mirror of
https://github.com/RealOrangeOne/infrastructure.git
synced 2026-01-23 02:14:14 +00:00
Install traefik on grimes
This commit is contained in:
Jake Howard
parent
0cdaad4146
commit
695636582a
5 changed files with 20 additions and 6 deletions
|
|
@ -1,5 +1,6 @@
|
|||
private_ip: "{{ pve_hosts.docker.ip }}"
|
||||
|
||||
traefik_tls_challenge: true
|
||||
traefik_provider_jellyfin: true
|
||||
traefik_provider_homeassistant: true
|
||||
traefik_provider_grafana: true
|
||||
|
|
|
|||
|
|
@ -49,6 +49,7 @@
|
|||
|
||||
- hosts:
|
||||
- pve-docker
|
||||
- grimes
|
||||
roles:
|
||||
- traefik
|
||||
|
||||
|
|
|
|||
|
|
@ -2,3 +2,4 @@ traefik_provider_jellyfin: false
|
|||
traefik_provider_homeassistant: false
|
||||
traefik_provider_grafana: false
|
||||
traefik_provider_uptime_kuma: false
|
||||
traefik_tls_challenge: false
|
||||
|
|
|
|||
|
|
@ -3,7 +3,7 @@ services:
|
|||
image: traefik:v3
|
||||
user: "{{ docker_user.id }}"
|
||||
environment:
|
||||
- GANDIV5_PERSONAL_ACCESS_TOKEN={{ vault_gandi_personal_access_token }}
|
||||
- GANDIV5_PERSONAL_ACCESS_TOKEN={{ vault_gandi_personal_access_token if traefik_tls_challenge else "" }}
|
||||
volumes:
|
||||
- ./traefik:/etc/traefik
|
||||
restart: unless-stopped
|
||||
|
|
|
|||
|
|
@ -6,11 +6,11 @@ entryPoints:
|
|||
entryPoint:
|
||||
to: web-secure
|
||||
scheme: https
|
||||
{% if ansible_hostname == "docker" %}
|
||||
proxyProtocol:
|
||||
trustedIPs:
|
||||
- "{{ wireguard.cidr }}"
|
||||
- "{{ pve_hosts.internal_cidr }}"
|
||||
- "{{ tailscale_cidr }}"
|
||||
- "{{ pve_hosts.ingress.ip }}/32"
|
||||
{% endif %}
|
||||
web-secure:
|
||||
address: :443
|
||||
http:
|
||||
|
|
@ -19,7 +19,8 @@ entryPoints:
|
|||
- compress@file
|
||||
- secure-headers@file
|
||||
tls:
|
||||
certResolver: le
|
||||
certResolver: "{{ 'acme-tls' if traefik_tls_challenge else 'acme-http' }}"
|
||||
{% if traefik_tls_challenge %}
|
||||
domains:
|
||||
- main: theorangeone.net
|
||||
sans: ["*.theorangeone.net"]
|
||||
|
|
@ -27,12 +28,15 @@ entryPoints:
|
|||
sans: ["*.jakehoward.tech"]
|
||||
- main: 0rng.one
|
||||
sans: ["*.0rng.one"]
|
||||
{% endif %}
|
||||
{% if ansible_hostname == "docker" %}
|
||||
proxyProtocol:
|
||||
trustedIPs:
|
||||
- "{{ pve_hosts.ingress.ip }}/32"
|
||||
forwardedHeaders:
|
||||
trustedIPs:
|
||||
- "{{ wireguard.server.ip }}/32" # This is obtained from the connecting `proxy_protocol`
|
||||
{% endif %}
|
||||
transport:
|
||||
respondingTimeouts:
|
||||
readTimeout: 180s
|
||||
|
|
@ -56,7 +60,7 @@ api:
|
|||
disableDashboardAd: true
|
||||
|
||||
certificatesResolvers:
|
||||
le:
|
||||
acme-tls:
|
||||
acme:
|
||||
email: "{{ vault_letsencrypt_email }}"
|
||||
storage: /etc/traefik/acme.json
|
||||
|
|
@ -66,6 +70,13 @@ certificatesResolvers:
|
|||
resolvers:
|
||||
- 9.9.9.9:53
|
||||
- 149.112.112.112:53
|
||||
acme-http:
|
||||
acme:
|
||||
email: "{{ vault_letsencrypt_email }}"
|
||||
storage: /etc/traefik/acme.json
|
||||
httpChallenge:
|
||||
entryPoint: web
|
||||
|
||||
|
||||
serversTransport:
|
||||
insecureSkipVerify: true
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue