Digitalboard/digitalboard.core
5
2
Fork 0
Code Pull requests Releases Packages Activity Actions

feat(traefik): allow exposure of dashboard via domain

Browse source
This commit is contained in:
Bert-Jan Fikse 2026-01-22 14:01:23 +01:00
parent bce1daf5a6
commit 8e49b09fd6
Signed by: bert-jan
GPG key ID: C1E0AB516AC16D1A
5 changed files with 36 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

1
roles/traefik/defaults/main.yml
View file

@ -41,6 +41,7 @@ selfsigned_common_name: "*.local.test"
# Dashboard # Dashboard
enable_dashboard: false enable_dashboard: false
dashboard_domain: "" # e.g., "traefik.local.test" - if set, exposes dashboard via hostname instead of port 8080
# Access log configuration # Access log configuration
enable_access_logs: true enable_access_logs: true

16
roles/traefik/tasks/main.yml
View file

@ -37,7 +37,6 @@
path: "{{ docker_volume_dir }}/config" path: "{{ docker_volume_dir }}/config"
state: directory state: directory
mode: '0755' mode: '0755'
when: traefik_mode == 'dmz'
- name: Create letsencrypt directory - name: Create letsencrypt directory
file: file:
@ -66,6 +65,21 @@
notify: restart traefik notify: restart traefik
when: traefik_mode == 'dmz' when: traefik_mode == 'dmz'
- name: Generate dashboard routing configuration
template:
src: dashboard.yml.j2
dest: "{{ docker_volume_dir }}/config/dashboard.yml"
mode: '0644'
notify: restart traefik
when: enable_dashboard | bool and dashboard_domain | length > 0
- name: Remove dashboard routing configuration when not needed
file:
path: "{{ docker_volume_dir }}/config/dashboard.yml"
state: absent
notify: restart traefik
when: not (enable_dashboard | bool) or dashboard_domain | length == 0
- name: Create docker-compose file for traefik - name: Create docker-compose file for traefik
template: template:
src: docker-compose.yml.j2 src: docker-compose.yml.j2

16
roles/traefik/templates/dashboard.yml.j2 Normal file
View file

@ -0,0 +1,16 @@
{% set dashboard_ssl = use_ssl_dashboard | default(use_ssl) %}
http:
routers:
dashboard:
rule: "Host(`{{ dashboard_domain }}`)"
service: api@internal
entryPoints:
- {{ 'websecure' if dashboard_ssl else 'web' }}
{% if dashboard_ssl %}
tls:
{% if cert_mode == 'acme' %}
certResolver: {{ ssl_cert_resolver }}
{% else %}
{}
{% endif %}
{% endif %}

6
roles/traefik/templates/docker-compose.yml.j2
View file

@ -16,17 +16,15 @@ services:
ports: ports:
- "80:80" - "80:80"
- "443:443" - "443:443"
{% if enable_dashboard %} {% if enable_dashboard and not dashboard_domain %}
- "8080:8080" - "8080:8080"
{% endif %} {% endif %}
volumes: volumes:
- {{ docker_volume_dir }}/traefik.yml:/traefik.yml:ro - {{ docker_volume_dir }}/traefik.yml:/traefik.yml:ro
- {{ docker_volume_dir }}/config:/config:ro
{% if cert_mode == 'acme' %} {% if cert_mode == 'acme' %}
- {{ docker_volume_dir }}/letsencrypt:/letsencrypt - {{ docker_volume_dir }}/letsencrypt:/letsencrypt
{% endif %} {% endif %}
{% if traefik_mode == 'dmz' %}
- {{ docker_volume_dir }}/config:/config:ro
{% endif %}
{% if traefik_mode == 'backend' %} {% if traefik_mode == 'backend' %}
- /var/run/docker.sock:/var/run/docker.sock:ro - /var/run/docker.sock:/var/run/docker.sock:ro
{% endif %} {% endif %}

4
roles/traefik/templates/traefik.yml.j2
View file

@ -4,8 +4,10 @@ log:
{% if enable_dashboard %} {% if enable_dashboard %}
api: api:
dashboard: true dashboard: true
{% if not dashboard_domain %}
insecure: true insecure: true
{% endif %} {% endif %}
{% endif %}
{% if enable_access_logs %} {% if enable_access_logs %}
accessLog: accessLog:
@ -26,11 +28,9 @@ entryPoints:
address: ":443" address: ":443"
providers: providers:
{% if traefik_mode == 'dmz' %}
file: file:
directory: /config directory: /config
watch: true watch: true
{% endif %}
{% if traefik_mode == 'backend' %} {% if traefik_mode == 'backend' %}
docker: docker:
endpoint: "unix:///var/run/docker.sock" endpoint: "unix:///var/run/docker.sock"