Fuck around with a test traefik role.

ansible/roles/test/tasks/main.yml

@@ -7,7 +7,7 @@
   with_items:
     - {src: 'test-compose.yml', dest: '/home/josiah/apps/test/docker-compose.yml'}
     - {src: 'traefik.yml', dest: '/home/josiah/apps/test/traefik.yml'}
-    - {src: 'traefik.toml', dest: '/home/josiah/apps/test/traefik.toml'}
+    # - {src: 'traefik.toml', dest: '/home/josiah/apps/test/traefik.toml'}
 
 - name: Deploy awful stack
   docker_stack:

ansible/roles/test/templates/test-compose.yml

@@ -1,61 +1,26 @@
-version: '3.3'
+version: "3.3"
 
-networks:
-  gitea:
-    external: false
-
-volumes:
-  traefik_acme:
-  traefik_logs:    
-    
 services:
+
   traefik:
-    image: traefik:v2.2
+    image: "traefik:v2.2"
+    container_name: "traefik"
+    ports:
+      - "80:80"
+      - "443:443"
+      - "8080:8080"
     environment:
       DO_AUTH_TOKEN: "{{ DO_AUTH_TOKEN }}"
-    ports:
-      - 80:80/tcp
-      - 443:443/tcp
-      - 8080:8080/tcp
     volumes:
-      - traefik_acme:/acme
-      - traefik_logs:/log
-      - /var/run/docker.sock:/var/run/docker.sock
-      - /home/josiah/apps/test/traefik.toml:/etc/traefik/traefik.toml
-    deploy:
-      mode: global      
-      placement:
-        constraints:
-          - node.role == manager
-    labels:
-      - "traefik.enable=true"
+      - "/home/josiah/apps/test/letsencrypt/:/letsencrypt"
+      - "/var/run/docker.sock:/var/run/docker.sock:ro"
+      - "/home/josiah/apps/test/traefik.yml:/etc/traefik/traefik.yml"
 
-      # Dashboard      
-      - "traefik.http.routers.awfulAll-traefik-api.rule=Host(`awful-1.awful.club`)&&(PathPrefix(`/dashboard`)"
-      - "traefik.http.routers.awfulAll-traefik-api.service=api@internal"
-      - "traefik.http.routers.awfulAll-traefik-api.entryPoint=https"
-      - "traefik.http.routers.awfulAll-traefik-api.tls.certresolver=awfulAll-resolver"
-      - "traefik.http.routers.awfulAll-traefik-api.tls=true"
-
-  awfulAll-whoami:
-    image: containous/whoami:latest
-    
+  whoami:
+    image: "containous/whoami"
+    container_name: "simple-service"
     labels:
       - "traefik.enable=true"
-      - "traefik.http.routers.awfulAll-whoami.rule=Host(`whoami.awful.club`)"
-      - "traefik.http.routers.awfulAll-whoami.service=awfulAll-whoami"
-      - "traefik.http.routers.awfulAll-whoami.entryPoint=https"
-      - "traefik.http.routers.awfulAll-whoami.tls.certresolver=awfulAll-resolver"
-      - "traefik.http.routers.awfulAll-whoami.tls=true"            
-
-  # root-handlers:
-  #   image: nginx:1.18
-  #   labels:
-  #     - "traefik.enable=true"
-  #     - "traefik.http.routers.awfulAll-whoami.rule=Host(`whoami.awful.club`)"
-  #     - "traefik.http.routers.awfulAll-whoami.service=awfulAll-whoami"
-  #     - "traefik.http.routers.awfulAll-whoami.entryPoints=https"
-  #     - "traefik.http.routers.awfulAll-whoami.tls.certresolver=awfulAll-resolver"
-  #     # - "traefik.http.services.awfulAll-whoami.loadbalancer.server.port=443"      
-  #   volumes:
-  #     - /home/josiah/apps/nginx:/etc/nginx/conf.d
+      - "traefik.http.routers.whoami.rule=Host(`whoami.awful.club`)"
+      - "traefik.http.routers.whoami.entrypoints=websecure"
+      - "traefik.http.routers.whoami.tls.certresolver=awful-letsencrypt"

ansible/roles/test/templates/traefik.toml

@@ -1,40 +0,0 @@
-# defaultEntryPoints must be at the top
-# because it should not be in any table below
-
-defaultEntryPoints = ["http", "https"]
-
-[log]
-  level = "DEBUG"
-
-[api]
-  dashboard = true
-  insecure = false
-
-[entryPoints]
-  [entryPoints.http]
-    address = ":80"
-  [entryPoints.https]
-    address = ":443"
-
-[http.middlewares]
-  [http.middlewares.awfulAll-https-redir.redirectScheme]
-    scheme = "https"
-    permanent = true
-
-[certificatesResolvers.awfulAll-resolver.acme]
-  storage = "/acme/acme.json"
-  email = "me@jowj.net"
-  caServer = "https://acme-staging-v02.api.letsencrypt.org/directory"
-  
-  [certificatesResolvers.awfulAll-resolver.acme.dnsChallenge]
-    provider = "digitalocean"
-
-
-[providers.docker]
-
-[docker]
-  endpoint = "unix:///var/run/docker.sock"
-  watch = true
-  exposedbydefault = false
-
-

ansible/roles/test/templates/traefik.yml

@@ -6,34 +6,34 @@ global:
   checkNewVersion: true
   sendAnonymousUsage: true
 api:
-  dashboard: true
+  dashboard: false
   debug: true
   insecure: false
 entryPoints:
   ssh:
     address: ":22"
-  http:
+  web:
     address: ":80"
-  https:
+  websecure:
     address: ":443"
 
 providers:
   docker:
     watch: true
-    swarmMode: true
+    swarmMode: false
     endpoint: "unix:///var/run/docker.sock"
     exposedbydefault: false
 certificatesResolvers:
-  letsencrypt:
+  awful-letsencrypt:
     acme:
       email: "me@jowj.net"
-      storage: "/acme/acme.json"
-      caServer: "https://acme-staging-v02.api.letsencrypt.org/directory"
+      storage: "/letsencrypt/acme.json"
+      # caServer: "https://acme-staging-v02.api.letsencrypt.org/directory"
       dnsChallenge:
         provider: "digitalocean"
 log:
-  # filePath: "/log/traefik.log"
+  filePath: "/log/traefik.log"
   level: DEBUG
-# accessLog:
-#   filePath: "/log/access.log"
-#   bufferingSize: 100
+accessLog:
+  filePath: "/log/access.log"
+  bufferingSize: 100