kris/homelab
kris/homelab
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Setup TLS for Traefik

Browse Source
This commit is contained in:
Kris Lamoureux 2020-07-17 00:41:21 -04:00
parent c32d1bd31c
commit 943a1324b9
Signed by: kris
GPG Key ID: 3EDA9C3441EDA925
5 changed files with 57 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
roles/traefik/defaults/main.yml
View File

@ -1,8 +1,7 @@
traefik_name: traefik traefik_name: traefik
traefik_version: latest traefik_version: latest
traefik_dashboard: false traefik_dashboard: false
traefik_options: traefik_root: "/opt/{{ traefik_name }}"
- "--entrypoints.web.address=:80"
- "--api.dashboard=true"
traefik_ports: traefik_ports:
- "80:80" - "80:80"
- "443:443"

10
roles/traefik/handlers/main.yml
View File

@ -1,5 +1,5 @@
- name: Restart Traefik container - name: Reload Traefik container
docker_container: file:
name: "{{ traefik_name }}" path: "{{ traefik_root }}/config/dynamic/tls.yml"
image: traefik:{{ traefik_version }} state: touch
restart: true listen: reload_traefik

25
roles/traefik/tasks/main.yml
View File

@ -1,8 +1,18 @@
- name: Set default Traefik options - name: Create Traefik configuration directories
set_fact: file:
traefik_defaults: path: "{{ traefik_root }}/config/dynamic"
- "--providers.docker" state: directory
- "--providers.docker.exposedbydefault=false"
- name: Install static Traefik configuration
template:
src: traefik.yml.j2
dest: "{{ traefik_root }}/config/traefik.yml"
- name: Install dynamic Traefik configuration
template:
src: tls.yml.j2
dest: "{{ traefik_root }}/config/dynamic/tls.yml"
notify: reload_traefik
- name: Create Traefik network - name: Create Traefik network
docker_network: docker_network:
@ -12,7 +22,6 @@
docker_container: docker_container:
name: "{{ traefik_name }}" name: "{{ traefik_name }}"
image: traefik:{{ traefik_version }} image: traefik:{{ traefik_version }}
command: "{{ traefik_defaults + traefik_options }}"
state: started state: started
restart_policy: always restart_policy: always
ports: "{{ traefik_ports }}" ports: "{{ traefik_ports }}"
@ -24,7 +33,11 @@
traefik.http.middlewares.auth.basicauth.users: "{{ traefik_auth }}" traefik.http.middlewares.auth.basicauth.users: "{{ traefik_auth }}"
traefik.http.routers.traefik.middlewares: "auth@docker" traefik.http.routers.traefik.middlewares: "auth@docker"
traefik.http.routers.traefik.service: "api@internal" traefik.http.routers.traefik.service: "api@internal"
traefik.http.routers.traefik.entrypoints: websecure
traefik.http.routers.traefik.tls: "true"
traefik.docker.network: traefik traefik.docker.network: traefik
traefik.enable: "{{ traefik_dashboard | string }}" traefik.enable: "{{ traefik_dashboard | string }}"
volumes: volumes:
- /var/run/docker.sock:/var/run/docker.sock - /var/run/docker.sock:/var/run/docker.sock
- "{{ traefik_root }}/config:/etc/traefik"
- "{{ traefik_root }}/letsencrypt:/etc/letsencrypt"

9
roles/traefik/templates/tls.yml.j2 Normal file
View File

@ -0,0 +1,9 @@
tls:
certificates:
- certFile: /etc/letsencrypt/fullchain.pem
keyFile: /etc/letsencrypt/privkey.pem
stores:
default:
defaultCertificate:
certFile: /etc/letsencrypt/fullchain.pem
keyFile: /etc/letsencrypt/privkey.pem

22
roles/traefik/templates/traefik.yml.j2 Normal file
View File

@ -0,0 +1,22 @@
api:
dashboard: true
providers:
docker:
exposedbydefault: false
file:
directory: /etc/traefik/dynamic
entrypoints:
web:
address: ':80'
http:
redirections:
entrypoint:
to: websecure
scheme: https
permanent: true
websecure:
address: ':443'
http:
tls: {}