From 2db2f5172f87407f3c1a725d35f08408bf6a0a5b Mon Sep 17 00:00:00 2001
From: Pim Kunis <pim@kunis.nl>
Date: Tue, 2 May 2023 14:41:14 +0200
Subject: [PATCH] enable https

---
 ansible/roles/traefik/docker-stack.yml.j2 | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/ansible/roles/traefik/docker-stack.yml.j2 b/ansible/roles/traefik/docker-stack.yml.j2
index 6bdc7cd..642a29b 100644
--- a/ansible/roles/traefik/docker-stack.yml.j2
+++ b/ansible/roles/traefik/docker-stack.yml.j2
@@ -11,6 +11,7 @@ services:
     networks:
       - traefik
     ports:
+      - 443:443
       - 80:80
       - 8080:8080
     deploy:
@@ -33,4 +34,13 @@ services:
       - --api.insecure=true
       - --api.dashboard=true
       - --entrypoints.web.address=:80
+      - --entrypoints.web.http.redirections.entrypoint=true
+      - --entrypoints.web.http.redirections.entrypoint.to=websecure
+      - --entrypoints.web.http.redirections.entrypoint.scheme=https
+      - --entrypoints.web.http.redirections.entrypoint.permanent=true
+      - --entrypoints.websecure.address=:443
       - --providers.docker.exposedbydefault=false
+      - --certificatesresolvers.letsencrypt.acme=true
+      - --certificatesresolvers.letsencrypt.acme.email=pim@kunis.nl
+      - --certificatesresolvers.letsencrypt.acme.httpchallenge=true
+      - --certificatesresolvers.letsencrypt.acme.httpchallenge.entrypoint=web