You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Leo Maroni 31fd659079
"fixed" tests
2 years ago
defaults First working version 2 years ago
handlers First working version 2 years ago
meta First working version 2 years ago
tasks First working version 2 years ago
templates First working version 2 years ago
tests "fixed" tests 2 years ago
.travis.yml First working version 2 years ago
LICENCE First working version 2 years ago
README.md First working version 2 years ago

README.md

Ansible role for Traefik

Ansible role for a traefik installation without docker

Requirements

  • An e-mail address when using letsencrypt

Role Variables

Variable Name Function Default value Comment
traefik_user User created for running the traefik service traefik
traefik_group Group for the user created for the traefik service {{ traefik_user }}
traefik_version Version of traefik that is going to be installed (required)
traefik_source Source of the wekan Installtion package https://github.com/containous/traefik/releases/download/{{ traefik_version }}/traefik_{{ traefik_version }}_linux_amd64.tar.gz
traefik_systemd_service_name The name of the systemd service file traefik
traefik_base_path Installation base path /opt/traefik Without trailing slash
traefik_config_directory Configuration directory path {{ traefik_base_path }}/config Without trailing slash
traefik_dynamic_config_directory Dynamic configuration directory path {{ traefik_config_directory }}/dynamic Without trailing slash
traefik_dynamic_config_watch Enable/Disable watching for changes in dynamic configuration directory yes
traefik_loglevel Loglevel specified in traefik.yml INFO

Extra Options

TLS + Let's Encrypt

By default, TLS is enabled with the following config.

traefik_tls:
  enable: yes
  min_verison: "VersionTLS12"
  ciphersuites:
    - "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"
    - "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"
    - "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"
    - "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"
    - "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305"
    - "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305"

But no letsencrypt challenges are activated by default. Supported are HTTP and TLS Challenges. You only have to use one, but you can use more. For all is an example in the following code block.

# HTTP-Challenge
traefik_tls_letsencrypt_challenges_http:
  enable: yes
  email: "test@example.org"
  name: "le_http" # Name of the certificate resolver
  entryPoint: "http"
  storage: "{{ traefik_base_path }}/acme_http.json"

# TLS-Challenge
traefik_tls_letsencrypt_challenges_tls:
  enable: yes
  email: "test@example.org"
  name: "le_tls" # Name of the certificate resolver
  storage: "{{ traefik_base_path }}/acme_tls.json"

And please set the traefik_default_cert_resovler to the default cert resolver which you want to use for example for the dashboard.

Middlewares

HTTPS-Redirect

The HTTPS-Redirect middleware is activated by default when TLS is activated with the name https_redirect, which can be modified with the traefik_middlewares_https_redirect_name variable. If you wanna disable this middleware use the following environment variable.

traefik_middlewares_https_redirect_enable: no
Dashboard Basic Authentication

By default this middleware is deactivated, so anybody can access the traefik dashboard. But you can enable this middleware with the following variable. If you activate the middleware and also enable the traefik_dashboard variable, the middleware will be used.

traefik_middlewares_dashboard_authentication:
  enable: yes
  name: "dashboard_authentication"
  realm: "Traefik Dashboard"
  remove_header: yes
  users:
    - "username:$apr1$Kpsun2tt$O2uS3psQlKasIpO1JqSza1" # Password can be generated by htpasswd tool
CORS
traefik_middlewares_cors:
  enable: yes
  name: "cors"
  add_vary_header: yes
  allow_credentials: yes
  allow_origin: "*"

Dashboard

The default is that traefik dashboard is enabled and listens on traefik.{{ ansible_fqdn }}, as shown below.

traefik_dashboard:
  enable: yes
  rule: "Host(`traefik.{{ ansible_fqdn }}`)"
  name: "internal_dashboard"
  tls_cert_resolver: "{{ traefik_default_cert_resovler }}"
  https_redirect: yes
  additional_middlewares: []

Other

Providers

Your can specify additional providers via the traefik_additional_providers ansible variable. This is directly passed into traefik.yml

EntryPoints

You can specify additional entryPoints via the traefik_additional_entrypoints ansible variable. This is directly passed into traefik.yml

traefik_additional_entrypoints: |
  entryPointName:
      address: ":222"  

Dependencies

This role does not have any dependencies.

Example Playbook

Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too:

- hosts: servers
  roles:
     - { role: em0lar.traefik, traefik_version: "v2.2.0"}

License

GPL-3.0