Ansible role to manage traefik in a docker.
The main goal is to be able to deploy services with traefik as a basic reverse proxy that provide tls encryption through letsencrypt.
This role will generate the docker-compose file, the configurations files and the needed directories in order to deploy Traefik with docker-compose.
Depending on configuration you could either use static definition throught ansible inventories or use dynamic inclusion of docker services through docker labels.
This playbook is working with latest traefik version 2, and use yaml file for configuration (see traefik migration v1 to v2).
If you want to use an old traefik version you can check the traefik-v1.7 branch version
In order to have an efficient reverse proxy with ssl encryptions, traefik is a great solution, this playbook ease the maintenance of your services and traefik definitions.
This traefik installation is by default supposed to work with docker (and you can disbale it), so if you set your labels properly on your docker containers, they should be taken into account by traefik. You can also work with static definition, as long as you are within the same network, you should have your services properly mapped with ssl encryption.
By default, there is a global middleware to reirect traefik from http to https, this part from traefik is a bit hacky and should evolve in the future, as many discussions are ongoing on how to do it properly.
docker-ce
pip install docker
pip install docker-compose
View main role variables.
Define static service configuration with specific variables in your inventory file.
Example:
all:
hosts:
some_server:
ansible_host: some-server
ansible_user: hoauser
children:
traefik:
hosts:
# localhost:
some_server:
ansible_user: hoauser
traefik_config:
http_port: "18080"
logs:
root: "/tmp/"
certificates:
email: "jc+{{ inventory_hostname }}@example.com"
traefik_services:
- name: some_docker_service
backends:
servers:
some_docker_service:
url: http://172.18.0.2:8080
frontends:
servers:
some_docker_service:
backend: some_docker_service
pass_host_header: yes
routes:
test0:
rule: "Host(`some-docker-service.example.com`)"
Configuration is merged with the default role variables, see ansible config file.
Here we will deploy traefik through docker on some_server, there will be one service some_docker_service. Here we have one service called some_docker_service running possibly through docker, with the internal IP 172.18.0.2. We override some global variables, for example the logs root path, so that logs are available in /tmp/
In case you want to reset the static services directory use the tag clean-static-conf:
ansible-playbook setup-traefik.yml -i my-hosts.yml --tags "clean-static-conf"
Then run the playbook as usual.
You can access the traefik dashboard by setting the boolean api_enabled for your host
traefik_config:
api_enabled: true
Configure your inventory to have a list of server under traefik, then run the playbook, see setup-traefik.yml as an example:
- hosts: traefik
name: configure traefik
roles:
- ansible-docker-traefik
You can work with self signed certifcates, you will have to generate them and place them in the root of your playbook.
MIT