From 05fea8708b132de5cf81d62ac050043ddd6c90a0 Mon Sep 17 00:00:00 2001 From: Kris Lamoureux Date: Fri, 4 Sep 2020 02:14:12 -0400 Subject: [PATCH] Add sites to LE resolver & securehttps middleware --- roles/gitea/tasks/main.yml | 2 ++ roles/jenkins/tasks/main.yml | 2 ++ roles/nextcloud/tasks/main.yml | 2 +- roles/prometheus/tasks/main.yml | 2 ++ roles/traefik/tasks/main.yml | 3 ++- roles/traefik/templates/traefik.yml.j2 | 2 +- 6 files changed, 10 insertions(+), 3 deletions(-) diff --git a/roles/gitea/tasks/main.yml b/roles/gitea/tasks/main.yml index 0db09c7..eeb16ac 100644 --- a/roles/gitea/tasks/main.yml +++ b/roles/gitea/tasks/main.yml @@ -43,6 +43,8 @@ labels: traefik.http.routers.gitea.rule: "Host(`{{ gitea_domain }}`)" traefik.http.routers.gitea.entrypoints: websecure + traefik.http.routers.gitea.tls.certresolver: letsencrypt + traefik.http.routers.gitea.middlewares: "securehttps@file" traefik.http.services.gitea.loadbalancer.server.port: "3000" traefik.docker.network: traefik traefik.enable: "true" diff --git a/roles/jenkins/tasks/main.yml b/roles/jenkins/tasks/main.yml index bf81c1b..88c7109 100644 --- a/roles/jenkins/tasks/main.yml +++ b/roles/jenkins/tasks/main.yml @@ -40,5 +40,7 @@ labels: traefik.http.routers.jenkins.rule: "Host(`{{ jenkins_domain }}`)" traefik.http.routers.jenkins.entrypoints: websecure + traefik.http.routers.jenkins.tls.certresolver: letsencrypt + traefik.http.routers.jenkins.middlewares: "securehttps@file" traefik.docker.network: traefik traefik.enable: "true" diff --git a/roles/nextcloud/tasks/main.yml b/roles/nextcloud/tasks/main.yml index aea56c6..ea344e2 100644 --- a/roles/nextcloud/tasks/main.yml +++ b/roles/nextcloud/tasks/main.yml @@ -32,7 +32,7 @@ labels: traefik.http.routers.nextcloud.rule: "Host(`{{ nextcloud_domain }}`)" traefik.http.routers.nextcloud.entrypoints: websecure - traefik.http.routers.nextcloud.tls.certresolver: resolver + traefik.http.routers.nextcloud.tls.certresolver: letsencrypt traefik.http.routers.nextcloud.middlewares: "securehttps@file,nextcloud-webdav" traefik.http.middlewares.nextcloud-webdav.redirectregex.regex: "https://(.*)/.well-known/(card|cal)dav" traefik.http.middlewares.nextcloud-webdav.redirectregex.replacement: "https://${1}/remote.php/dav/" diff --git a/roles/prometheus/tasks/main.yml b/roles/prometheus/tasks/main.yml index 6270df0..de06ce4 100644 --- a/roles/prometheus/tasks/main.yml +++ b/roles/prometheus/tasks/main.yml @@ -62,5 +62,7 @@ labels: traefik.http.routers.grafana.rule: "Host(`{{ grafana_domain }}`)" traefik.http.routers.grafana.entrypoints: websecure + traefik.http.routers.grafana.tls.certresolver: letsencrypt + traefik.http.routers.grafana.middlewares: "securehttps@file" traefik.docker.network: traefik traefik.enable: "true" diff --git a/roles/traefik/tasks/main.yml b/roles/traefik/tasks/main.yml index add30d6..a71883e 100644 --- a/roles/traefik/tasks/main.yml +++ b/roles/traefik/tasks/main.yml @@ -35,7 +35,8 @@ labels: traefik.http.routers.traefik.rule: "Host(`{{ traefik_domain }}`)" traefik.http.middlewares.auth.basicauth.users: "{{ traefik_auth }}" - traefik.http.routers.traefik.middlewares: "auth@docker" + traefik.http.routers.traefik.tls.certresolver: letsencrypt + traefik.http.routers.traefik.middlewares: "securehttps@file,auth@docker" traefik.http.routers.traefik.service: "api@internal" traefik.http.routers.traefik.entrypoints: websecure traefik.http.routers.traefik.tls: "true" diff --git a/roles/traefik/templates/traefik.yml.j2 b/roles/traefik/templates/traefik.yml.j2 index 5f48830..4a34c0b 100644 --- a/roles/traefik/templates/traefik.yml.j2 +++ b/roles/traefik/templates/traefik.yml.j2 @@ -23,7 +23,7 @@ entrypoints: {% if traefik_acme_email is defined %} certificatesResolvers: - resolver: + letsencrypt: acme: email: {{ traefik_acme_email }} storage: /etc/traefik/acme.json