feat(traefik): allow exposure of dashboard via domain
This commit is contained in:
parent
bce1daf5a6
commit
8e49b09fd6
GPG key ID:
C1E0AB516AC16D1A
5 changed files with 36 additions and 7 deletions
|
|
@ -41,6 +41,7 @@ selfsigned_common_name: "*.local.test"
|
|||
|
||||
# Dashboard
|
||||
enable_dashboard: false
|
||||
dashboard_domain: "" # e.g., "traefik.local.test" - if set, exposes dashboard via hostname instead of port 8080
|
||||
|
||||
# Access log configuration
|
||||
enable_access_logs: true
|
||||
|
|
|
|||
|
|
@ -37,7 +37,6 @@
|
|||
path: "{{ docker_volume_dir }}/config"
|
||||
state: directory
|
||||
mode: '0755'
|
||||
when: traefik_mode == 'dmz'
|
||||
|
||||
- name: Create letsencrypt directory
|
||||
file:
|
||||
|
|
@ -66,6 +65,21 @@
|
|||
notify: restart traefik
|
||||
when: traefik_mode == 'dmz'
|
||||
|
||||
- name: Generate dashboard routing configuration
|
||||
template:
|
||||
src: dashboard.yml.j2
|
||||
dest: "{{ docker_volume_dir }}/config/dashboard.yml"
|
||||
mode: '0644'
|
||||
notify: restart traefik
|
||||
when: enable_dashboard | bool and dashboard_domain | length > 0
|
||||
|
||||
- name: Remove dashboard routing configuration when not needed
|
||||
file:
|
||||
path: "{{ docker_volume_dir }}/config/dashboard.yml"
|
||||
state: absent
|
||||
notify: restart traefik
|
||||
when: not (enable_dashboard | bool) or dashboard_domain | length == 0
|
||||
|
||||
- name: Create docker-compose file for traefik
|
||||
template:
|
||||
src: docker-compose.yml.j2
|
||||
|
|
|
|||
16
roles/traefik/templates/dashboard.yml.j2
Normal file
16
roles/traefik/templates/dashboard.yml.j2
Normal file
|
|
@ -0,0 +1,16 @@
|
|||
{% set dashboard_ssl = use_ssl_dashboard | default(use_ssl) %}
|
||||
http:
|
||||
routers:
|
||||
dashboard:
|
||||
rule: "Host(`{{ dashboard_domain }}`)"
|
||||
service: api@internal
|
||||
entryPoints:
|
||||
- {{ 'websecure' if dashboard_ssl else 'web' }}
|
||||
{% if dashboard_ssl %}
|
||||
tls:
|
||||
{% if cert_mode == 'acme' %}
|
||||
certResolver: {{ ssl_cert_resolver }}
|
||||
{% else %}
|
||||
{}
|
||||
{% endif %}
|
||||
{% endif %}
|
||||
|
|
@ -16,17 +16,15 @@ services:
|
|||
ports:
|
||||
- "80:80"
|
||||
- "443:443"
|
||||
{% if enable_dashboard %}
|
||||
{% if enable_dashboard and not dashboard_domain %}
|
||||
- "8080:8080"
|
||||
{% endif %}
|
||||
volumes:
|
||||
- {{ docker_volume_dir }}/traefik.yml:/traefik.yml:ro
|
||||
- {{ docker_volume_dir }}/config:/config:ro
|
||||
{% if cert_mode == 'acme' %}
|
||||
- {{ docker_volume_dir }}/letsencrypt:/letsencrypt
|
||||
{% endif %}
|
||||
{% if traefik_mode == 'dmz' %}
|
||||
- {{ docker_volume_dir }}/config:/config:ro
|
||||
{% endif %}
|
||||
{% if traefik_mode == 'backend' %}
|
||||
- /var/run/docker.sock:/var/run/docker.sock:ro
|
||||
{% endif %}
|
||||
|
|
|
|||
|
|
@ -4,8 +4,10 @@ log:
|
|||
{% if enable_dashboard %}
|
||||
api:
|
||||
dashboard: true
|
||||
{% if not dashboard_domain %}
|
||||
insecure: true
|
||||
{% endif %}
|
||||
{% endif %}
|
||||
|
||||
{% if enable_access_logs %}
|
||||
accessLog:
|
||||
|
|
@ -26,11 +28,9 @@ entryPoints:
|
|||
address: ":443"
|
||||
|
||||
providers:
|
||||
{% if traefik_mode == 'dmz' %}
|
||||
file:
|
||||
directory: /config
|
||||
watch: true
|
||||
{% endif %}
|
||||
{% if traefik_mode == 'backend' %}
|
||||
docker:
|
||||
endpoint: "unix:///var/run/docker.sock"
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue