diff --git a/playbook.yml b/playbook.yml index 2f2eef0..634f1b0 100644 --- a/playbook.yml +++ b/playbook.yml @@ -22,6 +22,7 @@ - { role: torrent-docker, tags: [ 'torrent', 'docker' ] } - { role: monit, tags: [ 'monit' ] } - { role: arch-mirror-docker, tags: [ 'mirror', 'docker' ] } + - { role: traefik-proxy-docker, tags: [ 'traefik', 'docker' ] } # vars_prompt: # - name: "ansible_sudo_pass" # prompt: "Sudo password" diff --git a/roles/arch-mirror-docker/files/arch-mirror/docker-compose.yml b/roles/arch-mirror-docker/files/arch-mirror/docker-compose.yml index 78462a4..e0ec254 100644 --- a/roles/arch-mirror-docker/files/arch-mirror/docker-compose.yml +++ b/roles/arch-mirror-docker/files/arch-mirror/docker-compose.yml @@ -1,21 +1,24 @@ version: '2.2' networks: - proxy-tier: + web: external: - name: nginx-proxy + name: web services: arch-mirror: image: nginx:latest expose: - 80 - environment: - - VIRTUAL_HOST=arch.banditlair.com - - VIRTUAL_NETWORK=nginx-proxy - - VIRTUAL_PORT=80 + labels: + - "traefik.backend=arch-mirror" + - "traefik.docker.network=web" + - "traefik.frontend.rule=Host:arch.banditlair.com" + - "traefik.enable=true" + - "traefik.port=80" + - "traefik.default.protocol=http" volumes: - /srv/repo:/usr/share/nginx/html:ro networks: - - proxy-tier + - web restart: always diff --git a/roles/arch-mirror-docker/meta/main.yml b/roles/arch-mirror-docker/meta/main.yml index d5ef1dd..ee509d6 100644 --- a/roles/arch-mirror-docker/meta/main.yml +++ b/roles/arch-mirror-docker/meta/main.yml @@ -1,2 +1,2 @@ dependencies: - - nginx-proxy-docker + - traefik-proxy-docker diff --git a/roles/emby-docker/files/emby/docker-compose.yml b/roles/emby-docker/files/emby/docker-compose.yml index 4b12f9f..6563206 100644 --- a/roles/emby-docker/files/emby/docker-compose.yml +++ b/roles/emby-docker/files/emby/docker-compose.yml @@ -1,9 +1,9 @@ version: '2.2' networks: - proxy-tier: + web: external: - name: nginx-proxy + name: web services: emby: @@ -15,9 +15,13 @@ services: environment: - UID=33 - GID=33 - - VIRTUAL_HOST=emby.banditlair.com - - VIRTUAL_NETWORK=nginx-proxy - - VIRTUAL_PORT=8096 + labels: + - "traefik.backend=emby" + - "traefik.docker.network=web" + - "traefik.frontend.rule=Host:emby.banditlair.com" + - "traefik.enable=true" + - "traefik.port=8096" + - "traefik.default.protocol=http" networks: - - proxy-tier + - web restart: always diff --git a/roles/emby-docker/meta/main.yml b/roles/emby-docker/meta/main.yml index 7ed8a84..d29ba3a 100644 --- a/roles/emby-docker/meta/main.yml +++ b/roles/emby-docker/meta/main.yml @@ -1,2 +1,2 @@ dependencies: - - nginx-proxy-docker \ No newline at end of file + - traefik-proxy-docker \ No newline at end of file diff --git a/roles/gitlab-docker/files/gitlab/docker-compose.yml b/roles/gitlab-docker/files/gitlab/docker-compose.yml index fe059dc..1a76585 100644 --- a/roles/gitlab-docker/files/gitlab/docker-compose.yml +++ b/roles/gitlab-docker/files/gitlab/docker-compose.yml @@ -1,18 +1,21 @@ version: '2.2' networks: - proxy-tier: + web: external: - name: nginx-proxy + name: web services: gitlab: image: 'gitlab/gitlab-ce:latest' hostname: ${GITLAB_DOMAIN} - environment: - - VIRTUAL_HOST=${GITLAB_DOMAIN} - - VIRTUAL_NETWORK=nginx-proxy - - VIRTUAL_PORT=9090 + labels: + - "traefik.backend=gitlab" + - "traefik.docker.network=web" + - "traefik.frontend.rule=Host:gitlab.banditlair.com" + - "traefik.enable=true" + - "traefik.port=9090" + - "traefik.default.protocol=http" ports: - "2224:22" expose: @@ -24,7 +27,7 @@ services: - /backups/gitlab:/var/opt/gitlab/backups - /etc/localtime:/etc/localtime:ro networks: - - proxy-tier + - web restart: always runner: diff --git a/roles/gitlab-docker/meta/main.yml b/roles/gitlab-docker/meta/main.yml index 7ed8a84..d29ba3a 100644 --- a/roles/gitlab-docker/meta/main.yml +++ b/roles/gitlab-docker/meta/main.yml @@ -1,2 +1,2 @@ dependencies: - - nginx-proxy-docker \ No newline at end of file + - traefik-proxy-docker \ No newline at end of file diff --git a/roles/mailu-docker/files/mailu/docker-compose.yml b/roles/mailu-docker/files/mailu/docker-compose.yml index 1047375..5cb794b 100644 --- a/roles/mailu-docker/files/mailu/docker-compose.yml +++ b/roles/mailu-docker/files/mailu/docker-compose.yml @@ -1,9 +1,9 @@ version: '2' networks: - proxy-tier: + web: external: - name: nginx-proxy + name: web services: front: @@ -19,8 +19,8 @@ services: - "$BIND_ADDRESS4:465:465" - "$BIND_ADDRESS4:587:587" volumes: - - "../proxy/nginx/certs/${DOMAIN}.crt:/certs/cert.pem" - - "../proxy/nginx/certs/${DOMAIN}.key:/certs/key.pem" + - "../traefik/certs/ssl/banditlair.com.crt:/certs/cert.pem" + - "../traefik/certs/ssl/banditlair.com.key:/certs/key.pem" redis: image: redis:alpine restart: always @@ -73,10 +73,13 @@ services: env_file: .env expose: - 80 - environment: - - VIRTUAL_HOST=mailu.banditlair.com,mail.banditlair.com - - VIRTUAL_NETWORK=nginx-proxy - - VIRTUAL_PORT=80 + labels: + - "traefik.backend=mailu-admin" + - "traefik.docker.network=web" + - "traefik.frontend.rule=Host:mailu.banditlair.com" + - "traefik.enable=true" + - "traefik.port=80" + - "traefik.default.protocol=http" volumes: - "$ROOT/data:/data" - "$ROOT/dkim:/dkim" @@ -84,7 +87,7 @@ services: depends_on: - redis networks: - - proxy-tier + - web - default webmail: @@ -92,14 +95,17 @@ services: restart: always expose: - 8888 - environment: - - VIRTUAL_HOST=webmail.banditlair.com - - VIRTUAL_NETWORK=nginx-proxy - - VIRTUAL_PORT=8888 + labels: + - "traefik.backend=webmail" + - "traefik.docker.network=web" + - "traefik.frontend.rule=Host:webmail.banditlair.com" + - "traefik.enable=true" + - "traefik.port=8888" + - "traefik.default.protocol=http" volumes: - "$ROOT/webmail:/rainloop/data" networks: - - proxy-tier + - web - default fetchmail: diff --git a/roles/mailu-docker/meta/main.yml b/roles/mailu-docker/meta/main.yml index 7ed8a84..d29ba3a 100644 --- a/roles/mailu-docker/meta/main.yml +++ b/roles/mailu-docker/meta/main.yml @@ -1,2 +1,2 @@ dependencies: - - nginx-proxy-docker \ No newline at end of file + - traefik-proxy-docker \ No newline at end of file diff --git a/roles/matrix-docker/files/matrix/docker-compose.yml b/roles/matrix-docker/files/matrix/docker-compose.yml index 930295b..fc6cbb5 100644 --- a/roles/matrix-docker/files/matrix/docker-compose.yml +++ b/roles/matrix-docker/files/matrix/docker-compose.yml @@ -3,7 +3,6 @@ services: db: image: postgres:9.6 restart: always - # Adding 127.0.0.1 ensures the port isn't exposed ON the host ports: - "127.0.0.1:5432:5432" volumes: @@ -22,10 +21,13 @@ services: - "127.0.0.1:8008:8008" - "8448:8448" - "3478:3478" - environment: - - VIRTUAL_HOST=matrix.banditlair.com - - VIRTUAL_NETWORK=nginx-proxy - - VIRTUAL_PORT=8008 + labels: + - "traefik.backend=synapse" + - "traefik.docker.network=web" + - "traefik.frontend.rule=Host:matrix.banditlair.com" + - "traefik.enable=true" + - "traefik.port=8008" + - "traefik.default.protocol=http" volumes: - /var/lib/matrix/media_store:/data/media_store - /var/log/synapse:/data/log @@ -33,13 +35,13 @@ services: - /etc/localtime:/etc/localtime:ro networks: - matrix - - proxy-tier + - web restart: always networks: matrix: external: name: matrix-network - proxy-tier: + web: external: - name: nginx-proxy + name: web diff --git a/roles/matrix-docker/meta/main.yml b/roles/matrix-docker/meta/main.yml index 7ed8a84..d29ba3a 100644 --- a/roles/matrix-docker/meta/main.yml +++ b/roles/matrix-docker/meta/main.yml @@ -1,2 +1,2 @@ dependencies: - - nginx-proxy-docker \ No newline at end of file + - traefik-proxy-docker \ No newline at end of file diff --git a/roles/nextcloud-docker/files/nextcloud/docker-compose.yml b/roles/nextcloud-docker/files/nextcloud/docker-compose.yml index 8228b0c..099c2d6 100644 --- a/roles/nextcloud-docker/files/nextcloud/docker-compose.yml +++ b/roles/nextcloud-docker/files/nextcloud/docker-compose.yml @@ -1,9 +1,9 @@ version: '3' networks: - proxy-tier: + web: external: - name: nginx-proxy + name: web services: web: @@ -11,15 +11,18 @@ services: volumes: - /var/lib/nextcloud:/var/www/html:ro - /etc/localtime:/etc/localtime:ro - environment: - - VIRTUAL_HOST=${CLOUD_DOMAIN} - - VIRTUAL_NETWORK=nginx-proxy - - VIRTUAL_PORT=80 + labels: + - "traefik.backend=nextcloud" + - "traefik.docker.network=web" + - "traefik.frontend.rule=Host:cloud.banditlair.com" + - "traefik.enable=true" + - "traefik.port=80" + - "traefik.default.protocol=http" depends_on: - app # - collabora networks: - - proxy-tier + - web - default restart: always @@ -65,17 +68,18 @@ services: tty: true expose: - '80' - environment: - - VIRTUAL_HOST=office.banditlair.com - - VIRTUAL_NETWORK=nginx-proxy - - VIRTUAL_PORT=80 - - LETSENCRYPT_HOST=office.banditlair.com - - LETSENCRYPT_EMAIL=letsencrypt.account@banditlair.com + labels: + - "traefik.backend=onlyoffice" + - "traefik.docker.network=web" + - "traefik.frontend.rule=Host:office.banditlair.com" + - "traefik.enable=true" + - "traefik.port=80" + - "traefik.default.protocol=http" volumes: - /var/lib/onlyoffice:/var/www/onlyoffice/Data - /var/log/onlyoffice:/var/log/onlyoffice networks: - - proxy-tier + - web - default restart: always diff --git a/roles/nextcloud-docker/meta/main.yml b/roles/nextcloud-docker/meta/main.yml index 7ed8a84..d29ba3a 100644 --- a/roles/nextcloud-docker/meta/main.yml +++ b/roles/nextcloud-docker/meta/main.yml @@ -1,2 +1,2 @@ dependencies: - - nginx-proxy-docker \ No newline at end of file + - traefik-proxy-docker \ No newline at end of file diff --git a/roles/nginx-proxy-docker/files/proxy/.env b/roles/nginx-proxy-docker/files/proxy/.env deleted file mode 100644 index c384017..0000000 --- a/roles/nginx-proxy-docker/files/proxy/.env +++ /dev/null @@ -1 +0,0 @@ -COMPOSE_PROJECT_NAME=proxy diff --git a/roles/nginx-proxy-docker/files/proxy/docker-compose.yml b/roles/nginx-proxy-docker/files/proxy/docker-compose.yml deleted file mode 100644 index 07fe860..0000000 --- a/roles/nginx-proxy-docker/files/proxy/docker-compose.yml +++ /dev/null @@ -1,34 +0,0 @@ -version: '2.2' - -networks: - default: - external: - name: nginx-proxy - -services: - nginx: - image: jwilder/nginx-proxy - ports: - - 80:80 - - 443:443 - labels: - com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy: "true" - volumes: - - ./nginx/conf.d:/etc/nginx/conf.d - - ./nginx/vhost.d:/etc/nginx/vhost.d - - ./nginx/html:/usr/share/nginx/html - - ./nginx/certs:/etc/nginx/certs:ro - - /var/run/docker.sock:/tmp/docker.sock:ro - - /etc/localtime:/etc/localtime:ro - restart: always - - letsencrypt-companion: - image: jrcs/letsencrypt-nginx-proxy-companion -# environment: -# - DEBUG=true - volumes_from: - - nginx - volumes: - - /var/run/docker.sock:/var/run/docker.sock:ro - - ./nginx/certs:/etc/nginx/certs:rw - restart: always diff --git a/roles/nginx-proxy-docker/files/proxy/nginx/conf.d/custom.conf b/roles/nginx-proxy-docker/files/proxy/nginx/conf.d/custom.conf deleted file mode 100644 index c636de7..0000000 --- a/roles/nginx-proxy-docker/files/proxy/nginx/conf.d/custom.conf +++ /dev/null @@ -1 +0,0 @@ -client_max_body_size 10G; diff --git a/roles/nginx-proxy-docker/meta/main.yml b/roles/nginx-proxy-docker/meta/main.yml deleted file mode 100644 index e075e71..0000000 --- a/roles/nginx-proxy-docker/meta/main.yml +++ /dev/null @@ -1,2 +0,0 @@ -dependencies: - - base-docker \ No newline at end of file diff --git a/roles/nginx-proxy-docker/tasks/main.yml b/roles/nginx-proxy-docker/tasks/main.yml deleted file mode 100644 index d6bc475..0000000 --- a/roles/nginx-proxy-docker/tasks/main.yml +++ /dev/null @@ -1,10 +0,0 @@ ---- -- name: Copy proxy config - copy: src=proxy dest={{docker_compose_files_folder}} -#- name: Copy certificates -# copy: src={{backup_folder}}/{{docker_compose_files_folder}}/proxy/nginx/certs dest={{docker_compose_files_folder}}/proxy/nginx -- name: Create nginx-proxy docker network - docker_network: - name: nginx-proxy -- name: Start proxy docker project - docker_service: project_src={{docker_compose_files_folder}}/proxy state=present \ No newline at end of file diff --git a/roles/plex-docker/files/plex/docker-compose.yml b/roles/plex-docker/files/plex/docker-compose.yml index 44c2140..e2824cf 100644 --- a/roles/plex-docker/files/plex/docker-compose.yml +++ b/roles/plex-docker/files/plex/docker-compose.yml @@ -1,9 +1,9 @@ version: '2.2' networks: - proxy-tier: + web: external: - name: nginx-proxy + name: web services: plex: @@ -16,10 +16,14 @@ services: - /tmp:/tmp - /etc/localtime:/etc/localtime:ro environment: - - VIRTUAL_HOST=${PLEX_DOMAIN} - - VIRTUAL_NETWORK=nginx-proxy - - VIRTUAL_PORT=32400 - ADVERTISE_IP=https://plex.banditlair.com/ + labels: + - "traefik.backend=plex" + - "traefik.docker.network=web" + - "traefik.frontend.rule=Host:plex.banditlair.com" + - "traefik.enable=true" + - "traefik.port=32400" + - "traefik.default.protocol=http" networks: - - proxy-tier + - web restart: always diff --git a/roles/plex-docker/meta/main.yml b/roles/plex-docker/meta/main.yml index 7ed8a84..d29ba3a 100644 --- a/roles/plex-docker/meta/main.yml +++ b/roles/plex-docker/meta/main.yml @@ -1,2 +1,2 @@ dependencies: - - nginx-proxy-docker \ No newline at end of file + - traefik-proxy-docker \ No newline at end of file diff --git a/roles/searx-docker/files/searx/docker-compose.yml b/roles/searx-docker/files/searx/docker-compose.yml index a4f742b..ddfc5df 100644 --- a/roles/searx-docker/files/searx/docker-compose.yml +++ b/roles/searx-docker/files/searx/docker-compose.yml @@ -1,9 +1,9 @@ version: '2.2' networks: - proxy-tier: + web: external: - name: nginx-proxy + name: web services: searx: @@ -11,11 +11,13 @@ services: environment: - BASE_URL="https://banditlair.com" - IMAGE_PROXY=True - - VIRTUAL_HOST=banditlair.com - - VIRTUAL_NETWORK=nginx-proxy - - VIRTUAL_PORT=8888 - - LETSENCRYPT_HOST=banditlair.com,mail.banditlair.com,mailu.banditlair.com,webmail.banditlair.com,gitlab.banditlair.com,cloud.banditlair.com,plex.banditlair.com,deluge.banditlair.com,rpg.banditlair.com,matrix.banditlair.com,emby.banditlair.com,arch.banditlair.com,sonarr.banditlair.com,radarr.banditlair.com,headphones.banditlair.com,jackett.banditlair.com,nzbget.banditlair.com - - LETSENCRYPT_EMAIL=letsencrypt.account@banditlair.com + labels: + - "traefik.backend=searx" + - "traefik.docker.network=web" + - "traefik.frontend.rule=Host:banditlair.com" + - "traefik.enable=true" + - "traefik.port=8888" + - "traefik.default.protocol=http" networks: - - proxy-tier + - web restart: always diff --git a/roles/searx-docker/meta/main.yml b/roles/searx-docker/meta/main.yml index 7ed8a84..d29ba3a 100644 --- a/roles/searx-docker/meta/main.yml +++ b/roles/searx-docker/meta/main.yml @@ -1,2 +1,2 @@ dependencies: - - nginx-proxy-docker \ No newline at end of file + - traefik-proxy-docker \ No newline at end of file diff --git a/roles/torrent-docker/files/torrent/docker-compose.yml b/roles/torrent-docker/files/torrent/docker-compose.yml index f714d9a..2d1cfad 100644 --- a/roles/torrent-docker/files/torrent/docker-compose.yml +++ b/roles/torrent-docker/files/torrent/docker-compose.yml @@ -1,9 +1,9 @@ version: '2.2' networks: - proxy-tier: + web: external: - name: nginx-proxy + name: web services: deluge: @@ -31,12 +31,16 @@ services: - DEBUG=false - PUID=33 - PGID=33 - - VIRTUAL_HOST=${DELUGE_DOMAIN} - - VIRTUAL_NETWORK=nginx-proxy - - VIRTUAL_PORT=8112 + labels: + - "traefik.backend=deluge" + - "traefik.docker.network=web" + - "traefik.frontend.rule=Host:deluge.banditlair.com" + - "traefik.enable=true" + - "traefik.port=8112" + - "traefik.default.protocol=http" restart: always networks: - - proxy-tier + - web sonarr: image: linuxserver/sonarr @@ -45,9 +49,13 @@ services: environment: - PUID=33 - PGID=33 - - VIRTUAL_HOST=sonarr.banditlair.com - - VIRTUAL_NETWORK=nginx-proxy - - VIRTUAL_PORT=8989 + labels: + - "traefik.backend=sonarr" + - "traefik.docker.network=web" + - "traefik.frontend.rule=Host:sonarr.banditlair.com" + - "traefik.enable=true" + - "traefik.port=8989" + - "traefik.default.protocol=http" volumes: - /var/lib/deluge/completed:/downloads - /var/lib/nzbget/downloads:/nzbget @@ -56,7 +64,7 @@ services: - /etc/localtime:/etc/localtime:ro restart: always networks: - - proxy-tier + - web radarr: image: linuxserver/radarr @@ -65,9 +73,13 @@ services: environment: - PUID=33 - PGID=33 - - VIRTUAL_HOST=radarr.banditlair.com - - VIRTUAL_NETWORK=nginx-proxy - - VIRTUAL_PORT=7878 + labels: + - "traefik.backend=radarr" + - "traefik.docker.network=web" + - "traefik.frontend.rule=Host:radarr.banditlair.com" + - "traefik.enable=true" + - "traefik.port=7878" + - "traefik.default.protocol=http" volumes: - /var/lib/deluge/completed:/downloads - /var/lib/nzbget/downloads:/nzbget @@ -76,7 +88,7 @@ services: - /etc/localtime:/etc/localtime:ro restart: always networks: - - proxy-tier + - web headphones: image: linuxserver/headphones @@ -85,9 +97,13 @@ services: environment: - PUID=33 - PGID=33 - - VIRTUAL_HOST=headphones.banditlair.com - - VIRTUAL_NETWORK=nginx-proxy - - VIRTUAL_PORT=8181 + labels: + - "traefik.backend=headphones" + - "traefik.docker.network=web" + - "traefik.frontend.rule=Host:headphones.banditlair.com" + - "traefik.enable=true" + - "traefik.port=8181" + - "traefik.default.protocol=http" volumes: - /var/lib/deluge/completed:/downloads - ./config/headphones:/config @@ -95,7 +111,7 @@ services: - /etc/localtime:/etc/localtime:ro restart: always networks: - - proxy-tier + - web nzbget: image: linuxserver/nzbget @@ -104,16 +120,20 @@ services: environment: - PUID=33 - PGID=33 - - VIRTUAL_HOST=nzbget.banditlair.com - - VIRTUAL_NETWORK=nginx-proxy - - VIRTUAL_PORT=6789 + labels: + - "traefik.backend=nzbget" + - "traefik.docker.network=web" + - "traefik.frontend.rule=Host:nzbget.banditlair.com" + - "traefik.enable=true" + - "traefik.port=6789" + - "traefik.default.protocol=http" volumes: - /var/lib/nzbget/downloads:/downloads - ./config/nzbget:/config - /etc/localtime:/etc/localtime:ro restart: always networks: - - proxy-tier + - web jackett: image: linuxserver/jackett @@ -122,13 +142,17 @@ services: environment: - PUID=33 - PGID=33 - - VIRTUAL_HOST=jackett.banditlair.com - - VIRTUAL_NETWORK=nginx-proxy - - VIRTUAL_PORT=9117 + labels: + - "traefik.backend=jackett" + - "traefik.docker.network=web" + - "traefik.frontend.rule=Host:jackett.banditlair.com" + - "traefik.enable=true" + - "traefik.port=9117" + - "traefik.default.protocol=http" volumes: # - /var/lib/deluge/completed:/downloads - ./config/jackett:/config - /etc/localtime:/etc/localtime:ro restart: always networks: - - proxy-tier + - web diff --git a/roles/torrent-docker/meta/main.yml b/roles/torrent-docker/meta/main.yml index 7ed8a84..d29ba3a 100644 --- a/roles/torrent-docker/meta/main.yml +++ b/roles/torrent-docker/meta/main.yml @@ -1,2 +1,2 @@ dependencies: - - nginx-proxy-docker \ No newline at end of file + - traefik-proxy-docker \ No newline at end of file diff --git a/roles/traefik-proxy-docker/files/traefik/data/traefik.toml b/roles/traefik-proxy-docker/files/traefik/data/traefik.toml new file mode 100644 index 0000000..ca62715 --- /dev/null +++ b/roles/traefik-proxy-docker/files/traefik/data/traefik.toml @@ -0,0 +1,40 @@ +debug = false + +logLevel = "ERROR" +defaultEntryPoints = ["https","http"] + +[entryPoints] + [entryPoints.http] + address = ":80" + [entryPoints.http.redirect] + entryPoint = "https" + [entryPoints.https] + address = ":443" + [entryPoints.https.tls] + [entryPoints.traefik] + address = ":8080" + +# Activate API and Dashboard +[api] +entryPoint = "traefik" +dashboard = true + +[retry] + +[docker] +endpoint = "unix:///var/run/docker.sock" +domain = "banditlair.com" +watch = true +exposedbydefault = false + +[acme] +email = "letsencrypt.account@banditlair.com" +storage = "acme.json" +entryPoint = "https" +OnHostRule = true +[acme.httpChallenge] +entryPoint = "http" + +[[acme.domains]] +main = "banditlair.com" +sans = ["mail.banditlair.com"] \ No newline at end of file diff --git a/roles/traefik-proxy-docker/files/traefik/docker-compose.yml b/roles/traefik-proxy-docker/files/traefik/docker-compose.yml new file mode 100644 index 0000000..6b11efe --- /dev/null +++ b/roles/traefik-proxy-docker/files/traefik/docker-compose.yml @@ -0,0 +1,49 @@ +version: '3' + +services: + traefik: + container_name: traefik + image: traefik:1.6.0-rc6-alpine + ports: + - 80:80 + - 443:443 + volumes: + - /var/run/docker.sock:/var/run/docker.sock + - ./data:/etc/traefik + - ./certs/acme.json:/acme.json + labels: + - "traefik.backend=traefik" + - "traefik.docker.network=web" + - "traefik.frontend.rule=Host:traefik.banditlair.com" + - "traefik.enable=true" + - "traefik.port=8080" + - "traefik.default.protocol=http" + - "traefik.frontend.auth.basic=admin:${TRAEFIK_DASHBOARD_PASSWORD_HASH}" + networks: + - web + restart: always + + # Watch acme.json and dump certificates to files + certdumper: + container_name: traefik_certdumper + image: alpine:latest + depends_on: + - traefik + restart: unless-stopped + volumes: + - ./certs:/traefik + command: > + ash -c " \ + apk --no-cache add inotify-tools jq openssl util-linux bash && \ + wget https://raw.githubusercontent.com/containous/traefik/master/contrib/scripts/dumpcerts.sh -O dumpcerts.sh && \ + mkdir -p /traefik/ssl/ && \ + while true; do \ + inotifywait -e modify /traefik/acme.json && \ + bash dumpcerts.sh /traefik/acme.json /traefik/ssl/ && \ + ln -f /traefik/ssl/certs/* /traefik/ssl/ && \ + ln -f /traefik/ssl/private/* /traefik/ssl/; \ + done" + +networks: + web: + external: true diff --git a/roles/traefik-proxy-docker/tasks/main.yml b/roles/traefik-proxy-docker/tasks/main.yml new file mode 100644 index 0000000..08bb2b3 --- /dev/null +++ b/roles/traefik-proxy-docker/tasks/main.yml @@ -0,0 +1,12 @@ +--- +- name: Copy traefik config + copy: src=traefik dest={{docker_compose_files_folder}} +- name: Create traefik .env + template: + src: traefik/.env + dest: "{{docker_compose_files_folder}}/traefik/.env" +- name: Create web docker network + docker_network: + name: web +- name: Start traefik docker project + docker_service: project_src={{docker_compose_files_folder}}/traefik state=present \ No newline at end of file diff --git a/roles/traefik-proxy-docker/templates/traefik/.env b/roles/traefik-proxy-docker/templates/traefik/.env new file mode 100644 index 0000000..fd2bc1b --- /dev/null +++ b/roles/traefik-proxy-docker/templates/traefik/.env @@ -0,0 +1 @@ +TRAEFIK_DASHBOARD_PASSWORD_HASH={{traefik_dashboard_password_hash}} \ No newline at end of file diff --git a/roles/wiki-docker/files/wiki/docker-compose.yml b/roles/wiki-docker/files/wiki/docker-compose.yml index d3f1c57..389ae53 100644 --- a/roles/wiki-docker/files/wiki/docker-compose.yml +++ b/roles/wiki-docker/files/wiki/docker-compose.yml @@ -1,22 +1,25 @@ version: '2.2' networks: - proxy-tier: + web: external: - name: nginx-proxy + name: web services: rpg_wiki: image: 'bitnami/dokuwiki:0.20170219.201708232029-r7' expose: - 80 - environment: - - VIRTUAL_HOST=rpg.banditlair.com - - VIRTUAL_NETWORK=nginx-proxy - - VIRTUAL_PORT=80 volumes: - '/var/lib/wiki/rpg:/bitnami' - /etc/localtime:/etc/localtime:ro + labels: + - "traefik.backend=rpg_wiki" + - "traefik.docker.network=web" + - "traefik.frontend.rule=Host:rpg.banditlair.com" + - "traefik.enable=true" + - "traefik.port=80" + - "traefik.default.protocol=http" networks: - - proxy-tier + - web restart: always diff --git a/roles/wiki-docker/meta/main.yml b/roles/wiki-docker/meta/main.yml index 7ed8a84..d29ba3a 100644 --- a/roles/wiki-docker/meta/main.yml +++ b/roles/wiki-docker/meta/main.yml @@ -1,2 +1,2 @@ dependencies: - - nginx-proxy-docker \ No newline at end of file + - traefik-proxy-docker \ No newline at end of file