WIP: broken, doesn't work.

ansible/roles/test/tasks/main.yml

@@ -5,12 +5,13 @@
     dest: "{{ item.dest }}"
     mode: 0777
   with_items:
-    - {src: 'test-compose.yml', dest: '/home/josiah/apps/traefik/docker-compose.yml'}
-    - {src: 'traefik.toml', dest: '/home/josiah/apps/traefik/traefik.toml'}    
+    - {src: 'test-compose.yml', dest: '/home/josiah/apps/test/docker-compose.yml'}
+    - {src: 'traefik.yml', dest: '/home/josiah/apps/test/traefik.yml'}
+    - {src: 'traefik.toml', dest: '/home/josiah/apps/test/traefik.toml'}
 
 - name: Deploy awful stack
   docker_stack:
     state: present
     name: test
     compose:
-      - /home/josiah/apps/awful/docker-compose.yml
+      - /home/josiah/apps/test/docker-compose.yml

ansible/roles/test/templates/test-compose.yml

@@ -1,9 +1,8 @@
-version: '3'
+version: '3.3'
 
 networks:
   gitea:
     external: false
-  pubnet:
 
 volumes:
   traefik_acme:
@@ -12,35 +11,51 @@ volumes:
 services:
   traefik:
     image: traefik:v2.2
-    networks:
-      - pubnet    
-    command: --web --docker --docker.swarmmode --docker.watch --logLevel=DEBUG
+    environment:
+      DO_AUTH_TOKEN: "{{ DO_AUTH_TOKEN }}"
     ports:
-      - 80:80
-      - 443:443
-      - 5000:5000
+      - 80:80/tcp
+      - 443:443/tcp
+      - 8080:8080/tcp
     volumes:
-      - traefik_acme:/acme/
-      - traefik_logs:/var/log/access.log
+      - traefik_acme:/acme
+      - traefik_logs:/log
       - /var/run/docker.sock:/var/run/docker.sock
-      - /home/josiah/apps/traefik/traefik.toml:/traefik.toml
+      - /home/josiah/apps/test/traefik.toml:/etc/traefik/traefik.toml
     deploy:
       mode: global      
       placement:
         constraints:
           - node.role == manager
     labels:
-      - "traefik.enable=true"    
-      - "traefik.http.routers.awfulAll-traefik-api.rule=Host(`awful-1.awful.club`)&&(PathPrefix(`/api`)||PathPrefix(`/dashboard`)||PathPrefix(`/debug`))"
+      - "traefik.enable=true"
+
+      # Dashboard      
+      - "traefik.http.routers.awfulAll-traefik-api.rule=Host(`awful-1.awful.club`)&&(PathPrefix(`/dashboard`)"
       - "traefik.http.routers.awfulAll-traefik-api.service=api@internal"
-      - "traefik.http.routers.awfulAll-traefik-api.entrypoints=http"
+      - "traefik.http.routers.awfulAll-traefik-api.entryPoint=https"
+      - "traefik.http.routers.awfulAll-traefik-api.tls.certresolver=awfulAll-resolver"
+      - "traefik.http.routers.awfulAll-traefik-api.tls=true"
 
-  whoami:
+  awfulAll-whoami:
     image: containous/whoami:latest
-    networks:
-      - pubnet
+    
     labels:
       - "traefik.enable=true"
       - "traefik.http.routers.awfulAll-whoami.rule=Host(`whoami.awful.club`)"
       - "traefik.http.routers.awfulAll-whoami.service=awfulAll-whoami"
-      - "traefik.http.services.awfulAll-whoami.loadbalancer.server.port=80"      
+      - "traefik.http.routers.awfulAll-whoami.entryPoint=https"
+      - "traefik.http.routers.awfulAll-whoami.tls.certresolver=awfulAll-resolver"
+      - "traefik.http.routers.awfulAll-whoami.tls=true"            
+
+  # root-handlers:
+  #   image: nginx:1.18
+  #   labels:
+  #     - "traefik.enable=true"
+  #     - "traefik.http.routers.awfulAll-whoami.rule=Host(`whoami.awful.club`)"
+  #     - "traefik.http.routers.awfulAll-whoami.service=awfulAll-whoami"
+  #     - "traefik.http.routers.awfulAll-whoami.entryPoints=https"
+  #     - "traefik.http.routers.awfulAll-whoami.tls.certresolver=awfulAll-resolver"
+  #     # - "traefik.http.services.awfulAll-whoami.loadbalancer.server.port=443"      
+  #   volumes:
+  #     - /home/josiah/apps/nginx:/etc/nginx/conf.d

ansible/roles/test/templates/traefik.toml

@@ -8,6 +8,7 @@ defaultEntryPoints = ["http", "https"]
 
 [api]
   dashboard = true
+  insecure = false
 
 [entryPoints]
   [entryPoints.http]
@@ -16,13 +17,17 @@ defaultEntryPoints = ["http", "https"]
     address = ":443"
 
 [http.middlewares]
-  [http.middlewares.mediaserver-https-redir.redirectScheme]
+  [http.middlewares.awfulAll-https-redir.redirectScheme]
     scheme = "https"
     permanent = true
 
-[certificatesResolvers.mediaserver-resolver.acme]
-  storage = "/acme.json"
-  email = "<me@jowj.net>"
+[certificatesResolvers.awfulAll-resolver.acme]
+  storage = "/acme/acme.json"
+  email = "me@jowj.net"
+  caServer = "https://acme-staging-v02.api.letsencrypt.org/directory"
+  
+  [certificatesResolvers.awfulAll-resolver.acme.dnsChallenge]
+    provider = "digitalocean"
 
 
 [providers.docker]
@@ -31,3 +36,5 @@ defaultEntryPoints = ["http", "https"]
   endpoint = "unix:///var/run/docker.sock"
   watch = true
   exposedbydefault = false
+
+

ansible/roles/test/templates/traefik.yml

@@ -0,0 +1,39 @@
+# defaultEntryPoints must be at the top
+# because it should not be in any table below
+defaultEntryPoints: ["http", "https"]
+
+global:
+  checkNewVersion: true
+  sendAnonymousUsage: true
+api:
+  dashboard: true
+  debug: true
+  insecure: false
+entryPoints:
+  ssh:
+    address: ":22"
+  http:
+    address: ":80"
+  https:
+    address: ":443"
+
+providers:
+  docker:
+    watch: true
+    swarmMode: true
+    endpoint: "unix:///var/run/docker.sock"
+    exposedbydefault: false
+certificatesResolvers:
+  letsencrypt:
+    acme:
+      email: "me@jowj.net"
+      storage: "/acme/acme.json"
+      caServer: "https://acme-staging-v02.api.letsencrypt.org/directory"
+      dnsChallenge:
+        provider: "digitalocean"
+log:
+  # filePath: "/log/traefik.log"
+  level: DEBUG
+# accessLog:
+#   filePath: "/log/access.log"
+#   bufferingSize: 100