diff --git a/handlers/main.yml b/handlers/main.yml new file mode 100644 index 0000000..5669743 --- /dev/null +++ b/handlers/main.yml @@ -0,0 +1,4 @@ +- name: restart traefik + systemd: + name: traefik + state: reloaded diff --git a/tasks/main.yml b/tasks/main.yml new file mode 100644 index 0000000..e29f029 --- /dev/null +++ b/tasks/main.yml @@ -0,0 +1,38 @@ +- name: install + package: + name: traefik + state: latest + +- name: fix owner of acme file + file: + path: "/etc/traefik/acme.json" + owner: traefik + mode: '0600' + +- name: configure + notify: restart traefik + template: + src: config.toml + dest: "/etc/traefik/traefik.toml" + owner: traefik + +- name: create config directory + file: + path: /etc/traefik/conf.d + state: directory + owner: traefik + +- name: template config files + template: + src: "{{ item }}" + dest: "/etc/traefik/conf.d/{{ item | basename }}" + owner: traefik + with_fileglob: + - ../templates/conf.d/* + +- name: service enabled and started + become: yes + systemd: + name: traefik + state: started + enabled: yes diff --git a/templates/conf.d/00-defaults.toml b/templates/conf.d/00-defaults.toml new file mode 100644 index 0000000..82c3039 --- /dev/null +++ b/templates/conf.d/00-defaults.toml @@ -0,0 +1,4 @@ +[http.middlewares.httpsRedirect.redirectScheme] + scheme = "https" + permanent = true + diff --git a/templates/conf.d/10-api.toml b/templates/conf.d/10-api.toml new file mode 100644 index 0000000..9249bec --- /dev/null +++ b/templates/conf.d/10-api.toml @@ -0,0 +1,19 @@ +[http.middlewares.apiAuth.basicAuth] + users = [ + "test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/", + ] + +[http.routers.my-api-redir] + rule = "Host(`{{ inventory_hostname }}`)" + entryPoints = ["web"] + middlewares = ["httpsRedirect"] + service = "api@internal" + +[http.routers.my-api] + rule = "Host(`{{ inventory_hostname }}`)" + entryPoints = ["websecure"] + middlewares = ["apiAuth"] + service = "api@internal" + + [http.routers.my-api.tls] + certResolver = "my-resolver" diff --git a/templates/conf.d/10-metric-prometheus.toml b/templates/conf.d/10-metric-prometheus.toml new file mode 100644 index 0000000..f179f62 --- /dev/null +++ b/templates/conf.d/10-metric-prometheus.toml @@ -0,0 +1,7 @@ +[http.routers.metric-prometheus] + rule = "Host(`{{ inventory_hostname }}`) && PathPrefix(`/metrics`)" + entryPoints = ["websecure"] + service = "prometheus@internal" + + [http.routers.metric-prometheus.tls] + certResolver = "my-resolver" diff --git a/templates/conf.d/50-tcp.toml b/templates/conf.d/50-tcp.toml new file mode 100644 index 0000000..60f3553 --- /dev/null +++ b/templates/conf.d/50-tcp.toml @@ -0,0 +1,17 @@ +{% for r in traefik_tcp_proxy %} + +#--------------------------------- +# {{ r.name }}: {{ r.rule }} +#--------------------------------- + +[tcp.routers.{{r.name}}] +entryPoints = {{r.entryPoints}} +rule = "{{r.rule }}" +service = "{{r.name}}" + +[tcp.services.{{r.name}}.loadBalancer] +{% for addr in r.addresses %} +[[tcp.services.{{r.name}}.loadBalancer.servers]] +address = "{{addr.to}}" +{% endfor %} +{% endfor %} diff --git a/templates/conf.d/70-proxy.toml b/templates/conf.d/70-proxy.toml new file mode 100644 index 0000000..13fe023 --- /dev/null +++ b/templates/conf.d/70-proxy.toml @@ -0,0 +1,48 @@ +{% for r in traefik_proxy %} + +#--------------------------------- +# {{ r.name }}: {{ r.rule }} +#--------------------------------- + +{% if r.path_strip is not undefined %} +[http.middlewares.