From afe5950d770a5de61273a7df4aa205cec7aec1b7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Simon=20B=C3=A4rlocher?= Date: Tue, 26 May 2026 14:02:43 +0200 Subject: [PATCH] feat(traefik): configurable extra_hosts for container DNS overrides Add `traefik_extra_hosts` (list of `host:ip`) that maps straight into the traefik container's compose `extra_hosts`. Needed when a downstream middleware (e.g. ForwardAuth to authentik on a sibling LAN) has to resolve a public FQDN to an internal IP because the DMZ doesn't hairpin the public address back inside. Empty by default; behaviour unchanged for existing inventories. --- roles/traefik/defaults/main.yml | 7 +++++++ roles/traefik/templates/docker-compose.yml.j2 | 6 ++++++ 2 files changed, 13 insertions(+) diff --git a/roles/traefik/defaults/main.yml b/roles/traefik/defaults/main.yml index eea7391..ffc237e 100644 --- a/roles/traefik/defaults/main.yml +++ b/roles/traefik/defaults/main.yml @@ -11,6 +11,13 @@ service_name: traefik docker_compose_dir: "{{ docker_compose_base_dir }}/{{ service_name }}" docker_volume_dir: "{{ docker_volume_base_dir }}/{{ service_name }}" +# Optional /etc/hosts entries injected into the traefik container. Useful +# when downstream middlewares (e.g. ForwardAuth to an authentik instance +# running on a sibling LAN) need a public FQDN to resolve to an internal +# IP because the DMZ doesn't hairpin the public address back inside. +# Example: ["auth.example.com:172.16.19.101"] +traefik_extra_hosts: [] + # Deployment mode: 'dmz' or 'backend' # - dmz: Public-facing reverse proxy that routes to backend servers using file provider # - backend: Application server with docker provider for local container discovery diff --git a/roles/traefik/templates/docker-compose.yml.j2 b/roles/traefik/templates/docker-compose.yml.j2 index 6dbb9ec..9463e58 100644 --- a/roles/traefik/templates/docker-compose.yml.j2 +++ b/roles/traefik/templates/docker-compose.yml.j2 @@ -33,6 +33,12 @@ services: {% endif %} networks: - {{ traefik_network }} +{% if traefik_extra_hosts | default([]) | length > 0 %} + extra_hosts: +{% for h in traefik_extra_hosts %} + - "{{ h }}" +{% endfor %} +{% endif %} networks: {{ traefik_network }}: