chore: upgrade reverseproxy role for use with vagrant and ssl

2025-11-07 11:52:41 +01:00 · 2025-11-07 11:52:41 +01:00 · 9e7b2b3b84
commit 9e7b2b3b84
parent a4aa64777e
7 changed files with 177 additions and 104 deletions
--- a/roles/reverseproxy/templates/docker-compose.yml.j2
+++ b/roles/reverseproxy/templates/docker-compose.yml.j2
@ -1,21 +1,39 @@
 services:
  traefik:
-    image: traefik:v3.5
-    container_name: traefik
+    image: traefik:latest
+    container_name: reverseproxy
    restart: always
+{% if cert_mode == 'acme' %}
+    environment:
+      RFC2136_NAMESERVER: "{{ acme_dns_nameserver }}"
+      RFC2136_TSIG_ALGORITHM: "{{ acme_tsig_algorithm }}"
+      RFC2136_TSIG_KEY: "{{ acme_tsig_key }}"
+      RFC2136_TSIG_SECRET: "{{ acme_tsig_secret }}"
+      RFC2136_PROPAGATION_TIMEOUT: "{{ acme_propagation_timeout }}"
+      RFC2136_POLLING_INTERVAL: "{{ acme_polling_interval }}"
+      RFC2136_TTL: "{{ acme_ttl }}"
+{% endif %}
    ports:
      - "80:80"
      - "443:443"
 {% if enable_dashboard %}
-      - "8080:8080"  # Dashboard
+      - "8080:8080"
 {% endif %}
    volumes:
-      - {{ docker_volume_dir }}/traefik/etc/traefik:/etc/traefik:ro
-      - {{ docker_volume_dir }}/traefik/letsencrypt:/letsencrypt
+      - {{ docker_volume_dir }}/traefik.yml:/traefik.yml:ro
+{% if cert_mode == 'acme' %}
+      - {{ docker_volume_dir }}/letsencrypt:/letsencrypt
+{% endif %}
+{% if reverseproxy_mode == 'dmz' %}
+      - {{ docker_volume_dir }}/config:/config:ro
+{% endif %}
+{% if reverseproxy_mode == 'backend' %}
      - /var/run/docker.sock:/var/run/docker.sock:ro
+{% endif %}
    networks:
-      - traefik
+      - {{ traefik_network }}

 networks:
-  traefik:
+  {{ traefik_network }}:
+    name: {{ traefik_network }}
    external: true