Migrate to bigger Hetzner server

2025-12-25 13:46:59 +01:00 · 2019-11-05 03:37:05 +01:00 · 2019-11-05 03:37:05 +01:00 · 86fb8e71c1
commit 86fb8e71c1
parent d77f2ef548
32 changed files with 294 additions and 226 deletions
--- a/roles/traefik-proxy-docker/templates/traefik/.env
+++ b/roles/traefik-proxy-docker/templates/traefik/.env
@ -1 +1 @@
-TRAEFIK_DASHBOARD_PASSWORD_HASH={{traefik_dashboard_password_hash}}
+TRAEFIK_DASHBOARD_PASSWORD_HASH={{traefik_dashboard_password_hash}}
--- a/roles/traefik-proxy-docker/templates/data/traefik.toml
+++ b/roles/traefik-proxy-docker/templates/data/traefik.toml
@ -0,0 +1,53 @@
+debug = false
+
+logLevel = "ERROR"
+defaultEntryPoints = ["https","http"]
+
+[entryPoints]
+  [entryPoints.http]
+  address = ":80"
+    [entryPoints.http.redirect]
+    entryPoint = "https"
+  [entryPoints.https]
+  address = ":443"
+  [entryPoints.https.tls]
+  [entryPoints.traefik]
+  address = ":8080"
+
+# Activate API and Dashboard
+[api]
+entryPoint = "traefik"
+dashboard = true
+
+[retry]
+
+[docker]
+endpoint = "unix:///var/run/docker.sock"
+{% if inventory_hostname in (groups['mail']) %}
+domain = "mail1.banditlair.com"
+{% else %}
+domain = "banditlair.com"
+{% endif %}
+watch = true
+exposedbydefault = false
+
+[acme]
+email = "letsencrypt.account@banditlair.com"
+storage = "acme.json"
+entryPoint = "https"
+OnHostRule = true
+KeyType = "RSA4096"
+[acme.httpChallenge]
+entryPoint = "http"
+
+[[acme.domains]]
+{% if inventory_hostname in (groups['mail']) %}
+main = "mail1.banditlair.com"
+{% else %}
+main = "banditlair.com"
+sans = ["mail.banditlair.com"]
+{% endif %}
+
+
+[accessLog]
+filePath = "/var/log/traefik/access.log"
--- a/roles/traefik-proxy-docker/templates/docker-compose.yml
+++ b/roles/traefik-proxy-docker/templates/docker-compose.yml
@ -0,0 +1,38 @@
+version: '3'
+
+services:
+  traefik:
+    container_name: traefik
+    image: traefik:1.7.12-alpine
+    ports:
+      - 80:80
+      - 443:443
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+      - ./data:/etc/traefik
+      - /var/log/traefik:/var/log/traefik
+      - ./certs/acme.json:/acme.json
+    labels:
+      - "traefik.backend=traefik"
+      - "traefik.docker.network=web"
+      - "traefik.frontend.rule=Host:traefik.{{inventory_hostname}}.banditlair.com"
+      - "traefik.enable=true"
+      - "traefik.port=8080"
+      - "traefik.default.protocol=http"
+      - "traefik.frontend.auth.basic=admin:${TRAEFIK_DASHBOARD_PASSWORD_HASH}"
+    networks:
+      - web
+    restart: always
+
+  certdumper:
+    image: ldez/traefik-certs-dumper:v2.4.1
+    depends_on:
+      - traefik
+    restart: unless-stopped
+    volumes:
+      - ./certs:/traefik
+    command: file --source /traefik/acme.json --dest /traefik/ssl --watch
+
+networks:
+  web:
+    external: true