refactor: update Traefik configuration and permissions for directories and files

ansible/roles/deploy_container_booklore/templates/docker-compose.yml.j2

@@ -1,7 +1,7 @@
 ---
 services:
   booklore:
-    image: ghcr.io/adityachandelgit/booklore-app:${BOOKLORE_VERSION:-latest}
+    image: booklore/booklore:${BOOKLORE_VERSION:-latest}
     container_name: booklore
     restart: unless-stopped
     depends_on:

ansible/roles/deploy_container_traefik_with_letsencrypt/defaults/main.yml

@@ -3,14 +3,17 @@
 ######################
 container_traefik_url: "traefik.example.com"
 container_traefik_version: "latest"
-container_traefik_basicuser: "admin"
-container_traefik_basicpassword: "changeme"
-container_traefik_http_port: 80
-container_traefik_https_port: 443
+container_traefik_http_port: 8080
+container_traefik_https_port: 8443
 container_traefik_auth: "basic" # Options: basic, sso
 container_traefik_dashboard_enabled: false
 container_traefik_letsencrypt_email: "mail@example.com"
 
+# To create user:password pair for basic Auth, it's possible to use this command:
+# echo $(htpasswd -nB user) | sed -e s/\\$/\\$\\$/g
+container_traefik_basicuser: "admin"
+container_traefik_basicpassword: "changeme"
+
 container_traefik_routers:
   dummy:
     entryPoints: ["https"]

ansible/roles/deploy_container_traefik_with_letsencrypt/tasks/main.yml

@@ -4,6 +4,8 @@
     path: "{{ container_base_dir }}/data/{{ item }}"
     state: directory
     mode: '0755'
+    owner: "{{ ansible_user }}"
+    group: "{{ ansible_user }}"
   loop:
     - "certs"
     - "config.d"
@@ -14,6 +16,8 @@
     path: "{{ container_base_dir }}/data/logs/{{ item }}"
     state: touch
     mode: '0644'
+    owner: "{{ ansible_user }}"
+    group: "{{ ansible_user }}"
   loop:
     - "traefik.log"
     - "access.log"
@@ -23,6 +27,8 @@
     path: "{{ container_base_dir }}/data/certs/{{ item }}"
     state: touch
     mode: '0600'
+    owner: "{{ ansible_user }}"
+    group: "{{ ansible_user }}"
   loop:
     - "acme.json"
 
@@ -39,6 +45,8 @@
     src: "{{ item.src }}"
     dest: "{{ container_base_dir }}/data/{{ item.dest }}"
     mode: '0644'
+    owner: "{{ ansible_user }}"
+    group: "{{ ansible_user }}"
   loop:
     - { src: 'middlewares.yml', dest: 'config.d/middlewares.yml' }
   become: false
@@ -48,16 +56,37 @@
     src: "{{ item.src }}"
     dest: "{{ container_base_dir }}/{{ item.dest }}"
     mode: '0644'
+    owner: "{{ ansible_user }}"
+    group: "{{ ansible_user }}"
   loop:
     - { src: 'docker-compose.yml.j2', dest: 'docker-compose.yml' }
     - { src: '.env.j2', dest: '.env' }
     - { src: 'routers_services.yml.j2', dest: 'data/config.d/routers_services.yml' }
     - { src: 'traefik.yml.j2', dest: 'data/traefik.yml' }
 
+- name: Redirect privileged ports 80 and 443 to 8080 and 8443
+  become: true
+  ansible.builtin.iptables:
+    table: nat
+    chain: PREROUTING
+    protocol: tcp
+    destination_port: "{{ item.src_port }}"
+    jump: REDIRECT
+    to_ports: "{{ item.dst_port }}"
+  loop:
+    - { src_port: 80,  dst_port: "{{ container_traefik_http_port }}" }
+    - { src_port: 443, dst_port: "{{ container_traefik_https_port }}" }
+  when: >
+    (container_traefik_http_port| int != 80) or
+    (container_traefik_https_port | int != 443)
+
 - name: Stop Container
   community.docker.docker_compose_v2:
     project_src: "{{ container_base_dir }}"
     state: absent
+  environment:
+    XDG_RUNTIME_DIR: "/run/user/1000"
+    DOCKER_HOST: "unix:///run/user/1000/docker.sock"
 
 - name: Start Container
   community.docker.docker_compose_v2:
@@ -65,3 +94,6 @@
     state: present
     pull: always
     recreate: always
+  environment:
+    XDG_RUNTIME_DIR: "/run/user/1000"
+    DOCKER_HOST: "unix:///run/user/1000/docker.sock"