finallycoffee/matrix-docker-ansible-deploy
5
1
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Initial work on Traefik support

Browse Source 
This gets us started on adding a Traefik role and hooking Traefik:

- directly to services which support Traefik - we only have a few of
  these right now, but the list will grow

- to matrix-nginx-proxy for most services that integrate with
  matrix-nginx-proxy right now

Traefik usage should be disabled by default for now and nothing should
change for people just yet.

Enabling these experiments requires additional configuration like this:

```yaml
devture_traefik_ssl_email_address: '.....'

matrix_playbook_traefik_role_enabled: true
matrix_playbook_traefik_labels_enabled: true

matrix_ssl_retrieval_method: none

matrix_nginx_proxy_https_enabled: false

matrix_nginx_proxy_container_http_host_bind_port: ''
matrix_nginx_proxy_container_federation_host_bind_port: ''

matrix_nginx_proxy_trust_forwarded_proto: true

matrix_nginx_proxy_x_forwarded_for: '$proxy_add_x_forwarded_for'

matrix_coturn_enabled: false
```

What currently works is:
reverse-proxying for all nginx-proxy based services **except** for the Matrix homeserver
(both Client-Server an Federation traffic for the homeserver don't work yet)
This commit is contained in:
Slavi Pantaleev
2023-02-06 10:34:51 +02:00
parent 946bbe9734
commit f983604695
7 changed files with 303 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

