--- - name: Create directories file: path: "{{ item }}" state: directory with_items: - "{{ data_folder }}/traefik" - "{{ data_folder }}/traefik/data" - name: Create a network docker_network: name: proxy register: network - name: Copy Traefik config template: src: templates/traefik.yml.j2 dest: "{{ data_folder }}/traefik/data/traefik.yml" mode: "0600" - name: Copy Traefik config template: src: templates/config.yml.j2 dest: "{{ data_folder }}/traefik/data/config.yml" mode: "0600" when: traefik_host == "traefik02.comprofix.xyz" - name: Check if {{ data_folder }}/traefik/data/acme.json exists ansible.builtin.stat: path: "{{ data_folder }}/traefik/data/acme.json" register: file_status - name: Creates {{ data_folder }}/traefik/data/acme.json if it doesn't exists ansible.builtin.file: path: "{{ data_folder }}/traefik/data/acme.json" state: touch owner: root group: root mode: "0600" when: not file_status.stat.exists - name: Check if {{ data_folder }}/traefik/data/traefik.json.log exists ansible.builtin.stat: path: "{{ data_folder }}/traefik/data/traefik.json.log" register: file_status - name: Creates {{ data_folder }}/traefik/data/traefik.json.log if it doesn't exists ansible.builtin.file: path: "{{ data_folder }}/traefik/data/traefik.json.log" state: touch owner: root group: root mode: "0600" when: not file_status.stat.exists - name: Create traefik Container docker_container: name: traefik image: traefik:v3.2 restart_policy: unless-stopped networks: - name: "proxy" ports: - 80:80 - 443:443 env: CF_API_EMAIL: "{{ CF_API_EMAIL }}" CF_DNS_API_TOKEN: "{{CF_DNS_API_TOKEN}}" volumes: - /etc/localtime:/etc/localtime:ro - /var/run/docker.sock:/var/run/docker.sock:ro - "{{ data_folder }}/traefik/data/traefik.yml:/traefik.yml:ro" - "{{ data_folder }}/traefik/data/acme.json:/acme.json" - "{{ data_folder }}/traefik/data/traefik.json.log:/traefik.json.log" - "{{ data_folder }}/traefik/data/config.yml:/config.yml:ro" labels: traefik.enable: "true" traefik.http.routers.traefik.entrypoints: "http" traefik.http.routers.traefik.rule: "Host(`{{traefik_host}}`)" traefik.http.middlewares.traefik-auth.basicauth.users: "{{ traefik_api_user }}:{{ traefik_api_password | password_hash('blowfish','1234567890123456789012') }}" traefik.http.middlewares.traefik-https-redirect.redirectscheme.scheme: "https" traefik.http.middlewares.sslheader.headers.customrequestheaders.X-Forwarded-Proto: "https" traefik.http.routers.traefik.middlewares: "traefik-https-redirect" traefik.http.routers.traefik-secure.entrypoints: "https" traefik.http.routers.traefik-secure.rule: "Host(`{{traefik_host}}`)" traefik.http.routers.traefik-secure.middlewares: "traefik-auth" traefik.http.routers.traefik-secure.tls: "true" traefik.http.routers.traefik-secure.tls.certresolver: "cloudflare" traefik.http.routers.traefik-secure.tls.domains[0].main: "comprofix.com" traefik.http.routers.traefik-secure.tls.domains[0].sans: "*.comprofix.com" traefik.http.routers.traefik-secure.tls.domains[1].main: "comprofix.xyz" traefik.http.routers.traefik-secure.tls.domains[1].sans: "*.comprofix.xyz" traefik.http.routers.traefik-secure.service: "api@internal"