Digitalboard/digitalboard.core
5
2
Fork 0
Code Pull requests Releases Packages Activity Actions
digitalboard.core/roles/traefik/defaults/main.yml
Bert-Jan Fikse 69bc95b992
chore: rename reverseproxy role to traffic 
in case we get a nginx role oa in the future
2025-11-07 15:03:56 +01:00

69 lines
No EOL
2.2 KiB
YAML
Raw Blame History

#SPDX-License-Identifier: MIT-0
---
# defaults file for traefik
# Base directory configuration (inherited from base role or defined here)
docker_compose_base_dir: /etc/docker/compose
docker_volume_base_dir: /srv/data
# Service-specific configuration
service_name: traefik
docker_compose_dir: "{{ docker_compose_base_dir }}/{{ service_name }}"
docker_volume_dir: "{{ docker_volume_base_dir }}/{{ service_name }}"
# Deployment mode: 'dmz' or 'backend'
# - dmz: Public-facing reverse proxy that routes to backend servers using file provider
# - backend: Application server with docker provider for local container discovery
traefik_mode: "backend"
# SSL configuration
use_ssl: true
ssl_email: "admin@example.com"
ssl_cert_resolver: "dns" # Certificate resolver name
# Certificate mode: 'acme' for Let's Encrypt with DNS challenge or 'selfsigned' for self-signed certs
cert_mode: "selfsigned" # Use selfsigned for vagrant, acme for production
# ACME DNS Challenge with RFC2136 (TSIG) configuration
acme_dns_zone: "" # e.g., "digitalboard._acme.digitalboard.ch."
acme_dns_nameserver: "" # e.g., "192.168.1.1:53"
acme_tsig_algorithm: "hmac-sha256"
acme_tsig_key: "" # TSIG key name
acme_tsig_secret: "" # TSIG secret
acme_propagation_timeout: "120"
acme_polling_interval: "2"
acme_ttl: "60"
# Self-signed certificate configuration (for vagrant/testing)
selfsigned_cert_dir: "{{ docker_volume_dir }}/certs"
selfsigned_cert_days: 365
selfsigned_common_name: "*.local.test"
# Dashboard
enable_dashboard: false
# Access log configuration
enable_access_logs: true
access_log_format: "common"
log_level: "INFO"
# Network name
traefik_network: "proxy"
# Services to expose (defined by application roles via host_vars or group_vars)
# Each backend server should define this variable with their services
# traefik_services:
# - name: httpbin
# domain: httpbin.example.com
# port: 8080
# protocol: http # http or https
# entrypoints: [websecure] # optional, defaults based on SSL config
# DMZ mode: Explicit backend server mapping
# Define which backend servers this DMZ proxy should route to
# If empty or undefined, routes to all servers in backend_servers group
backend_servers_to_proxy: []
# Example:
# backend_servers_to_proxy:
# - backend1
# - backend2
View git blame Copy permalink