Upgrade com.devture.ansible.role.traefik and improve front-Traefik-with-another-proxy docs

Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/2532
This commit is contained in:
Slavi Pantaleev 2023-03-01 12:31:46 +02:00
parent 8db2c0498a
commit a4b401c4da
2 changed files with 18 additions and 3 deletions

View File

@ -134,17 +134,32 @@ matrix_playbook_ssl_enabled: true
# Disable the web-secure (port 443) endpoint, which also disables SSL certificate retrieval # Disable the web-secure (port 443) endpoint, which also disables SSL certificate retrieval
devture_traefik_config_entrypoint_web_secure_enabled: false devture_traefik_config_entrypoint_web_secure_enabled: false
# If your reverse-proxy runs on another machine, consider using `0.0.0.0:81`, just `81` or `SOME_IP_ADDRESS_OF_THIS_MACHINE:81`
devture_traefik_container_web_host_bind_port: '127.0.0.1:81' devture_traefik_container_web_host_bind_port: '127.0.0.1:81'
# We bind to `127.0.0.1` by default (see above), so trusting `X-Forwarded-*` headers from
# a reverse-proxy running on the local machine is safe enough.
devture_traefik_config_entrypoint_web_forwardedHeaders_insecure: true
# Or, if you're publishing the port (`devture_traefik_container_web_host_bind_port` above) to a public network interfaces:
# - remove the `devture_traefik_config_entrypoint_web_forwardedHeaders_insecure` variable definition above
# - uncomment and adjust the line below
# devture_traefik_config_entrypoint_web_forwardedHeaders_trustedIPs: ['IP-ADDRESS-OF-YOUR-REVERSE-PROXY']
# Likewise (to `devture_traefik_container_web_host_bind_port` above),
# if your reverse-proxy runs on another machine, consider changing the `host_bind_port` setting below.
devture_traefik_additional_entrypoints_auto: devture_traefik_additional_entrypoints_auto:
- name: matrix-federation - name: matrix-federation
port: 8449 port: 8449
host_bind_port: '127.0.0.1:8449' host_bind_port: '127.0.0.1:8449'
config: {} config: {}
# If your reverse-proxy runs on another machine, remove the config above and use this config instead:
# config:
# forwardedHeaders:
# insecure: true
# # trustedIPs: ['IP-ADDRESS-OF-YOUR-REVERSE-PROXY']
``` ```
If you'll be fronting with a reverse-proxy that lives on another machine (not on the same one as Matrix), you need to replace `127.0.0.1` in the above configurations with `0.0.0.0` or another network interface.
For an example where the playbook's Traefik reverse-proxy is fronted by [Nginx](https://nginx.org/) running on the same server, see [Nginx reverse-proxy fronting the playbook's Traefik](../examples/nginx/README.md). For an example where the playbook's Traefik reverse-proxy is fronted by [Nginx](https://nginx.org/) running on the same server, see [Nginx reverse-proxy fronting the playbook's Traefik](../examples/nginx/README.md).

View File

@ -49,7 +49,7 @@
version: v7.0.9-0 version: v7.0.9-0
- src: git+https://github.com/devture/com.devture.ansible.role.traefik.git - src: git+https://github.com/devture/com.devture.ansible.role.traefik.git
version: acc49a8059206743f1921f94891ebc177bf79bd2 version: ed9f59753468556b363f90798be23c600d16ef5f
- src: git+https://github.com/devture/com.devture.ansible.role.traefik_certs_dumper.git - src: git+https://github.com/devture/com.devture.ansible.role.traefik_certs_dumper.git
version: abeecc09f6fd165eff3cef5d6dd7696b9ca4ec27 version: abeecc09f6fd165eff3cef5d6dd7696b9ca4ec27