diff options
Diffstat (limited to 'playbooks/roles/traefik/templates/stacks')
| -rw-r--r-- | playbooks/roles/traefik/templates/stacks/docker-compose.yml | 39 | ||||
| -rw-r--r-- | playbooks/roles/traefik/templates/stacks/traefik.yml | 35 |
2 files changed, 74 insertions, 0 deletions
diff --git a/playbooks/roles/traefik/templates/stacks/docker-compose.yml b/playbooks/roles/traefik/templates/stacks/docker-compose.yml new file mode 100644 index 0000000..4504af9 --- /dev/null +++ b/playbooks/roles/traefik/templates/stacks/docker-compose.yml @@ -0,0 +1,39 @@ +version: '3.8' +services: + traefik: + image: traefik:v3 + ports: + - 80:80 + - 443:443 + environment: + - TZ={{ timezone }} + - CF_API_EMAIL={{ cloudflare_email }} + - CF_DNS_API_TOKEN={{ cloudflare_dns_api_token }} + volumes: + - /var/run/docker.sock:/var/run/docker.sock:ro + - {{ traefik_base }}/stacks/traefik.yml:/traefik.yml + - {{ traefik_base }}/volumes/certs:/certs + networks: + - proxy + deploy: + mode: global + placement: + constraints: [node.role == manager] + labels: + - traefik.enable=true + - traefik.http.routers.dashboard.rule=Host(`traefik.{{ traefik_domain }}`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard/`)) + - traefik.http.routers.dashboard.service=api@internal + - traefik.http.routers.dashboard.tls=true + - traefik.http.routers.dashboard.tls.certresolver=letsencrypt + - traefik.http.routers.ping.rule=Host(`traefik.{{ traefik_domain }}`) && PathPrefix(`/ping`) + - traefik.http.routers.ping.service=ping@internal + - traefik.http.routers.ping.tls=true + - traefik.http.routers.ping.tls.certresolver=letsencrypt + - traefik.http.services.dashboard.loadbalancer.server.port=8080 + - traefik.http.services.ping.loadbalancer.server.port=8080 + +networks: + proxy: + name: proxy + driver: overlay + attachable: true diff --git a/playbooks/roles/traefik/templates/stacks/traefik.yml b/playbooks/roles/traefik/templates/stacks/traefik.yml new file mode 100644 index 0000000..a80c261 --- /dev/null +++ b/playbooks/roles/traefik/templates/stacks/traefik.yml @@ -0,0 +1,35 @@ +ping: {} +accessLog: {} +log: + level: DEBUG +api: + dashboard: true + insecure: true + debug: false +entryPoints: + web: + address: ":80" + http: + redirections: + entryPoint: + to: websecure + scheme: https + websecure: + address: ":443" +serversTransport: + insecureSkipVerify: true +providers: + swarm: + endpoint: "unix:///var/run/docker.sock" + exposedByDefault: false + network: proxy +certificatesResolvers: + letsencrypt: + acme: + email: {{ certs_email }} + storage: /certs/acme.json + caServer: https://acme-v02.api.letsencrypt.org/directory + # caServer: https://acme-staging-v02.api.letsencrypt.org/directory # staging + dnsChallenge: + provider: cloudflare + delayBeforeCheck: 10 |