes: 29 additions & 17 deletions roles/traefik/tasks/main.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,29 +1,41 @@
---
- name: Create Traefik Directories
file:
path: "{{ item }}"
state: directory
mode: "{{ item.mode | default('0750') }}"
path: "{{ item.path }}"
state: "directory"
tags:
- traefik
- traefik:dir
with_items:
- "{{ traefik_data_directory }}"
- "{{ traefik_data_directory }}/letsencrypt"
- path: "{{ traefik_data_directory }}"
mode: "0755"
- path: "{{ traefik_data_directory }}/letsencrypt"
mode: "0700"

- name: Template Traefik config.toml
template:
src: traefik.toml
dest: "{{ traefik_data_directory }}/traefik.toml"
- name: Template Traefik Files
register: template_config
tags:
- traefik
- traefik:template
template:
dest: "{{ item.dest }}"
force: "{{ item.force | default('No') }}"
mode: "{{ item.mode | default('0600') }}"
src: "{{ item.src }}"
with_items: "{{ traefik_template_files + traefik_template_files_custom | sort }}"

- name: Traefik Docker Container
docker_container:
name: traefik
image: "{{ traefik_docker_image }}"
pull: true
network_mode: host
volumes:
- "{{ traefik_data_directory }}/traefik.toml:/etc/traefik/traefik.toml:ro"
- "{{ traefik_data_directory }}/letsencrypt:/letsencrypt:rw"
- "/var/run/docker.sock:/var/run/docker.sock:ro"
env: "{{ traefik_environment_variables }}"
restart_policy: unless-stopped
image: "{{ traefik_image }}"
memory: "{{ traefik_memory }}"
name: traefik
network_mode: host
pull: true
recreate: "{{ template_config is changed }}"
restart_policy: unless-stopped
volumes: "{{ traefik_volumes + traefik_volumes_custom | sort }}"
tags:
- traefik
- traefik:docker
46 changes: 0 additions & 46 deletions roles/traefik/templates/traefik.toml
View file
Open in desktop

This file was deleted.

62 changes: 62 additions & 0 deletions roles/traefik/templates/traefik.toml.j2
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,62 @@
[entryPoints]
[entryPoints.web]
address = ":{{ traefik_port_http }}"

{% if traefik_trusted_ips %}
[entryPoints.web.forwardedHeaders]
trustedIPs = {{ traefik_trusted_ips | to_nice_json(indent=2) | trim | indent(6) }}
{% endif %}
[entryPoints.web.http.redirections.entryPoint]
to = "websecure"

[entryPoints.websecure]
address = ":{{ traefik_port_https }}"

{% if traefik_trusted_ips %}
[entryPoints.websecure.forwardedHeaders]
trustedIPs = {{ traefik_trusted_ips | to_nice_json(indent=2) | trim | indent(6) }}
{% endif %}
[entryPoints.websecure.http.tls]
certResolver = "letsencrypt"

[entryPoints.websecure.http.tls.domains]
main = "{{ ansible_nas_domain_root }}"
sans = {{ (traefik_domain_san + traefik_domain_san_custom ) | to_nice_json(indent=2) | trim | indent(10) }}

[entryPoints.traefik]
address = ":{{ traefik_port_ui }}"

[providers]
providersThrottleDuration = "2s"
[providers.docker]
exposedbydefault = false

[api]
insecure = true
dashboard = true

[log]
level = "{{ traefik_log_level | upper }}"

[ping]
terminatingStatusCode = 0

[certificatesResolvers]
[certificatesResolvers.letsencrypt]
[certificatesResolvers.letsencrypt.acme]
email = "{{ ansible_nas_email }}"
storage = "/letsencrypt/acme.json"
caserver = "{{ traefik_acme_server }}"

[certificatesResolvers.letsencrypt.acme.dnsChallenge]
provider = "{{ traefik_dns_provider }}"

{% if traefik_letsencrypt_tls %}
[certificatesResolvers.letsencryptTls]
[certificatesResolvers.letsencryptTls.acme]
email = "{{ ansible_nas_email }}"
storage = "/letsencrypt/acme.json"
caserver = "https://acme-v02.api.letsencrypt.org/directory"

[certificatesResolvers.letsencryptTls.acme.tlsChallenge]
{% endif %}