home/max
Archived
2
1
Fork 0
Code Issues 9 Pull requests Projects Releases Packages Wiki Activity

expose traefik dashboard

Browse source
This commit is contained in:
Pim Kunis 2023-01-22 23:34:37 +01:00
parent 16910be91c
commit a944d8c2ff
6 changed files with 37 additions and 11 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
README.md
View file

@ -26,10 +26,12 @@ All services below are running under Docker, except NSD and Borg.
- matrix - matrix
- peertube? - peertube?
- Pixelfed? - Pixelfed?
- Prometheus
## TODO ## TODO
- Forward to https not working correctly yet. - Forward to https not working correctly yet. I think it works now? Should check it.
- Expose treafik dashboard only on local network
### NSD ### NSD

3
roles/nsd/files/zones/pizzapim.nl
View file

@ -1,7 +1,7 @@
$ORIGIN pizzapim.nl. $ORIGIN pizzapim.nl.
$TTL 60 $TTL 60
pizzapim.nl. IN SOA ns.pizzapim.nl. pim.kunis.nl. 2023011700 1800 3600 1209600 3600 pizzapim.nl. IN SOA ns.pizzapim.nl. pim.kunis.nl. 2023012200 1800 3600 1209600 3600
NS ns.pizzapim.nl. NS ns.pizzapim.nl.
NS ns0.transip.net. NS ns0.transip.net.
@ -24,3 +24,4 @@ dav IN CNAME www.pizzapim.nl.
git IN CNAME www.pizzapim.nl. git IN CNAME www.pizzapim.nl.
meet IN CNAME www.pizzapim.nl. meet IN CNAME www.pizzapim.nl.
rss IN CNAME www.pizzapim.nl. rss IN CNAME www.pizzapim.nl.
traefik IN CNAME www.pizzapim.nl.

9
roles/traefik/files/basic_auth_users Normal file
View file

@ -0,0 +1,9 @@
$ANSIBLE_VAULT;1.1;AES256
33333836626532396564616664353836636164386437323234333464336432663266663038313138
3563663134333236366433636134653965393932343362360a306236343538663836633761353262
65353961376230333530616465353735626232373132613635653162353634353865386638633365
3762636464663532360a633162646365653764666563383632393738343931656366343336653437
36656535346432313036323433396432303563663836303964643731326364306530636332346163
36353034366562386664376565316339616466323133303464326637366432623164666332313762
38663138613534363361376161376363666134336466303436643035356438303832333639373266
62313730633763633066

4
roles/traefik/tasks/main.yml
View file

@ -20,6 +20,10 @@
copy: copy:
src: "{{ role_path }}/files/services.toml" src: "{{ role_path }}/files/services.toml"
dest: "{{ service_dir }}/services.toml" dest: "{{ service_dir }}/services.toml"
- name: Copy basic_auth_users file
copy:
src: "{{ role_path }}/files/basic_auth_users"
dest: "{{ service_dir }}/basic_auth_users"
- name: Create traefik network - name: Create traefik network
docker_network: docker_network:
name: "traefik" name: "traefik"

16
roles/traefik/templates/docker-compose.yml.j2
View file

@ -9,12 +9,6 @@ services:
restart: always restart: always
image: traefik:v2.9 image: traefik:v2.9
container_name: traefik container_name: traefik
command:
- "--providers.docker"
- "--entrypoints.web.address=:80"
- "--entrypoints.web.http.redirections.entrypoint.to=websecure"
- "--entrypoints.web.http.redirections.entrypoint.scheme=https"
- "--entrypoints.websecure.address=:443"
ports: ports:
- "443:443" - "443:443"
- "80:80" - "80:80"
@ -24,12 +18,22 @@ services:
- {{ service_dir }}/traefik.toml:/etc/traefik/traefik.toml - {{ service_dir }}/traefik.toml:/etc/traefik/traefik.toml
- {{ service_dir }}/services.toml:/etc/traefik/services.toml - {{ service_dir }}/services.toml:/etc/traefik/services.toml
- {{ service_dir }}/acme.json:/acme.json - {{ service_dir }}/acme.json:/acme.json
- {{ service_dir }}/basic_auth_users:/basic_auth_users
networks: networks:
- traefik - traefik
labels: labels:
- traefik.enable=true - traefik.enable=true
- traefik.http.routers.esrom.entrypoints=websecure - traefik.http.routers.esrom.entrypoints=websecure
- traefik.http.routers.esrom.service=esrom@file - traefik.http.routers.esrom.service=esrom@file
- traefik.http.routers.esrom.rule=Host(`geokunis2.nl`) - traefik.http.routers.esrom.rule=Host(`geokunis2.nl`)
- traefik.http.routers.esrom.tls=true - traefik.http.routers.esrom.tls=true
- traefik.http.routers.esrom.tls.certresolver=geokunis - traefik.http.routers.esrom.tls.certresolver=geokunis
- traefik.http.routers.traefik.rule=Host(`traefik.pizzapim.nl`)
- traefik.http.routers.traefik.entrypoints=websecure
- traefik.http.routers.traefik.tls=true
- traefik.http.routers.traefik.tls.certresolver=pizzapim
- traefik.http.routers.traefik.service=api@internal
- traefik.http.routers.traefik.middlewares=basic-auth
- traefik.http.middlewares.basic-auth.basicauth.usersfile=/basic_auth_users

12
roles/traefik/templates/traefik.toml.j2
View file

@ -3,14 +3,20 @@ loglevel = "DEBUG"
[entryPoints] [entryPoints]
[entryPoints.web] [entryPoints.web]
address = ":80" address = ":80"
[entryPoints.web.http.redirections.entryPoint]
to = "websecure"
scheme = "https"
permanent = true
[entryPoints.websecure] [entryPoints.websecure]
address = ":443" address = ":443"
[entryPoints.ssh] [entryPoints.ssh]
address = ":{{ git_ssh_port }}" address = ":{{ git_ssh_port }}"
[entryPoints.video] [entryPoints.video]
address = ":{{ jitsi_videobridge_port }}/udp" address = ":{{ jitsi_videobridge_port }}/udp"
[api] [api]
insecure = false
dashboard = true
[providers.docker] [providers.docker]
endpoint = "unix:///var/run/docker.sock" endpoint = "unix:///var/run/docker.sock"