kris/homelab
kris/homelab
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Define a certificates resolver

Browse Source
This commit is contained in:
Kris Lamoureux 2020-09-03 19:00:27 -04:00
parent d87d5ff525
commit 668414e641
Signed by: kris
GPG Key ID: 3EDA9C3441EDA925
7 changed files with 26 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
dev/host_vars/dockerbox.yml
View File

@ -10,6 +10,8 @@ traefik_version: latest
traefik_dashboard: true traefik_dashboard: true
traefik_domain: traefik.vm.krislamo.org traefik_domain: traefik.vm.krislamo.org
traefik_auth: admin:$apr1$T1l.BCFz$Jyg8msXYEAUi3LLH39I9d1 # admin:admin traefik_auth: admin:$apr1$T1l.BCFz$Jyg8msXYEAUi3LLH39I9d1 # admin:admin
#traefik_acme_email: realemail@example.com # Let's Encrypt settings
#traefik_production: true
# nextcloud # nextcloud
nextcloud_version: stable nextcloud_version: stable

1
roles/nextcloud/tasks/main.yml
View File

@ -32,6 +32,7 @@
labels: labels:
traefik.http.routers.nextcloud.rule: "Host(`{{ nextcloud_domain }}`)" traefik.http.routers.nextcloud.rule: "Host(`{{ nextcloud_domain }}`)"
traefik.http.routers.nextcloud.entrypoints: websecure traefik.http.routers.nextcloud.entrypoints: websecure
traefik.http.routers.nextcloud.tls.certresolver: resolver
traefik.http.middlewares.nextcloud-webdav.redirectregex.regex: "https://(.*)/.well-known/(card|cal)dav" traefik.http.middlewares.nextcloud-webdav.redirectregex.regex: "https://(.*)/.well-known/(card|cal)dav"
traefik.http.middlewares.nextcloud-webdav.redirectregex.replacement: "https://${1}/remote.php/dav/" traefik.http.middlewares.nextcloud-webdav.redirectregex.replacement: "https://${1}/remote.php/dav/"
traefik.http.middlewares.nextcloud-webdav.redirectregex.permanent: "true" traefik.http.middlewares.nextcloud-webdav.redirectregex.permanent: "true"

1
roles/traefik/defaults/main.yml
View File

@ -1,6 +1,7 @@
traefik_name: traefik traefik_name: traefik
traefik_dashboard: false traefik_dashboard: false
traefik_root: "/opt/{{ traefik_name }}" traefik_root: "/opt/{{ traefik_name }}"
traefik_production: false
traefik_ports: traefik_ports:
- "80:80" - "80:80"
- "443:443" - "443:443"

8
roles/traefik/handlers/main.yml
View File

@ -3,3 +3,11 @@
path: "{{ traefik_root }}/config/dynamic" path: "{{ traefik_root }}/config/dynamic"
state: touch state: touch
listen: reload_traefik listen: reload_traefik
- name: Restart Traefik container
docker_container:
name: "{{ traefik_name }}"
image: traefik:{{ traefik_version }}
state: started
restart: yes
listen: restart_traefik

8
roles/traefik/tasks/main.yml
View File

@ -7,12 +7,7 @@
template: template:
src: traefik.yml.j2 src: traefik.yml.j2
dest: "{{ traefik_root }}/config/traefik.yml" dest: "{{ traefik_root }}/config/traefik.yml"
notify: restart_traefik
- name: Install dynamic Traefik configuration
template:
src: tls.yml.j2
dest: "{{ traefik_root }}/config/dynamic/tls.yml"
notify: reload_traefik
- name: Create Traefik network - name: Create Traefik network
docker_network: docker_network:
@ -40,4 +35,3 @@
volumes: volumes:
- /var/run/docker.sock:/var/run/docker.sock - /var/run/docker.sock:/var/run/docker.sock
- "{{ traefik_root }}/config:/etc/traefik" - "{{ traefik_root }}/config:/etc/traefik"
- "{{ traefik_root }}/letsencrypt:/etc/letsencrypt"

9
roles/traefik/templates/tls.yml.j2
View File

@ -1,9 +0,0 @@
tls:
certificates:
- certFile: /etc/letsencrypt/fullchain.pem
keyFile: /etc/letsencrypt/privkey.pem
stores:
default:
defaultCertificate:
certFile: /etc/letsencrypt/fullchain.pem
keyFile: /etc/letsencrypt/privkey.pem

13
roles/traefik/templates/traefik.yml.j2
View File

@ -20,3 +20,16 @@ entrypoints:
address: ':443' address: ':443'
http: http:
tls: {} tls: {}
{% if traefik_acme_email is defined %}
certificatesResolvers:
resolver:
acme:
email: {{ traefik_acme_email }}
storage: /etc/traefik/acme.json
{% if not traefik_production -%}
caServer: https://acme-staging-v02.api.letsencrypt.org/directory
{% endif -%}
httpChallenge:
entryPoint: web
{% endif %}