refactor: add https and acme to traefik

2023-03-29 22:19:37 -07:00
parent ed426593d4
commit c3f6bd2ea9
9 changed files with 65 additions and 24 deletions
--- a/roles/traefik/templates/.env.traefik.j2
+++ b/roles/traefik/templates/.env.traefik.j2
@@ -0,0 +1 @@
+CF_DNS_API_TOKEN={{ cloudflare_api_token }}
--- a/roles/traefik/templates/docker-compose.yml.j2
+++ b/roles/traefik/templates/docker-compose.yml.j2
@@ -1,3 +1,5 @@
+{% from "contrib/compose_helpers.j2" import traefik_labels with context %}
+{##}
 version: "3.7"

 networks:
@@ -13,12 +15,11 @@ services:
    image: traefik:v2.9
    container_name: traefik
    labels:
-      - traefik.enable=true
-      - traefik.http.routers.traefik.rule=Host(`traefik.{{ domain }}`)
-      - traefik.http.services.traefik.loadbalancer.server.port=8080
+      - {{ traefik_labels("traefik", service="api@internal") | indent(6) }}
    restart: unless-stopped
    ports:
      - "80:80"
+      - "443:443"
      - "8080:8080"
    env_file:
      - .env.traefik
@@ -29,5 +30,6 @@ services:
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - ./traefik.yml:/etc/traefik/traefik.yml:ro
+      - {{ base_volume_path }}/traefik/rules:/rules:ro
      - {{ base_volume_path }}/traefik/logs:/logs
-      - ./rules:/rules:ro
+      - {{ base_volume_path }}/traefik/acme:/acme
--- a/roles/traefik/templates/traefik.yml.j2
+++ b/roles/traefik/templates/traefik.yml.j2
@@ -14,6 +14,22 @@ entryPoints:
    forwardedHeaders:
      trustedIPs:
        - "172.16.0.0/12"
+  websecure:
+    address: ":443"
+
+certificatesResolvers:
+  letsencrypt:
+    acme:
+      email: {{ acme_email }}
+      storage: "/acme/acme.json"
+      keyType: "EC384"
+      dnsChallenge:
+        provider: "cloudflare"
+        delayBeforeCheck: 10
+        resolvers:
+          - 1.1.1.1
+          - 8.8.8.8
+          - 9.9.9.9

 providers:
  docker:
				`@@ -0,0 +1 @@`
				`CF_DNS_API_TOKEN={{ cloudflare_api_token }}`