feat(traefik): allow exposure of dashboard via domain

2026-01-22 14:01:23 +01:00 · 2026-01-22 14:01:23 +01:00 · 8e49b09fd6
commit 8e49b09fd6
parent bce1daf5a6
5 changed files with 36 additions and 7 deletions
--- a/roles/traefik/templates/dashboard.yml.j2
+++ b/roles/traefik/templates/dashboard.yml.j2
@ -0,0 +1,16 @@
+{% set dashboard_ssl = use_ssl_dashboard | default(use_ssl) %}
+http:
+  routers:
+    dashboard:
+      rule: "Host(`{{ dashboard_domain }}`)"
+      service: api@internal
+      entryPoints:
+        - {{ 'websecure' if dashboard_ssl else 'web' }}
+{% if dashboard_ssl %}
+      tls:
+{% if cert_mode == 'acme' %}
+        certResolver: {{ ssl_cert_resolver }}
+{% else %}
+        {}
+{% endif %}
+{% endif %}
--- a/roles/traefik/templates/docker-compose.yml.j2
+++ b/roles/traefik/templates/docker-compose.yml.j2
@ -16,17 +16,15 @@ services:
    ports:
      - "80:80"
      - "443:443"
-{% if enable_dashboard %}
+{% if enable_dashboard and not dashboard_domain %}
      - "8080:8080"
 {% endif %}
    volumes:
      - {{ docker_volume_dir }}/traefik.yml:/traefik.yml:ro
+      - {{ docker_volume_dir }}/config:/config:ro
 {% if cert_mode == 'acme' %}
      - {{ docker_volume_dir }}/letsencrypt:/letsencrypt
 {% endif %}
-{% if traefik_mode == 'dmz' %}
-      - {{ docker_volume_dir }}/config:/config:ro
-{% endif %}
 {% if traefik_mode == 'backend' %}
      - /var/run/docker.sock:/var/run/docker.sock:ro
 {% endif %}
--- a/roles/traefik/templates/traefik.yml.j2
+++ b/roles/traefik/templates/traefik.yml.j2
@ -4,8 +4,10 @@ log:
 {% if enable_dashboard %}
 api:
  dashboard: true
+{% if not dashboard_domain %}
  insecure: true
 {% endif %}
+{% endif %}

 {% if enable_access_logs %}
 accessLog:
@ -26,11 +28,9 @@ entryPoints:
    address: ":443"

 providers:
-{% if traefik_mode == 'dmz' %}
  file:
    directory: /config
    watch: true
-{% endif %}
 {% if traefik_mode == 'backend' %}
  docker:
    endpoint: "unix:///var/run/docker.sock"