traefik-https (#5): NOW it works as expected; improved traefik-refact…

…oring-to-yml (#6)

ansible/inventories/etica.dev/hosts.yml

@@ -22,7 +22,7 @@ all:
 
     traefik_version: "2.2.0"
     traefik_arch: "linux_amd64"
-    # traefik_force_reinstall: yes
+    traefik_force_reinstall: yes
     traefik_conf_yml: "{{ playbook_dir }}/../inventories/etica.dev/traefik/traefik.yml"
 
     # traefik_api_dashboard: true

ansible/inventories/etica.dev/traefik/traefik.yml

@@ -1 +1,50 @@
+---
 # See https://github.com/containous/traefik/blob/master/docs/content/reference/static-configuration/file.yaml
+# See https://docs.traefik.io/user-guides/docker-compose/basic-example/
+# See https://docs.traefik.io/user-guides/docker-compose/acme-tls/
+
+# TODO: this fine, if on the inventory dir, will return errors; Fix this
+#       layout structure later (fititnt, 2020-04-07 00:29 BRT)
+
+global:
+  checkNewVersion: true
+  sendAnonymousUsage: false
+
+entryPoints:
+  web:
+    address: ":80"
+  websecure:
+    address: ":443"
+log:
+  level: "DEBUG" # level: "ERROR"
+
+api:
+  insecure: true
+  dashboard: true
+  debug: true
+
+ping:
+  entryPoint: traefik
+
+providers:
+  docker:
+    endpoint: "unix:///var/run/docker.sock"
+    exposedByDefault: true
+
+certificatesresolvers:
+  letsencrypt:
+    acme:
+      email: [email protected]
+      storage: /etc/traefik/acme.json
+      tlschallenge: true
+      # Use the Let's Encrypt test server
+      # caserver: "https://acme-staging-v02.api.letsencrypt.org/directory"
+
+  # This is an example. The DNS challange needs tokens depending of the provider
+  # @see https://docs.traefik.io/user-guides/docker-compose/acme-dns/
+  letsencryptDns:
+    acme:
+      email: [email protected]
+      storage: /etc/traefik/acme.json
+      dnschallenge:
+        provider: "ovh" # cloudflare, digitalocean, ...

ansible/playbooks/docker-full-stack-start.yml

@@ -33,8 +33,9 @@
         project_src: "{{ ansible_env.HOME }}/full-stack/"
         state: present
         services:
-          - hello
-          - hxl-proxy
+        #  - hello
+          - whoami
+        #  - hxl-proxy
       register: output
 
     - name: "docker-full-stack-start | services result"

ansible/playbooks/roles/traefik/defaults/main.yml

@@ -10,6 +10,7 @@ traefik_install_base: "/usr/local/bin/"
 # traefik_conf_yml: "{{ role_path }}/templates/traefik.yml.j2"
 # Please use something like:
 # traefik_conf_yml: "{{ playbook_dir }}/inventories/etica.dev/traefik/traefik.yml"
+# traefik_systemd_service_template: "" # You can also customize the systemd service template
 
 # To force reinstall / update the traefik, please set this to yes
 traefik_force_reinstall: no

ansible/playbooks/roles/traefik/tasks/install.yml

@@ -19,7 +19,7 @@
   file:
     path: "/etc/traefik/acme.json"
     state: touch
-    mode: '0750'
+    mode: '0600'
   # become: yes
 
 - name: "Download {{ traefik_download_url }}"
@@ -37,7 +37,8 @@
 
 - name: "Create systemd service"
   template:
-    src: "traefik.service.j2"
+    # src: "traefik.service.j2"
+    src: "{{ traefik_systemd_service_template | default('traefik.service.j2') }}"
     dest: "/etc/systemd/system/traefik.service"
     mode: 0664
   notify:

ansible/playbooks/roles/traefik/templates/traefik.service.j2

@@ -17,7 +17,8 @@ After=network-online.target
 
 # configure service behavior
 Type=notify
-ExecStart=/usr/local/bin/traefik --configFile=/etc/traefik/traefik.toml
+#ExecStart=/usr/local/bin/traefik --configFile=/etc/traefik/traefik.toml
+ExecStart=/usr/local/bin/traefik --configFile=/etc/traefik/traefik.yml
 Restart=always
 WatchdogSec=1s
 

docker/full-stack/docker-compose.yml

@@ -7,26 +7,31 @@ version: "3"
 services:
   # hxldash:
 
-  hello:
-    image: nginxdemos/hello
-    labels:
-      - traefik.http.routers.http.rule=Host(`hello.hxl.etica.dev`)
-      - traefik.http.routers.https.rule=Host(`hello.hxl.etica.dev`)
-      - traefik.http.routers.https.entrypoints=https
-      - traefik.http.routers.https.tls=true
-      # - traefik.http.routers.https.tls.certresolver=letsencrypt
+  # hello:
+  #   image: nginxdemos/hello
+  #   labels:
+  #     - traefik.http.routers.http.rule=Host(`hello.hxl.etica.dev`)
+  #     - traefik.http.routers.https.rule=Host(`hello.hxl.etica.dev`)
+  #     - traefik.http.routers.https.entrypoints=https
+  #     - traefik.http.routers.https.tls=true
+  #     # - traefik.http.routers.https.tls.certresolver=letsencrypt
 
   whoami:
     image: containous/whoami
     container_name: whoami
     labels:
-      - traefik.http.routers.http.rule=Host(`${DOMAIN}`)
-      - traefik.http.routers.http.entrypoints=http
-      - traefik.http.routers.http.middlewares=redirect
-      - traefik.http.routers.https.rule=Host(`${DOMAIN}`)
-      - traefik.http.routers.https.entrypoints=https
-      - traefik.http.routers.https.tls=true
+      - "traefik.enable=true"
+      - "traefik.http.routers.whoami.rule=Host(`whoami.hxl.etica.dev`)"
+      - "traefik.http.routers.whoami.entrypoints=web,websecure"
+      - "traefik.http.routers.whoami.tls.certresolver=letsencrypt"
+      # - traefik.http.routers.http.rule=Host(`${DOMAIN}`)
+      # - traefik.http.routers.http.entrypoints=web,websecure
+      # - traefik.http.routers.http.middlewares=redirect
+      # - traefik.http.routers.https.rule=Host(`${DOMAIN}`)
+      # - traefik.http.routers.https.entrypoints=https
+      # - traefik.http.routers.https.tls=true
       # - traefik.http.routers.https.tls.certresolver=${HTPPS_CERTIFICATE_RESOLVER}
+      # - traefik.http.routers.http.entrypoints=web,websecure
 
   hxl-proxy:
     # image: unocha/hxl-proxy:latest