This commit is contained in:
parent
fec3bcd01c
commit
07d6786167
@ -4,10 +4,7 @@
|
|||||||
- name: Ping hosts
|
- name: Ping hosts
|
||||||
ansible.builtin.ping:
|
ansible.builtin.ping:
|
||||||
|
|
||||||
- hosts: all
|
|
||||||
roles:
|
|
||||||
- testrole
|
|
||||||
- hosts: docker2.t-juice.club
|
- hosts: docker2.t-juice.club
|
||||||
roles:
|
roles:
|
||||||
- vault
|
- vault
|
||||||
|
- traefik
|
||||||
9
project/roles/traefik/handlers/main.yml
Normal file
9
project/roles/traefik/handlers/main.yml
Normal file
@ -0,0 +1,9 @@
|
|||||||
|
---
|
||||||
|
- name: reload systemd
|
||||||
|
ansible.builtin.systemd:
|
||||||
|
daemon_reload: yes
|
||||||
|
|
||||||
|
- name: restart traefik
|
||||||
|
ansible.builtin.systemd:
|
||||||
|
name: vault
|
||||||
|
state: restarted
|
||||||
20
project/roles/traefik/tasks/main.yml
Normal file
20
project/roles/traefik/tasks/main.yml
Normal file
@ -0,0 +1,20 @@
|
|||||||
|
---
|
||||||
|
- name: Create traefik.service
|
||||||
|
ansible.builtin.template:
|
||||||
|
src: traefik.service.j2
|
||||||
|
dest: /etc/systemd/system/traefik.service
|
||||||
|
notify:
|
||||||
|
- reload systemd
|
||||||
|
- restart traefik
|
||||||
|
|
||||||
|
- meta: flush_handlers
|
||||||
|
|
||||||
|
- name: Ensure service is started
|
||||||
|
ansible.builtin.systemd:
|
||||||
|
state: started
|
||||||
|
name: traefik
|
||||||
|
|
||||||
|
- name: Ensure service is enabled
|
||||||
|
ansible.builtin.systemd:
|
||||||
|
enabled: yes
|
||||||
|
name: traefik
|
||||||
38
project/roles/traefik/templates/traefik.service.j2
Normal file
38
project/roles/traefik/templates/traefik.service.j2
Normal file
@ -0,0 +1,38 @@
|
|||||||
|
[Unit]
|
||||||
|
Description=Traefik Container
|
||||||
|
After=docker.service
|
||||||
|
Requires=docker.service
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
TimeoutStartSec=0
|
||||||
|
Restart=always
|
||||||
|
ExecStartPre=-/usr/bin/docker stop traefik
|
||||||
|
ExecStartPre=-/usr/bin/docker rm traefik
|
||||||
|
ExecStartPre=-/usr/bin/docker pull traefik:latest
|
||||||
|
ExecStart=/usr/bin/docker run \
|
||||||
|
-e TRAEFIK_LOG_LEVEL=INFO \
|
||||||
|
-e TRAEFIK_ENTRYPOINTS_INSECURE_ADDRESS=:80 \
|
||||||
|
-e TRAEFIK_ENTRYPOINTS_SECURE_ADDRESS=:443 \
|
||||||
|
-e TRAEFIK_ENTRYPOINTS_SECURE_HTTP_TLS=true \
|
||||||
|
-e TRAEFIK_ENTRYPOINTS_SECURE_HTTP_TLS_CERTRESOLVER=LE \
|
||||||
|
-e TRAEFIK_CERTIFICATESRESOLVERS_LE=true \
|
||||||
|
-e TRAEFIK_CERTIFICATESRESOLVERS_LE_ACME_EMAIL=torjuspuz@gmail.com \
|
||||||
|
-e TRAEFIK_CERTIFICATESRESOLVERS_LE_ACME_HTTPCHALLENGE_ENTRYPOINT=insecure \
|
||||||
|
-e TRAEFIK_CERTIFICATESRESOLVERS_LE_ACME_KEYTYPE=EC256 \
|
||||||
|
-e TRAEFIK_CERTIFICATESRESOLVERS_LE_ACME_STORAGE=/acme.json \
|
||||||
|
-e TRAEFIK_PROVIDERS_DOCKER=true \
|
||||||
|
-e TRAEFIK_PROVIDERS_DOCKER_EXPOSEDBYDEFAULT=false \
|
||||||
|
-l "traefik.http.routers.http_catchall.rule=HostRegexp(`{any:.+}`)" \
|
||||||
|
-l "traefik.http.routers.http_catchall.entrypoints=insecure" \
|
||||||
|
-l "traefik.http.routers.http_catchall.middlewares=https_redirect" \
|
||||||
|
-l "traefik.http.middlewares.https_redirect.redirectscheme.scheme=https" \
|
||||||
|
-l "traefik.http.middlewares.https_redirect.redirectscheme.permanent=true" \
|
||||||
|
-p 443:443 \
|
||||||
|
-p 80:80 \
|
||||||
|
-v /var/run/docker.sock:/var/run/docker.sock \
|
||||||
|
-v /var/traefik/acme.json:/acme.json \
|
||||||
|
--network proxy \
|
||||||
|
--name traefik traefik:latest
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=multi-user.target
|
||||||
Loading…
Reference in New Issue
Block a user