74
roles/custom/matrix-nginx-proxy/defaults/main.yml
View File

@ -40,6 +40,80 @@ matrix_nginx_proxy_container_additional_networks: []
# Contains definition objects like this: `{"src": "/outside", "dst": "/inside", "options": "rw|ro|slave|.."}
matrix_nginx_proxy_container_additional_volumes: []
# matrix_nginx_proxy_container_labels_traefik_enabled controls whether labels to assist a Traefik reverse-proxy will be attached to the container.
# See `../templates/labels.j2` for details.
#
# To inject your own other container labels, see `matrix_nginx_proxy_container_labels_additional_labels`.
matrix_nginx_proxy_container_labels_traefik_enabled: false
matrix_nginx_proxy_container_labels_traefik_docker_network: "{{ matrix_nginx_proxy_container_network }}"
matrix_nginx_proxy_container_labels_traefik_entrypoints: web-secure
matrix_nginx_proxy_container_labels_traefik_tls_certResolver: default # noqa var-naming
matrix_nginx_proxy_container_labels_traefik_proxy_element_enabled: false
matrix_nginx_proxy_container_labels_traefik_proxy_element_hostname: "{{ matrix_server_fqn_element }}"
matrix_nginx_proxy_container_labels_traefik_proxy_element_tls: "{{ matrix_nginx_proxy_container_labels_traefik_entrypoints != 'web' }}"
matrix_nginx_proxy_container_labels_traefik_proxy_element_rule: "Host(`{{ matrix_nginx_proxy_container_labels_traefik_proxy_element_hostname }}`)"
matrix_nginx_proxy_container_labels_traefik_proxy_hydrogen_enabled: false
matrix_nginx_proxy_container_labels_traefik_proxy_hydrogen_hostname: "{{ matrix_server_fqn_hydrogen }}"
matrix_nginx_proxy_container_labels_traefik_proxy_hydrogen_tls: "{{ matrix_nginx_proxy_container_labels_traefik_entrypoints != 'web' }}"
matrix_nginx_proxy_container_labels_traefik_proxy_hydrogen_rule: "Host(`{{ matrix_nginx_proxy_container_labels_traefik_proxy_hydrogen_hostname }}`)"
matrix_nginx_proxy_container_labels_traefik_proxy_cinny_enabled: false
matrix_nginx_proxy_container_labels_traefik_proxy_cinny_hostname: "{{ matrix_server_fqn_cinny }}"
matrix_nginx_proxy_container_labels_traefik_proxy_cinny_tls: "{{ matrix_nginx_proxy_container_labels_traefik_entrypoints != 'web' }}"
matrix_nginx_proxy_container_labels_traefik_proxy_cinny_rule: "Host(`{{ matrix_nginx_proxy_container_labels_traefik_proxy_cinny_hostname }}`)"
matrix_nginx_proxy_container_labels_traefik_proxy_buscarron_enabled: false
matrix_nginx_proxy_container_labels_traefik_proxy_buscarron_hostname: "{{ matrix_server_fqn_buscarron }}"
matrix_nginx_proxy_container_labels_traefik_proxy_buscarron_tls: "{{ matrix_nginx_proxy_container_labels_traefik_entrypoints != 'web' }}"
matrix_nginx_proxy_container_labels_traefik_proxy_buscarron_rule: "Host(`{{ matrix_nginx_proxy_container_labels_traefik_proxy_buscarron_hostname }}`)"
matrix_nginx_proxy_container_labels_traefik_proxy_dimension_enabled: false
matrix_nginx_proxy_container_labels_traefik_proxy_dimension_hostname: "{{ matrix_server_fqn_dimension }}"
matrix_nginx_proxy_container_labels_traefik_proxy_dimension_tls: "{{ matrix_nginx_proxy_container_labels_traefik_entrypoints != 'web' }}"
matrix_nginx_proxy_container_labels_traefik_proxy_dimension_rule: "Host(`{{ matrix_nginx_proxy_container_labels_traefik_proxy_dimension_hostname }}`)"
matrix_nginx_proxy_container_labels_traefik_proxy_etherpad_enabled: false
matrix_nginx_proxy_container_labels_traefik_proxy_etherpad_hostname: "{{ matrix_server_fqn_etherpad }}"
matrix_nginx_proxy_container_labels_traefik_proxy_etherpad_tls: "{{ matrix_nginx_proxy_container_labels_traefik_entrypoints != 'web' }}"
matrix_nginx_proxy_container_labels_traefik_proxy_etherpad_rule: "Host(`{{ matrix_nginx_proxy_container_labels_traefik_proxy_etherpad_hostname }}`)"
matrix_nginx_proxy_container_labels_traefik_proxy_bot_go_neb_enabled: false
matrix_nginx_proxy_container_labels_traefik_proxy_bot_go_neb_hostname: "{{ matrix_server_fqn_bot_go_neb }}"
matrix_nginx_proxy_container_labels_traefik_proxy_bot_go_neb_tls: "{{ matrix_nginx_proxy_container_labels_traefik_entrypoints != 'web' }}"
matrix_nginx_proxy_container_labels_traefik_proxy_bot_go_neb_rule: "Host(`{{ matrix_nginx_proxy_container_labels_traefik_proxy_bot_go_neb_hostname }}`)"
matrix_nginx_proxy_container_labels_traefik_proxy_jitsi_enabled: false
matrix_nginx_proxy_container_labels_traefik_proxy_jitsi_hostname: "{{ matrix_server_fqn_jitsi }}"
matrix_nginx_proxy_container_labels_traefik_proxy_jitsi_tls: "{{ matrix_nginx_proxy_container_labels_traefik_entrypoints != 'web' }}"
matrix_nginx_proxy_container_labels_traefik_proxy_jitsi_rule: "Host(`{{ matrix_nginx_proxy_container_labels_traefik_proxy_jitsi_hostname }}`)"
matrix_nginx_proxy_container_labels_traefik_proxy_grafana_enabled: false
matrix_nginx_proxy_container_labels_traefik_proxy_grafana_hostname: "{{ matrix_server_fqn_grafana }}"
matrix_nginx_proxy_container_labels_traefik_proxy_grafana_tls: "{{ matrix_nginx_proxy_container_labels_traefik_entrypoints != 'web' }}"
matrix_nginx_proxy_container_labels_traefik_proxy_grafana_rule: "Host(`{{ matrix_nginx_proxy_container_labels_traefik_proxy_grafana_hostname }}`)"
matrix_nginx_proxy_container_labels_traefik_proxy_sygnal_enabled: false
matrix_nginx_proxy_container_labels_traefik_proxy_sygnal_hostname: "{{ matrix_server_fqn_sygnal }}"
matrix_nginx_proxy_container_labels_traefik_proxy_sygnal_tls: "{{ matrix_nginx_proxy_container_labels_traefik_entrypoints != 'web' }}"
matrix_nginx_proxy_container_labels_traefik_proxy_sygnal_rule: "Host(`{{ matrix_nginx_proxy_container_labels_traefik_proxy_sygnal_hostname }}`)"
matrix_nginx_proxy_container_labels_traefik_proxy_ntfy_enabled: false
matrix_nginx_proxy_container_labels_traefik_proxy_ntfy_hostname: "{{ matrix_server_fqn_ntfy }}"
matrix_nginx_proxy_container_labels_traefik_proxy_ntfy_tls: "{{ matrix_nginx_proxy_container_labels_traefik_entrypoints != 'web' }}"
matrix_nginx_proxy_container_labels_traefik_proxy_ntfy_rule: "Host(`{{ matrix_nginx_proxy_container_labels_traefik_proxy_ntfy_hostname }}`)"
# matrix_nginx_proxy_container_labels_additional_labels contains a multiline string with additional labels to add to the container label file.
# See `../templates/labels.j2` for details.
#
# Example:
# matrix_nginx_proxy_container_labels_additional_labels: |
# my.label=1
# another.label="here"
matrix_nginx_proxy_container_labels_additional_labels: ''
# A list of extra arguments to pass to the container
matrix_nginx_proxy_container_extra_arguments: []