current state
This commit is contained in:
parent
40c3a21b74
commit
c66cb5ec2b
|
@ -0,0 +1,4 @@
|
|||
- name: restart traefik
|
||||
systemd:
|
||||
name: traefik
|
||||
state: reloaded
|
|
@ -0,0 +1,38 @@
|
|||
- name: install
|
||||
package:
|
||||
name: traefik
|
||||
state: latest
|
||||
|
||||
- name: fix owner of acme file
|
||||
file:
|
||||
path: "/etc/traefik/acme.json"
|
||||
owner: traefik
|
||||
mode: '0600'
|
||||
|
||||
- name: configure
|
||||
notify: restart traefik
|
||||
template:
|
||||
src: config.toml
|
||||
dest: "/etc/traefik/traefik.toml"
|
||||
owner: traefik
|
||||
|
||||
- name: create config directory
|
||||
file:
|
||||
path: /etc/traefik/conf.d
|
||||
state: directory
|
||||
owner: traefik
|
||||
|
||||
- name: template config files
|
||||
template:
|
||||
src: "{{ item }}"
|
||||
dest: "/etc/traefik/conf.d/{{ item | basename }}"
|
||||
owner: traefik
|
||||
with_fileglob:
|
||||
- ../templates/conf.d/*
|
||||
|
||||
- name: service enabled and started
|
||||
become: yes
|
||||
systemd:
|
||||
name: traefik
|
||||
state: started
|
||||
enabled: yes
|
|
@ -0,0 +1,4 @@
|
|||
[http.middlewares.httpsRedirect.redirectScheme]
|
||||
scheme = "https"
|
||||
permanent = true
|
||||
|
|
@ -0,0 +1,19 @@
|
|||
[http.middlewares.apiAuth.basicAuth]
|
||||
users = [
|
||||
"test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/",
|
||||
]
|
||||
|
||||
[http.routers.my-api-redir]
|
||||
rule = "Host(`{{ inventory_hostname }}`)"
|
||||
entryPoints = ["web"]
|
||||
middlewares = ["httpsRedirect"]
|
||||
service = "api@internal"
|
||||
|
||||
[http.routers.my-api]
|
||||
rule = "Host(`{{ inventory_hostname }}`)"
|
||||
entryPoints = ["websecure"]
|
||||
middlewares = ["apiAuth"]
|
||||
service = "api@internal"
|
||||
|
||||
[http.routers.my-api.tls]
|
||||
certResolver = "my-resolver"
|
|
@ -0,0 +1,7 @@
|
|||
[http.routers.metric-prometheus]
|
||||
rule = "Host(`{{ inventory_hostname }}`) && PathPrefix(`/metrics`)"
|
||||
entryPoints = ["websecure"]
|
||||
service = "prometheus@internal"
|
||||
|
||||
[http.routers.metric-prometheus.tls]
|
||||
certResolver = "my-resolver"
|
|
@ -0,0 +1,17 @@
|
|||
{% for r in traefik_tcp_proxy %}
|
||||
|
||||
#---------------------------------
|
||||
# {{ r.name }}: {{ r.rule }}
|
||||
#---------------------------------
|
||||
|
||||
[tcp.routers.{{r.name}}]
|
||||
entryPoints = {{r.entryPoints}}
|
||||
rule = "{{r.rule }}"
|
||||
service = "{{r.name}}"
|
||||
|
||||
[tcp.services.{{r.name}}.loadBalancer]
|
||||
{% for addr in r.addresses %}
|
||||
[[tcp.services.{{r.name}}.loadBalancer.servers]]
|
||||
address = "{{addr.to}}"
|
||||
{% endfor %}
|
||||
{% endfor %}
|
|
@ -0,0 +1,48 @@
|
|||
{% for r in traefik_proxy %}
|
||||
|
||||
#---------------------------------
|
||||
# {{ r.name }}: {{ r.rule }}
|
||||
#---------------------------------
|
||||
|
||||
{% if r.path_strip is not undefined %}
|
||||
[http.middlewares.{{r.name}}-stripprefix.stripPrefix]
|
||||
prefixes = {{ r.path_strip }}
|
||||
{% endif %}
|
||||
|
||||
{% if r.tls %}
|
||||
[http.routers.{{r.name}}-redir]
|
||||
rule = "{{ r.rule }}"
|
||||
entryPoints = ["web"]
|
||||
middlewares = ["httpsRedirect"]
|
||||
service = "{{r.name}}@file"
|
||||
|
||||
[http.routers.{{r.name}}-acme]
|
||||
rule = "({{ r.rule }}) && PathPrefix(`/.well-known/acme-challenge/`)"
|
||||
entryPoints = ["web"]
|
||||
service = "{{r.name}}@file"
|
||||
{% endif %}
