parent
fec3bcd01c
commit
07d6786167
project
@ -4,10 +4,7 @@
|
||||
- name: Ping hosts
|
||||
ansible.builtin.ping:
|
||||
|
||||
- hosts: all
|
||||
roles:
|
||||
- testrole
|
||||
- hosts: docker2.t-juice.club
|
||||
roles:
|
||||
- vault
|
||||
|
||||
- traefik
|
9
project/roles/traefik/handlers/main.yml
Normal file
9
project/roles/traefik/handlers/main.yml
Normal file
@ -0,0 +1,9 @@
|
||||
---
|
||||
- name: reload systemd
|
||||
ansible.builtin.systemd:
|
||||
daemon_reload: yes
|
||||
|
||||
- name: restart traefik
|
||||
ansible.builtin.systemd:
|
||||
name: vault
|
||||
state: restarted
|
20
project/roles/traefik/tasks/main.yml
Normal file
20
project/roles/traefik/tasks/main.yml
Normal file
@ -0,0 +1,20 @@
|
||||
---
|
||||
- name: Create traefik.service
|
||||
ansible.builtin.template:
|
||||
src: traefik.service.j2
|
||||
dest: /etc/systemd/system/traefik.service
|
||||
notify:
|
||||
- reload systemd
|
||||
- restart traefik
|
||||
|
||||
- meta: flush_handlers
|
||||
|
||||
- name: Ensure service is started
|
||||
ansible.builtin.systemd:
|
||||
state: started
|
||||
name: traefik
|
||||
|
||||
- name: Ensure service is enabled
|
||||
ansible.builtin.systemd:
|
||||
enabled: yes
|
||||
name: traefik
|
38
project/roles/traefik/templates/traefik.service.j2
Normal file
38
project/roles/traefik/templates/traefik.service.j2
Normal file
@ -0,0 +1,38 @@
|
||||
[Unit]
|
||||
Description=Traefik Container
|
||||
After=docker.service
|
||||
Requires=docker.service
|
||||
|
||||
[Service]
|
||||
TimeoutStartSec=0
|
||||
Restart=always
|
||||
ExecStartPre=-/usr/bin/docker stop traefik
|
||||
ExecStartPre=-/usr/bin/docker rm traefik
|
||||
ExecStartPre=-/usr/bin/docker pull traefik:latest
|
||||
ExecStart=/usr/bin/docker run \
|
||||
-e TRAEFIK_LOG_LEVEL=INFO \
|
||||
-e TRAEFIK_ENTRYPOINTS_INSECURE_ADDRESS=:80 \
|
||||
-e TRAEFIK_ENTRYPOINTS_SECURE_ADDRESS=:443 \
|
||||
-e TRAEFIK_ENTRYPOINTS_SECURE_HTTP_TLS=true \
|
||||
-e TRAEFIK_ENTRYPOINTS_SECURE_HTTP_TLS_CERTRESOLVER=LE \
|
||||
-e TRAEFIK_CERTIFICATESRESOLVERS_LE=true \
|
||||
-e TRAEFIK_CERTIFICATESRESOLVERS_LE_ACME_EMAIL=torjuspuz@gmail.com \
|
||||
-e TRAEFIK_CERTIFICATESRESOLVERS_LE_ACME_HTTPCHALLENGE_ENTRYPOINT=insecure \
|
||||
-e TRAEFIK_CERTIFICATESRESOLVERS_LE_ACME_KEYTYPE=EC256 \
|
||||
-e TRAEFIK_CERTIFICATESRESOLVERS_LE_ACME_STORAGE=/acme.json \
|
||||
-e TRAEFIK_PROVIDERS_DOCKER=true \
|
||||
-e TRAEFIK_PROVIDERS_DOCKER_EXPOSEDBYDEFAULT=false \
|
||||
-l "traefik.http.routers.http_catchall.rule=HostRegexp(`{any:.+}`)" \
|
||||
-l "traefik.http.routers.http_catchall.entrypoints=insecure" \
|
||||
-l "traefik.http.routers.http_catchall.middlewares=https_redirect" \
|
||||
-l "traefik.http.middlewares.https_redirect.redirectscheme.scheme=https" \
|
||||
-l "traefik.http.middlewares.https_redirect.redirectscheme.permanent=true" \
|
||||
-p 443:443 \
|
||||
-p 80:80 \
|
||||
-v /var/run/docker.sock:/var/run/docker.sock \
|
||||
-v /var/traefik/acme.json:/acme.json \
|
||||
--network proxy \
|
||||
--name traefik traefik:latest
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
Loading…
Reference in New Issue
Block a user