--- - name: Create directories file: path: "{{ item }}" state: directory with_items: - "/data/traefik" - "/data/traefik/config" - "/data/traefik/log" - name: Ensure 'proxy' network exists docker_network: name: proxy - name: Copy Traefik main configuration template: src: ../templates/traefik.yml.j2 dest: "/data/traefik/config/traefik.yml" mode: "0600" - name: Copy Traefik extra config template: src: ../templates/config.yml.j2 dest: "/data/traefik/config/config.yml" mode: "0600" - name: Ensure acme.json exists file: path: "/data/traefik/config/acme.json" state: touch owner: root # UID Traefik runs as group: root # GID Traefik runs as mode: "0600" - name: Create traefik Container docker_container: name: traefik image: traefik:v3.5 restart_policy: unless-stopped networks: - name: "proxy" ports: - 80:80 - 443:443 env: CF_API_EMAIL: "{{ CF_API_EMAIL }}" CF_DNS_API_TOKEN: "{{CF_DNS_API_TOKEN}}" volumes: - /etc/localtime:/etc/localtime:ro - /var/run/docker.sock:/var/run/docker.sock:ro - "/data/traefik/config/traefik.yml:/traefik.yml:ro" - "/data/traefik/config/acme.json:/acme.json" - "/data/traefik/log:/var/log/traefik" - "/data/traefik/config/config.yml:/config.yml:ro" labels: traefik.enable: "true" traefik.http.routers.traefik.entrypoints: "http" traefik.http.routers.traefik.rule: "Host(`{{traefik_host}}`)" traefik.http.middlewares.traefik-auth.basicauth.users: "{{ traefik_api_password }}" traefik.http.middlewares.traefik-https-redirect.redirectscheme.scheme: "https" traefik.http.middlewares.sslheader.headers.customrequestheaders.X-Forwarded-Proto: "https" traefik.http.routers.traefik.middlewares: "traefik-https-redirect" traefik.http.routers.traefik-secure.entrypoints: "https" traefik.http.routers.traefik-secure.rule: "Host(`{{traefik_host}}`)" traefik.http.routers.traefik-secure.middlewares: "traefik-auth" traefik.http.routers.traefik-secure.tls: "true" traefik.http.routers.traefik-secure.tls.certresolver: "cloudflare" traefik.http.routers.traefik-secure.tls.domains[0].main: "comprofix.com" traefik.http.routers.traefik-secure.tls.domains[0].sans: "*.comprofix.com" traefik.http.routers.traefik-secure.tls.domains[1].main: "comprofix.xyz" traefik.http.routers.traefik-secure.tls.domains[1].sans: "*.comprofix.xyz" traefik.http.routers.traefik-secure.service: "api@internal"