82 lines
2.7 KiB
YAML
82 lines
2.7 KiB
YAML
---
|
|
- name: Create directories
|
|
file:
|
|
path: "{{ item }}"
|
|
state: directory
|
|
with_items:
|
|
- "/data/traefik"
|
|
- "/data/traefik/config"
|
|
- "/data/traefik/log"
|
|
|
|
- name: Ensure 'proxy' network exists
|
|
docker_network:
|
|
name: proxy
|
|
|
|
- name: Copy Traefik main configuration
|
|
template:
|
|
src: ../templates/traefik.yml.j2
|
|
dest: "/data/traefik/config/traefik.yml"
|
|
mode: "0600"
|
|
|
|
- name: Copy Traefik extra config
|
|
template:
|
|
src: ../templates/config.yml.j2
|
|
dest: "/data/traefik/config/config.yml"
|
|
mode: "0600"
|
|
|
|
- name: Ensure acme.json exists
|
|
file:
|
|
path: "/data/traefik/config/acme.json"
|
|
state: touch
|
|
owner: root # UID Traefik runs as
|
|
group: root # GID Traefik runs as
|
|
mode: "0600"
|
|
|
|
- name: Pull docker image
|
|
community.docker.docker_image:
|
|
name: traefik
|
|
tag: v3.5
|
|
source: pull
|
|
register: docker_image
|
|
|
|
- name: Create traefik Container
|
|
docker_container:
|
|
name: traefik
|
|
image: "{{ docker_image.image.RepoTags[0] }}"
|
|
restart_policy: unless-stopped
|
|
networks:
|
|
- name: "proxy"
|
|
ports:
|
|
- 80:80
|
|
- 443:443
|
|
env:
|
|
CF_API_EMAIL: "{{ CF_API_EMAIL }}"
|
|
CF_DNS_API_TOKEN: "{{CF_DNS_API_TOKEN}}"
|
|
volumes:
|
|
- /etc/localtime:/etc/localtime:ro
|
|
- /var/run/docker.sock:/var/run/docker.sock:ro
|
|
- "/data/traefik/config/traefik.yml:/traefik.yml:ro"
|
|
- "/data/traefik/config/acme.json:/acme.json"
|
|
- "/data/traefik/log:/var/log/traefik"
|
|
- "/data/traefik/config/config.yml:/config.yml:ro"
|
|
labels:
|
|
traefik.enable: "true"
|
|
traefik.http.routers.traefik.entrypoints: "http"
|
|
traefik.http.routers.traefik.rule: "Host(`{{traefik_host}}`)"
|
|
traefik.http.middlewares.traefik-auth.basicauth.users: "{{ traefik_api_password }}"
|
|
traefik.http.middlewares.traefik-https-redirect.redirectscheme.scheme: "https"
|
|
traefik.http.middlewares.sslheader.headers.customrequestheaders.X-Forwarded-Proto: "https"
|
|
traefik.http.routers.traefik.middlewares: "traefik-https-redirect"
|
|
traefik.http.routers.traefik-secure.entrypoints: "https"
|
|
traefik.http.routers.traefik-secure.rule: "Host(`{{traefik_host}}`)"
|
|
traefik.http.routers.traefik-secure.middlewares: "traefik-auth"
|
|
traefik.http.routers.traefik-secure.tls: "true"
|
|
traefik.http.routers.traefik-secure.tls.certresolver: "cloudflare"
|
|
traefik.http.routers.traefik-secure.tls.domains[0].main: "comprofix.com"
|
|
traefik.http.routers.traefik-secure.tls.domains[0].sans: "*.comprofix.com"
|
|
traefik.http.routers.traefik-secure.tls.domains[1].main: "comprofix.xyz"
|
|
traefik.http.routers.traefik-secure.tls.domains[1].sans: "*.comprofix.xyz"
|
|
traefik.http.routers.traefik-secure.service: "api@internal"
|
|
when: docker_image.changed
|
|
register: container_traefik
|