chore: upgrade reverseproxy role for use with vagrant and ssl

2025-11-07 11:52:41 +01:00 · 2025-11-07 11:52:41 +01:00 · 9e7b2b3b84
commit 9e7b2b3b84
parent a4aa64777e
7 changed files with 177 additions and 104 deletions
--- a/roles/reverseproxy/templates/traefik.yml.j2
+++ b/roles/reverseproxy/templates/traefik.yml.j2
@ -1,9 +1,17 @@
+log:
+  level: {{ log_level }}
+
 {% if enable_dashboard %}
 api:
  dashboard: true
  insecure: true
 {% endif %}

+{% if enable_access_logs %}
+accessLog:
+  format: {{ access_log_format }}
+{% endif %}
+
 entryPoints:
  web:
    address: ":80"
@ -18,24 +26,36 @@ entryPoints:
    address: ":443"

 providers:
-{% if use_static_services | default(false) %}
+{% if reverseproxy_mode == 'dmz' %}
  file:
-    filename: /etc/traefik/services.yml
+    directory: /config
    watch: true
 {% endif %}
-{% if use_docker_provider | default(true) %}
+{% if reverseproxy_mode == 'backend' %}
  docker:
    endpoint: "unix:///var/run/docker.sock"
+    network: {{ traefik_network }}
    exposedByDefault: false
 {% endif %}

+{% if use_ssl and cert_mode == 'acme' %}
 certificatesResolvers:
-  letsencrypt:
+  {{ ssl_cert_resolver }}:
    acme:
-      email: admin@digitalboard.ch
+      email: {{ ssl_email }}
      storage: /letsencrypt/acme.json
-      httpChallenge:
-        entryPoint: web
+      dnsChallenge:
+        provider: rfc2136
+        resolvers:
+          - "{{ acme_dns_nameserver }}"
+{% endif %}
+
+{% if use_ssl %}
+tls:
+  options:
+    default:
+      minVersion: VersionTLS12
+{% endif %}

 global:
  checkNewVersion: false