Skull-IT/iac_stack
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
iac_stack/ansible/roles/deploy_container_traefik_with_letsencrypt
History
= 9f8b762fa7 refactor: update Traefik configuration and permissions for directories and files
2025-08-17 22:24:41 +02:00
..
defaults refactor: update Traefik configuration and permissions for directories and files 2025-08-17 22:24:41 +02:00
files add new container 2025-08-13 17:43:37 +02:00
handlers add new container 2025-08-13 17:43:37 +02:00
meta add new container 2025-08-13 17:43:37 +02:00
tasks refactor: update Traefik configuration and permissions for directories and files 2025-08-17 22:24:41 +02:00
templates add new container 2025-08-13 17:43:37 +02:00
vars add new container 2025-08-13 17:43:37 +02:00
README.md add new container 2025-08-13 17:43:37 +02:00

README.md

Role: deploy_container_traefik

Purpose

This role deploys and configures a Traefik reverse proxy using Docker Compose.
It supports TLS, host-specific certificates, and renders all configuration files using Jinja2 templates.
The configuration includes a fallback router/service to ensure safe defaults.

Variables

Default Variables (defaults/main.yml)


container_traefik_create_network: true
container_traefik_subnet: 192.168.222.0/24
container_traefik_gateway: 192.168.222.1

container_traefik_url: "traefik.example.com"
container_traefik_version: "latest"

# Create with: echo $(htpasswd -nB user) | sed -e s/\\$/\\$\\$/g
container_traefik_basicuser: "admin"
container_traefik_basicpassword: "changeme"

container_traefik_http_port: 80
container_traefik_https_port: 443

# Dummy router/service to avoid template errors if nothing is defined
container_traefik_routers:
  dummy:
    entryPoints: ["https"]
    rule: "Host(`dummy.local`)"
    service: dummy
    tls: true

container_traefik_services:
  dummy:
    loadBalancer:
      servers:
        - url: "https://127.0.0.1:443"
      passHostHeader: true

Static Variables (vars/main.yml)

container_traefik_base_dir: /opt/docker/traefik

Role Usage

- name: Deploy Traefik container
  hosts: traefik
  roles:
    - role: container_traefik
      vars:
        container_traefik_url: "traefik.example.com"
        container_traefik_basicuser: "admin"
        container_traefik_basicpassword: "$2y$05$<bcrypt_hash>"

Requirements

  • Linux system (tested on Debian)
  • Docker Engine
  • Docker Compose v2 plugin (docker compose CLI)
  • Ansible 2.11 or higher
  • community.docker collection

Install the required collection:

ansible-galaxy collection install community.docker

Or via requirements.yml:

collections:
  - name: community.docker
    version: ">=3.4.0"

Host-Specific Certificates

Location: host_files/<inventory_hostname>/certs/

Required files:

  • wildcard.crt
  • wildcard.key

Handlers

  • Stop traefik container
  • Start traefik container

Rendered Templates

Template File Description
docker-compose.yml.j2 Docker Compose definition
.env.j2 Environment variable file
traefik.yml.j2 Main Traefik config (static)
tls.yml.j2 TLS certificate reference
routers_services.yml.j2 Static routers and services config

Authors