diff --git a/ansible/inventories/.gitignore b/ansible/inventories/.gitignore deleted file mode 100644 index 87bc852..0000000 --- a/ansible/inventories/.gitignore +++ /dev/null @@ -1,3 +0,0 @@ -#* -#!etica.dev/ -#!.gitignore diff --git a/ansible/inventories/etica.dev/traefik/traefik.yml b/ansible/inventories/etica.dev-extras/traefik/traefik.yml similarity index 74% rename from ansible/inventories/etica.dev/traefik/traefik.yml rename to ansible/inventories/etica.dev-extras/traefik/traefik.yml index a33527c..79be06f 100644 --- a/ansible/inventories/etica.dev/traefik/traefik.yml +++ b/ansible/inventories/etica.dev-extras/traefik/traefik.yml @@ -3,9 +3,6 @@ # See https://docs.traefik.io/user-guides/docker-compose/basic-example/ # See https://docs.traefik.io/user-guides/docker-compose/acme-tls/ -# TODO: this fine, if on the inventory dir, will return errors; Fix this -# layout structure later (fititnt, 2020-04-07 00:29 BRT) - global: checkNewVersion: true sendAnonymousUsage: false @@ -15,6 +12,20 @@ entryPoints: address: ":80" websecure: address: ":443" + +## TODO: learn how to implement middlewares on Traefik 2.2 and then do an default +# redirect http to https that could be referenced on docker-compose +# containers (fititnt, 2020-04-07 01:34) + +# @see https://docs.traefik.io/middlewares/redirectscheme/ +# Redirect to https +# http: +# middlewares: +# test-redirectscheme: +# redirectScheme: +# scheme: https +# #permanent: true + log: level: "DEBUG" # level: "ERROR" diff --git a/ansible/inventories/etica.dev/hosts.yml b/ansible/inventories/etica.dev/hosts.yml index 9d6a9a8..10a0220 100644 --- a/ansible/inventories/etica.dev/hosts.yml +++ b/ansible/inventories/etica.dev/hosts.yml @@ -23,19 +23,7 @@ all: traefik_version: "2.2.0" traefik_arch: "linux_amd64" traefik_force_reinstall: yes - traefik_conf_yml: "{{ playbook_dir }}/../inventories/etica.dev/traefik/traefik.yml" - - # traefik_api_dashboard: true - # traefik_api_insecure: true - - # traefik_acme_enabled: true - # traefik_acme_email: "no-reply@hxl.etica.dev" - - ## To force reinstall / update the traefik, please set this to yes - # traefik_force_reinstall: yes - # traefik_force_reinstall: yes - # traefik_debug_devel: yes - # trafik_log_level: "DEBUG" + traefik_conf_yml: "{{ playbook_dir }}/../inventories/etica.dev-extras/traefik/traefik.yml" # @see https://github.com/geerlingguy/ansible-role-pip#role-variables # By default, geerlingguy.pip will use pip from python 2.7. diff --git a/ansible/playbooks/docker-full-stack-start.yml b/ansible/playbooks/docker-full-stack-start.yml index b14a12c..f6d35a5 100644 --- a/ansible/playbooks/docker-full-stack-start.yml +++ b/ansible/playbooks/docker-full-stack-start.yml @@ -13,17 +13,8 @@ hosts: all gather_facts: yes tasks: - # - name: Tear down existing services - # docker_compose: - # project_src: flask - # state: absent - # - name: "docker-full-stack-start | debug" - # debug: - # msg: "{{ playbook_dir }}/../../docker/full-stack/" - # # var: "{{ playbook_dir }}/../../docker/full-stack/" - - - name: "docker-full-stack-start| Copy docker/full-stack/ to [ansible user home]/full-stack/" + - name: "docker-full-stack-start | Copy docker/full-stack/ to [ansible user home]/full-stack/" copy: src: "{{ playbook_dir }}/../../docker/full-stack/" dest: "{{ ansible_env.HOME }}/full-stack/" @@ -35,7 +26,7 @@ services: # - hello - whoami - # - hxl-proxy + - hxl-proxy register: output - name: "docker-full-stack-start | services result" diff --git a/ansible/playbooks/roles/traefik/tasks/configure.yml b/ansible/playbooks/roles/traefik/tasks/configure.yml index 168cac3..16e1fc7 100644 --- a/ansible/playbooks/roles/traefik/tasks/configure.yml +++ b/ansible/playbooks/roles/traefik/tasks/configure.yml @@ -6,7 +6,7 @@ # - name: "Deploy traefik.toml" # template: -# src: "traefik.toml.j2" +# src: "traefik.yml.j2" # dest: "/etc/traefik/traefik.toml" # mode: 0664 # block_start_string: "[[[%" diff --git a/docker/full-stack/docker-compose.yml b/docker/full-stack/docker-compose.yml index e8bc1a2..a8292d3 100644 --- a/docker/full-stack/docker-compose.yml +++ b/docker/full-stack/docker-compose.yml @@ -24,21 +24,24 @@ services: - "traefik.http.routers.whoami.rule=Host(`whoami.hxl.etica.dev`)" - "traefik.http.routers.whoami.entrypoints=web,websecure" - "traefik.http.routers.whoami.tls.certresolver=letsencrypt" - # - traefik.http.routers.http.rule=Host(`${DOMAIN}`) - # - traefik.http.routers.http.entrypoints=web,websecure - # - traefik.http.routers.http.middlewares=redirect - # - traefik.http.routers.https.rule=Host(`${DOMAIN}`) - # - traefik.http.routers.https.entrypoints=https - # - traefik.http.routers.https.tls=true - # - traefik.http.routers.https.tls.certresolver=${HTPPS_CERTIFICATE_RESOLVER} - # - traefik.http.routers.http.entrypoints=web,websecure + # TODO: implement middleware 'redirect HTTP to HTTPS' (fititnt, 2020-04-07 00>39 BRT) + # - "traefik.http.routers.http.middlewares=redirect" + # TODO: make it work + # @see https://github.com/HXLStandard/hxl-proxy/blob/master/docker_files/docker-compose.yml hxl-proxy: - # image: unocha/hxl-proxy:latest - image: unocha/hxl-proxy:dev - command: python manage.py runserver 0.0.0.0:8000 - depends_on: - - postgres_hxl-proxy + # image: unocha/hxl-proxy:dev + image: unocha/hxl-proxy:1.18 # see https://hub.docker.com/r/unocha/hxl-proxy/tags + # command: python manage.py runserver 0.0.0.0:8000 + # depends_on: + # - postgres_hxl-proxy + labels: + - "traefik.enable=true" + - "traefik.http.routers.hxl-proxy.rule=Host(`proxy.hxl.etica.dev`)" + - "traefik.http.routers.hxl-proxy.entrypoints=web,websecure" + - "traefik.http.routers.hxl-proxy.tls.certresolver=letsencrypt" + # TODO: implement middleware 'redirect HTTP to HTTPS' (fititnt, 2020-04-07 00>39 BRT) + # - "traefik.http.routers.http.middlewares=redirect" - postgres_hxl-proxy: - image: postgres + # postgres_hxl-proxy: + # image: postgres