current state

This commit is contained in:
Geno 2020-11-27 12:39:51 +01:00
parent 40c3a21b74
commit c66cb5ec2b
9 changed files with 220 additions and 0 deletions

4
handlers/main.yml Normal file
View File

@ -0,0 +1,4 @@
- name: restart traefik
systemd:
name: traefik
state: reloaded

38
tasks/main.yml Normal file
View File

@ -0,0 +1,38 @@
- name: install
package:
name: traefik
state: latest
- name: fix owner of acme file
file:
path: "/etc/traefik/acme.json"
owner: traefik
mode: '0600'
- name: configure
notify: restart traefik
template:
src: config.toml
dest: "/etc/traefik/traefik.toml"
owner: traefik
- name: create config directory
file:
path: /etc/traefik/conf.d
state: directory
owner: traefik
- name: template config files
template:
src: "{{ item }}"
dest: "/etc/traefik/conf.d/{{ item | basename }}"
owner: traefik
with_fileglob:
- ../templates/conf.d/*
- name: service enabled and started
become: yes
systemd:
name: traefik
state: started
enabled: yes

View File

@ -0,0 +1,4 @@
[http.middlewares.httpsRedirect.redirectScheme]
scheme = "https"
permanent = true

View File

@ -0,0 +1,19 @@
[http.middlewares.apiAuth.basicAuth]
users = [
"test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/",
]
[http.routers.my-api-redir]
rule = "Host(`{{ inventory_hostname }}`)"
entryPoints = ["web"]
middlewares = ["httpsRedirect"]
service = "api@internal"
[http.routers.my-api]
rule = "Host(`{{ inventory_hostname }}`)"
entryPoints = ["websecure"]
middlewares = ["apiAuth"]
service = "api@internal"
[http.routers.my-api.tls]
certResolver = "my-resolver"

View File

@ -0,0 +1,7 @@
[http.routers.metric-prometheus]
rule = "Host(`{{ inventory_hostname }}`) && PathPrefix(`/metrics`)"
entryPoints = ["websecure"]
service = "prometheus@internal"
[http.routers.metric-prometheus.tls]
certResolver = "my-resolver"

View File

@ -0,0 +1,17 @@
{% for r in traefik_tcp_proxy %}
#---------------------------------
# {{ r.name }}: {{ r.rule }}
#---------------------------------
[tcp.routers.{{r.name}}]
entryPoints = {{r.entryPoints}}
rule = "{{r.rule }}"
service = "{{r.name}}"
[tcp.services.{{r.name}}.loadBalancer]
{% for addr in r.addresses %}
[[tcp.services.{{r.name}}.loadBalancer.servers]]
address = "{{addr.to}}"
{% endfor %}
{% endfor %}

View File

@ -0,0 +1,48 @@
{% for r in traefik_proxy %}
#---------------------------------
# {{ r.name }}: {{ r.rule }}
#---------------------------------
{% if r.path_strip is not undefined %}
[http.middlewares.{{r.name}}-stripprefix.stripPrefix]
prefixes = {{ r.path_strip }}
{% endif %}
{% if r.tls %}
[http.routers.{{r.name}}-redir]
rule = "{{ r.rule }}"
entryPoints = ["web"]
middlewares = ["httpsRedirect"]
service = "{{r.name}}@file"
[http.routers.{{r.name}}-acme]
rule = "({{ r.rule }}) && PathPrefix(`/.well-known/acme-challenge/`)"
entryPoints = ["web"]
service = "{{r.name}}@file"
{% endif %}
[http.routers.{{r.name}}]
rule = "{{ r.rule }}"
{% if r.path_strip is not undefined %}
middlewares = ["{{r.name}}-stripprefix","httpsRedirect"]
{% else %}
middlewares = ["httpsRedirect"]
{% endif %}
{% if r.tls %}
entryPoints = ["websecure"]
{% else %}
entryPoints = ["web"]
{% endif %}
service = "{{r.name}}@file"
{% if r.tls %}
[http.routers.{{r.name}}.tls]
certResolver = "my-resolver"
{% endif %}
[http.services.{{ r.name }}.loadBalancer]
{% for url in r.service_url %}
[[http.services.{{ r.name }}.loadBalancer.servers]]
url = "{{ url }}"
{% endfor %}
{% endfor %}

View File

@ -0,0 +1,51 @@
[http.middlewares.onlyoffice-headers.headers.customRequestHeaders]
X-Forwarded-Proto = "https"
[http.middlewares.onlyoffice-spellchecker-stripprefix.stripPrefix]
prefixes = ["/spellchecker"]
{% for r in traefik_onlyoffice %}
#---------------------------------
# onlyOffice: {{ r.name }}: {{ r.rule }}
#---------------------------------
[http.routers.{{ r.name }}-redir]
rule = "{{ r.rule }}"
entryPoints = ["web"]
middlewares = ["httpsRedirect"]
service = "{{ r.name }}@file"
[http.routers.{{ r.name }}]
rule = "{{ r.rule }}"
middlewares = ["onlyoffice-headers","httpsRedirect"]
entryPoints = ["websecure"]
service = "{{ r.name }}@file"
[http.routers.{{ r.name }}.tls]
certResolver = "my-resolver"
[http.services.{{ r.name }}.loadBalancer]
[http.services.{{ r.name }}.loadBalancer.healthCheck]
path = "/healthcheck"
interval = "10s"
timeout = "3s"
{% for url in r.service_url %}
[[http.services.{{ r.name }}.loadBalancer.servers]]
url = "{{ url }}:8000"
{% endfor %}
# onlyOffice-Spellchecker
[http.routers.{{ r.name }}-spell]
rule = "({{ r.rule }}) && PathPrefix(`/spellchecker`)"
middlewares = ["onlyoffice-spellchecker-stripprefix","onlyoffice-headers","httpsRedirect"]
entryPoints = ["websecure"]
service = "{{ r.name }}-spell@file"
[http.routers.{{ r.name }}-spell.tls]
certResolver = "my-resolver"
[http.services.{{ r.name }}-spell.loadBalancer]
{% for url in r.service_url %}
[[http.services.{{ r.name }}-spell.loadBalancer.servers]]
url = "{{ url }}:8080"
{% endfor %}
{% endfor %}

32
templates/config.toml Normal file
View File

@ -0,0 +1,32 @@
[entryPoints]
[entryPoints.ssh]
address = ":22"
[entryPoints.web]
address = ":80"
[entryPoints.websecure]
address = ":443"
[entryPoints.rtmp]
address = ":1935"
[providers]
[providers.file]
directory = "/etc/traefik/conf.d/"
watch = true
[serversTransport]
insecureSkipVerify = true
[certificatesResolvers.my-resolver.acme]
storage = "/etc/traefik/acme.json"
[certificatesResolvers.my-resolver.acme.tlsChallenge]
# entryPoint = "web"
[api]
dashboard = true
[metrics]
[metrics.prometheus]
addServicesLabels = true
manualRouting = true