Skip to content
Permalink
Branch: master
Find file Copy path
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
80 lines (74 sloc) 2.69 KB
---
# tasks file for docker_traefik
- name: install python docker
pip:
name:
- pip
- passlib
- bcrypt
state: latest
- name: ensures traefik dir exists
file:
path: "{{ traefik_config_dir }}"
state: directory
owner: root
group: "{{ ansible_env.SUDO_USER | default('root') }}"
- name: ensures acme.json file exists
file:
path: "{{ traefik_config_dir }}/acme.json"
state: touch
owner: root
group: root
mode: 0600
- name: adding traefik.toml file
template:
src: traefik.toml.j2
dest: "{{ traefik_config_dir }}/traefik.toml"
owner: root
group: root
- name: "{{ 'Create' if (state is undefined or 'absent' not in state) else 'Terminate' }} the traefik container"
docker_container:
name: traefik
image: traefik:{{ docker_traefik_image | default('latest') }}
restart_policy: unless-stopped
networks:
- name: frontend
- name: backend
networks_cli_compatible: true
ports:
- "80:80"
- "443:443"
volumes:
- "{{ traefik_config_dir }}/traefik.toml:/etc/traefik/traefik.toml"
- "{{ traefik_config_dir }}/acme.json:/acme.json"
- /var/run/docker.sock:/var/run/docker.sock
labels:
traefik.frontend.rule: "Host:{{ nextcloud_server_fqdn }}; PathPrefixStrip:/traefik"
traefik.docker.network: "frontend"
traefik.port: "8080"
traefik.enable: "true"
traefik.frontend.headers.referrerPolicy: "no-referrer"
traefik.frontend.headers.SSLRedirect: "true"
traefik.frontend.headers.STSSeconds: "315360000"
traefik.frontend.headers.browserXSSFilter: "true"
traefik.frontend.headers.contentTypeNosniff: "true"
traefik.frontend.headers.forceSTSHeader: "true"
traefik.frontend.headers.STSIncludeSubdomains: "true"
traefik.frontend.headers.STSPreload: "true"
traefik.frontend.headers.frameDeny: "true"
traefik.frontend.whiteList.useXForwardedFor: "true"
com.centurylinklabs.watchtower.enable: "true"
state: "{{ state | default('started') }}"
register: traefik_facts
- name: "{{ 'Create' if (state is undefined or 'absent' not in state) else 'Terminate' }} the traefik cert dumper container"
docker_container:
name: certdumper
image: svendowideit/traefik-certdumper:latest
restart_policy: unless-stopped
volumes:
- '{{ traefik_config_dir }}:/traefik'
purge_networks: true
labels:
traefik.enable: "false"
com.centurylinklabs.watchtower.enable: "true"
when: ansible_architecture == 'x86_64'
You can’t perform that action at this time.