Browse Source

add ability to use le's dns-challenge

main
Simeon Keske 1 year ago
parent
commit
ac23eb5a6e
Signed by: n0emis GPG Key ID: 00FAF748B777CF10
  1. 13
      README.md
  2. 3
      defaults/main.yml
  3. 1
      tasks/install.yml
  4. 3
      templates/traefik.service.j2
  5. 20
      templates/traefik.yml.j2

13
README.md

@ -21,6 +21,7 @@ Ansible role for a traefik installation without docker
| `traefik_dynamic_config_watch` | Enable/Disable watching for changes in dynamic configuration directory | `yes` |
| `traefik_dynamic_config_files_paths` | List containing paths to dynamic config files | `["traefik/*"]` |
| `traefik_loglevel` | Loglevel specified in traefik.yml | `INFO` |
| `traefik_environment_variables` | A Dict of additional environment options | `{}` |
### Extra Options
#### TLS + Let's Encrypt
@ -53,6 +54,18 @@ traefik_tls_letsencrypt_challenges_tls:
email: "test@example.org"
name: "le_tls" # Name of the certificate resolver
storage: "{{ traefik_base_path }}/acme_tls.json"
# DNS-Challenge
traefik_tls_letsencrypt_challenges_dns:
enable: yes
provider: acme-dns
delay: 0
disablePropagationCheck: "false"
resolvers:
- 1.1.1.1
email: "test@example.org"
name: "le_dns" # Name of the certificate resolver
storage: "{{ traefik_base_path }}/acme_dns.json"
```
And please set the `traefik_default_cert_resovler` to the default cert resolver which you want to use for example for the dashboard.
#### Middlewares

3
defaults/main.yml

@ -11,6 +11,7 @@ traefik_dynamic_config_watch: yes
traefik_dynamic_config_files_paths:
- "traefik/*"
traefik_loglevel: INFO
traefik_environment_variables: {}
traefik_tls:
enable: yes
@ -26,6 +27,8 @@ traefik_tls_letsencrypt_challenges_http:
enable: no
traefik_tls_letsencrypt_challenges_tls:
enable: no
traefik_tls_letsencrypt_challenges_dns:
enable: no
traefik_default_cert_resovler: ""
traefik_middlewares_https_redirect_enable: "{{ traefik_tls.enable }}"

1
tasks/install.yml

@ -32,6 +32,7 @@
template:
src: "traefik.service.j2"
dest: "/etc/systemd/system/{{ traefik_systemd_service_name }}.service"
notify: restart traefik service
- name: Enable/Start systemd service
systemd:

3
templates/traefik.service.j2

@ -8,6 +8,9 @@ Restart=always
AmbientCapabilities=CAP_NET_BIND_SERVICE
User={{ traefik_user }}
Group={{ traefik_group }}
{% for env, val in traefik_environment_variables.items() %}
Environment="{{ env }}={{ val }}"
{% endfor %}
ExecStart={{ traefik_base_path }}/traefik --configfile={{ traefik_config_directory }}/traefik.yml

20
templates/traefik.yml.j2

@ -16,7 +16,7 @@ entryPoints:
{% endif %}
{{ traefik_additional_entrypoints }}
{% if traefik_tls.enable and (traefik_tls_letsencrypt_challenges_http.enable or traefik_tls_letsencrypt_challenges_tls.enable) %}
{% if traefik_tls.enable and (traefik_tls_letsencrypt_challenges_http.enable or traefik_tls_letsencrypt_challenges_tls.enable or traefik_tls_letsencrypt_challenges_dns.enable) %}
certificatesResolvers:
{% if traefik_tls_letsencrypt_challenges_http.enable %}
{{ traefik_tls_letsencrypt_challenges_http.name }}:
@ -33,8 +33,24 @@ certificatesResolvers:
email: "{{ traefik_tls_letsencrypt_challenges_tls.email }}"
storage: "{{ traefik_tls_letsencrypt_challenges_tls.storage }}"
{% endif %}
{% if traefik_tls_letsencrypt_challenges_dns.enable %}
{{ traefik_tls_letsencrypt_challenges_dns.name }}:
acme:
dnsChallenge:
provider: "{{ traefik_tls_letsencrypt_challenges_dns.provider }}"
delayBeforeCheck: "{{ traefik_tls_letsencrypt_challenges_dns.delay | default(0) }}"
disablePropagationCheck: {{ traefik_tls_letsencrypt_challenges_dns.disablePropagationCheck | default("false") }}
{% if traefik_tls_letsencrypt_challenges_dns.resolvers is defined %}
resolvers:
{% for resolver in traefik_tls_letsencrypt_challenges_dns.resolvers | default([]) %}
- {{ resolver }}
{% endfor %}
{% endif %}
email: "{{ traefik_tls_letsencrypt_challenges_dns.email }}"
storage: "{{ traefik_tls_letsencrypt_challenges_dns.storage }}"
{% endif %}
{% endif %}
log:
format: json
level: {{ traefik_loglevel }}
level: {{ traefik_loglevel }}

Loading…
Cancel
Save