|
||||
|
||||
[http.routers.{{r.name}}]
|
||||
rule = "{{ r.rule }}"
|
||||
{% if r.path_strip is not undefined %}
|
||||
middlewares = ["{{r.name}}-stripprefix","httpsRedirect"]
|
||||
{% else %}
|
||||
middlewares = ["httpsRedirect"]
|
||||
{% endif %}
|
||||
{% if r.tls %}
|
||||
entryPoints = ["websecure"]
|
||||
{% else %}
|
||||
entryPoints = ["web"]
|
||||
{% endif %}
|
||||
service = "{{r.name}}@file"
|
||||
{% if r.tls %}
|
||||
[http.routers.{{r.name}}.tls]
|
||||
certResolver = "my-resolver"
|
||||
{% endif %}
|
||||
|
||||
[http.services.{{ r.name }}.loadBalancer]
|
||||
{% for url in r.service_url %}
|
||||
[[http.services.{{ r.name }}.loadBalancer.servers]]
|
||||
url = "{{ url }}"
|
||||
{% endfor %}
|
||||
{% endfor %}
|
|
@ -0,0 +1,51 @@
|
|||
[http.middlewares.onlyoffice-headers.headers.customRequestHeaders]
|
||||
X-Forwarded-Proto = "https"
|
||||
|
||||
[http.middlewares.onlyoffice-spellchecker-stripprefix.stripPrefix]
|
||||
prefixes = ["/spellchecker"]
|
||||
|
||||
{% for r in traefik_onlyoffice %}
|
||||
#---------------------------------
|
||||
# onlyOffice: {{ r.name }}: {{ r.rule }}
|
||||
#---------------------------------
|
||||
|
||||
[http.routers.{{ r.name }}-redir]
|
||||
rule = "{{ r.rule }}"
|
||||
entryPoints = ["web"]
|
||||
middlewares = ["httpsRedirect"]
|
||||
service = "{{ r.name }}@file"
|
||||
|
||||
[http.routers.{{ r.name }}]
|
||||
rule = "{{ r.rule }}"
|
||||
middlewares = ["onlyoffice-headers","httpsRedirect"]
|
||||
entryPoints = ["websecure"]
|
||||
service = "{{ r.name }}@file"
|
||||
[http.routers.{{ r.name }}.tls]
|
||||
certResolver = "my-resolver"
|
||||
|
||||
[http.services.{{ r.name }}.loadBalancer]
|
||||
[http.services.{{ r.name }}.loadBalancer.healthCheck]
|
||||
path = "/healthcheck"
|
||||
interval = "10s"
|
||||
timeout = "3s"
|
||||
{% for url in r.service_url %}
|
||||
[[http.services.{{ r.name }}.loadBalancer.servers]]
|
||||
url = "{{ url }}:8000"
|
||||
{% endfor %}
|
||||
|
||||
# onlyOffice-Spellchecker
|
||||
|
||||
[http.routers.{{ r.name }}-spell]
|
||||
rule = "({{ r.rule }}) && PathPrefix(`/spellchecker`)"
|
||||
middlewares = ["onlyoffice-spellchecker-stripprefix","onlyoffice-headers","httpsRedirect"]
|
||||
entryPoints = ["websecure"]
|
||||
service = "{{ r.name }}-spell@file"
|
||||
[http.routers.{{ r.name }}-spell.tls]
|
||||
certResolver = "my-resolver"
|
||||
|
||||
[http.services.{{ r.name }}-spell.loadBalancer]
|
||||
{% for url in r.service_url %}
|
||||
[[http.services.{{ r.name }}-spell.loadBalancer.servers]]
|
||||
url = "{{ url }}:8080"
|
||||
{% endfor %}
|
||||
{% endfor %}
|
|
@ -0,0 +1,32 @@
|
|||
[entryPoints]
|
||||
[entryPoints.ssh]
|
||||
address = ":22"
|
||||
|
||||
[entryPoints.web]
|
||||
address = ":80"
|
||||
|
||||
[entryPoints.websecure]
|
||||
address = ":443"
|
||||
|
||||
[entryPoints.rtmp]
|
||||
address = ":1935"
|
||||
|
||||
[providers]
|
||||
[providers.file]
|
||||
directory = "/etc/traefik/conf.d/"
|
||||
watch = true
|
||||
|
||||
[serversTransport]
|
||||
insecureSkipVerify = true
|
||||
|
||||
[certificatesResolvers.my-resolver.acme]
|
||||
storage = "/etc/traefik/acme.json"
|
||||
[certificatesResolvers.my-resolver.acme.tlsChallenge]
|
||||
# entryPoint = "web"
|
||||
|
||||
[api]
|
||||
dashboard = true
|
||||
[metrics]
|
||||
[metrics.prometheus]
|
||||
addServicesLabels = true
|
||||
manualRouting = true
|
Loading…
Reference in New Issue