diff --git a/Makefile b/Makefile index 2bfda54..62d3782 100644 --- a/Makefile +++ b/Makefile @@ -22,4 +22,7 @@ pizzeria: ssh: ansible-playbook playbooks/ssh.yml -i inventory/hosts.yml +traefik: + ansible-playbook playbooks/traefik.yml -i inventory/hosts.yml + .PHONY: run diff --git a/README.md b/README.md index 4bce3aa..0bad7f8 100644 --- a/README.md +++ b/README.md @@ -11,8 +11,8 @@ I could check whether the zone has changed or new keys were generated but that i ### Traefik -create network -make docker compose depend on traefik +- create network +- make docker compose depend on traefik ### Firewall diff --git a/playbooks/traefik.yml b/playbooks/traefik.yml new file mode 100644 index 0000000..93570ea --- /dev/null +++ b/playbooks/traefik.yml @@ -0,0 +1,4 @@ +- name: Install traefik + hosts: nucs + roles: + - traefik diff --git a/roles/traefik/files/docker-compose.yml b/roles/traefik/files/docker-compose.yml new file mode 100644 index 0000000..0c35aeb --- /dev/null +++ b/roles/traefik/files/docker-compose.yml @@ -0,0 +1,33 @@ +version: '3' + +networks: + traefik: + external: true + +services: + reverse-proxy: + restart: always + image: traefik:v2.9 + command: + - "--providers.docker" + - "--entrypoints.web.address=:80" + - "--entrypoints.web.http.redirections.entrypoint.to=websecure" + - "--entrypoints.web.http.redirections.entrypoint.scheme=https" + - "--entrypoints.websecure.address=:443" + ports: + - "443:443" + - "80:80" + volumes: + - /var/run/docker.sock:/var/run/docker.sock + - /apps/traefik/traefik.toml:/etc/traefik/traefik.toml + - /apps/traefik/services.toml:/etc/traefik/services.toml + - /apps/traefik/acme.json:/acme.json + networks: + - traefik + labels: + - traefik.enable=true + - traefik.http.routers.esrom.entrypoints=websecure + - traefik.http.routers.esrom.service=esrom@file + - traefik.http.routers.esrom.rule=Host(`geokunis2.nl`) + - traefik.http.routers.esrom.tls=true + - traefik.http.routers.esrom.tls.certresolver=geokunis diff --git a/roles/traefik/files/services.toml b/roles/traefik/files/services.toml new file mode 100644 index 0000000..ca5bb05 --- /dev/null +++ b/roles/traefik/files/services.toml @@ -0,0 +1,6 @@ +[http] + [http.services] + [http.services.esrom] + [http.services.esrom.loadBalancer] + [[http.services.esrom.loadBalancer.servers]] + url = "http://192.168.30.2:80/" diff --git a/roles/traefik/files/traefik.toml b/roles/traefik/files/traefik.toml new file mode 100644 index 0000000..c15a2be --- /dev/null +++ b/roles/traefik/files/traefik.toml @@ -0,0 +1,27 @@ +loglevel = "DEBUG" + +[entryPoints] + [entryPoints.web] + address = ":80" + [entryPoints.websecure] + address = ":443" + +[api] + +[providers.docker] + endpoint = "unix:///var/run/docker.sock" + +[providers.file] + filename = "/etc/traefik/services.toml" + +[certificatesResolvers.geokunis.acme] + email = "pim@kunis.nl" + storage = "acme.json" + [certificatesResolvers.geokunis.acme.httpChallenge] + entryPoint = "web" + +[certificatesResolvers.pizzapim.acme] + email = "pim@kunis.nl" + storage = "acme.json" + [certificatesResolvers.pizzapim.acme.httpChallenge] + entryPoint = "web" diff --git a/roles/traefik/meta/main.yml b/roles/traefik/meta/main.yml new file mode 100644 index 0000000..090690b --- /dev/null +++ b/roles/traefik/meta/main.yml @@ -0,0 +1,3 @@ +dependencies: + - role: common + - role: docker diff --git a/roles/traefik/tasks/main.yml b/roles/traefik/tasks/main.yml new file mode 100644 index 0000000..4479ee2 --- /dev/null +++ b/roles/traefik/tasks/main.yml @@ -0,0 +1,26 @@ +- name: Create traefik app directory + file: + path: /apps/traefik + state: directory +- name: Create acme file + copy: + content: "" + dest: /apps/traefik/acme.json + force: no +- name: Copy Docker Compose script + copy: + src: "{{ role_path }}/files/docker-compose.yml" + dest: /apps/traefik/docker-compose.yml +- name: Copy traefik.toml + copy: + src: "{{ role_path }}/files/traefik.toml" + dest: /apps/traefik/traefik.toml +- name: Copy services.toml + copy: + src: "{{ role_path }}/files/services.toml" + dest: /apps/traefik/services.toml +- name: Start Docker Compose + docker_compose: + project_src: /apps/traefik + pull: true + remove_orphans: true