{{r.name}}-stripprefix.stripPrefix] + prefixes = {{ r.path_strip }} +{% endif %} + +{% if r.tls %} +[http.routers.{{r.name}}-redir] + rule = "{{ r.rule }}" + entryPoints = ["web"] + middlewares = ["httpsRedirect"] + service = "{{r.name}}@file" + +[http.routers.{{r.name}}-acme] + rule = "({{ r.rule }}) && PathPrefix(`/.well-known/acme-challenge/`)" + entryPoints = ["web"] + service = "{{r.name}}@file" +{% endif %} + +[http.routers.{{r.name}}] + rule = "{{ r.rule }}" +{% if r.path_strip is not undefined %} + middlewares = ["{{r.name}}-stripprefix","httpsRedirect"] +{% else %} + middlewares = ["httpsRedirect"] +{% endif %} +{% if r.tls %} + entryPoints = ["websecure"] +{% else %} + entryPoints = ["web"] +{% endif %} + service = "{{r.name}}@file" +{% if r.tls %} + [http.routers.{{r.name}}.tls] + certResolver = "my-resolver" +{% endif %} + +[http.services.{{ r.name }}.loadBalancer] +{% for url in r.service_url %} + [[http.services.{{ r.name }}.loadBalancer.servers]] + url = "{{ url }}" +{% endfor %} +{% endfor %} diff --git a/templates/conf.d/80-onlyoffice.toml b/templates/conf.d/80-onlyoffice.toml new file mode 100644 index 0000000..742b15a --- /dev/null +++ b/templates/conf.d/80-onlyoffice.toml @@ -0,0 +1,51 @@ +[http.middlewares.onlyoffice-headers.headers.customRequestHeaders] + X-Forwarded-Proto = "https" + +[http.middlewares.onlyoffice-spellchecker-stripprefix.stripPrefix] + prefixes = ["/spellchecker"] + +{% for r in traefik_onlyoffice %} +#--------------------------------- +# onlyOffice: {{ r.name }}: {{ r.rule }} +#--------------------------------- + +[http.routers.{{ r.name }}-redir] + rule = "{{ r.rule }}" + entryPoints = ["web"] + middlewares = ["httpsRedirect"] + service = "{{ r.name }}@file" + +[http.routers.{{ r.name }}] + rule = "{{ r.rule }}" + middlewares = ["onlyoffice-headers","httpsRedirect"] + entryPoints = ["websecure"] + service = "{{ r.name }}@file" + [http.routers.{{ r.name }}.tls] + certResolver = "my-resolver" + +[http.services.{{ r.name }}.loadBalancer] + [http.services.{{ r.name }}.loadBalancer.healthCheck] + path = "/healthcheck" + interval = "10s" + timeout = "3s" +{% for url in r.service_url %} + [[http.services.{{ r.name }}.loadBalancer.servers]] + url = "{{ url }}:8000" +{% endfor %} + +# onlyOffice-Spellchecker + +[http.routers.{{ r.name }}-spell] + rule = "({{ r.rule }}) && PathPrefix(`/spellchecker`)" + middlewares = ["onlyoffice-spellchecker-stripprefix","onlyoffice-headers","httpsRedirect"] + entryPoints = ["websecure"] + service = "{{ r.name }}-spell@file" + [http.routers.{{ r.name }}-spell.tls] + certResolver = "my-resolver" + +[http.services.{{ r.name }}-spell.loadBalancer] +{% for url in r.service_url %} + [[http.services.{{ r.name }}-spell.loadBalancer.servers]] + url = "{{ url }}:8080" +{% endfor %} +{% endfor %} diff --git a/templates/config.toml b/templates/config.toml new file mode 100644 index 0000000..76bd40d --- /dev/null +++ b/templates/config.toml @@ -0,0 +1,32 @@ +[entryPoints] + [entryPoints.ssh] + address = ":22" + + [entryPoints.web] + address = ":80" + + [entryPoints.websecure] + address = ":443" + + [entryPoints.rtmp] + address = ":1935" + +[providers] + [providers.file] + directory = "/etc/traefik/conf.d/" + watch = true + +[serversTransport] + insecureSkipVerify = true + +[certificatesResolvers.my-resolver.acme] + storage = "/etc/traefik/acme.json" + [certificatesResolvers.my-resolver.acme.tlsChallenge] + # entryPoint = "web" + +[api] + dashboard = true +[metrics] + [metrics.prometheus] + addServicesLabels = true + manualRouting = true