Initial work on Traefik support
This gets us started on adding a Traefik role and hooking Traefik: - directly to services which support Traefik - we only have a few of these right now, but the list will grow - to matrix-nginx-proxy for most services that integrate with matrix-nginx-proxy right now Traefik usage should be disabled by default for now and nothing should change for people just yet. Enabling these experiments requires additional configuration like this: ```yaml devture_traefik_ssl_email_address: '.....' matrix_playbook_traefik_role_enabled: true matrix_playbook_traefik_labels_enabled: true matrix_ssl_retrieval_method: none matrix_nginx_proxy_https_enabled: false matrix_nginx_proxy_container_http_host_bind_port: '' matrix_nginx_proxy_container_federation_host_bind_port: '' matrix_nginx_proxy_trust_forwarded_proto: true matrix_nginx_proxy_x_forwarded_for: '$proxy_add_x_forwarded_for' matrix_coturn_enabled: false ``` What currently works is: reverse-proxying for all nginx-proxy based services **except** for the Matrix homeserver (both Client-Server an Federation traffic for the homeserver don't work yet)
This commit is contained in:
parent
946bbe9734
commit
f983604695
@ -19,6 +19,28 @@
|
|||||||
# Also see `devture_docker_sdk_for_python_installation_enabled`.
|
# Also see `devture_docker_sdk_for_python_installation_enabled`.
|
||||||
matrix_playbook_docker_installation_enabled: true
|
matrix_playbook_docker_installation_enabled: true
|
||||||
|
|
||||||
|
# Controls whether to run the Traefik role or not
|
||||||
|
# See the `com.devture.ansible.role.traefik` section below for role configuration.
|
||||||
|
#
|
||||||
|
# There's a difference between `devture_traefik_enabled` and `matrix_playbook_traefik_role_enabled`.
|
||||||
|
# `devture_traefik_enabled` controls what the Traefik role would do - when not enabled, it will run uninstall tasks, etc.
|
||||||
|
# `matrix_playbook_traefik_role_enabled` controls if the Traefik role would even run at all.
|
||||||
|
#
|
||||||
|
# Sometimes, you're installing Traefik via a different (related playbook) which uses the same role.
|
||||||
|
# In such cases, you'd like to disable the role in this playbook from bothering with Traefik at all (`matrix_playbook_traefik_role_enabled: false`).
|
||||||
|
# If you used `devture_traefik_enabled: false` + `matrix_playbook_traefik_role_enabled: true` instead, you'd see the Treafik role here
|
||||||
|
# try to delete Traefik data (`/devture-traefik`) installed by the other playbook.
|
||||||
|
matrix_playbook_traefik_role_enabled: false
|
||||||
|
|
||||||
|
# Controls whether to attach Traefik labels to services.
|
||||||
|
# This is separate from `devture_traefik_enabled` and `matrix_playbook_traefik_role_enabled`,
|
||||||
|
# because you may wish to disable Traefik installation by the playbook, yet still use Traefik
|
||||||
|
# installed in another way.
|
||||||
|
matrix_playbook_traefik_labels_enabled: false
|
||||||
|
|
||||||
|
# Controls the additional network that reverse-proxyable services will be connected to.
|
||||||
|
matrix_playbook_reverse_proxyable_services_additional_network: "{{ devture_traefik_container_network if devture_traefik_enabled else '' }}"
|
||||||
|
|
||||||
########################################################################
|
########################################################################
|
||||||
# #
|
# #
|
||||||
# /Playbook #
|
# /Playbook #
|
||||||
@ -320,6 +342,8 @@ devture_systemd_service_manager_services_list_auto: |
|
|||||||
([{'name': 'matrix-synapse-admin.service', 'priority': 4000, 'groups': ['matrix', 'synapse-admin']}] if matrix_synapse_admin_enabled else [])
|
([{'name': 'matrix-synapse-admin.service', 'priority': 4000, 'groups': ['matrix', 'synapse-admin']}] if matrix_synapse_admin_enabled else [])
|
||||||
+
|
+
|
||||||
([{'name': 'matrix-synapse-reverse-proxy-companion.service', 'priority': 1500, 'groups': ['matrix', 'homeservers', 'synapse', 'reverse-proxies']}] if matrix_synapse_reverse_proxy_companion_enabled else [])
|
([{'name': 'matrix-synapse-reverse-proxy-companion.service', 'priority': 1500, 'groups': ['matrix', 'homeservers', 'synapse', 'reverse-proxies']}] if matrix_synapse_reverse_proxy_companion_enabled else [])
|
||||||
|
+
|
||||||
|
([{'name': 'devture-traefik.service', 'priority': 3000, 'groups': ['matrix', 'traefik', 'reverse-proxies']}] if matrix_playbook_traefik_role_enabled else [])
|
||||||
}}
|
}}
|
||||||
|
|
||||||
########################################################################
|
########################################################################
|
||||||
@ -2157,6 +2181,8 @@ matrix_ma1sd_database_password: "{{ '%s' | format(matrix_homeserver_generic_secr
|
|||||||
# If that's not the case, you may wish to disable this and take care of proxying yourself.
|
# If that's not the case, you may wish to disable this and take care of proxying yourself.
|
||||||
matrix_nginx_proxy_enabled: true
|
matrix_nginx_proxy_enabled: true
|
||||||
|
|
||||||
|
matrix_nginx_proxy_container_additional_networks: "{{ [matrix_playbook_reverse_proxyable_services_additional_network] if matrix_playbook_reverse_proxyable_services_additional_network else [] }}"
|
||||||
|
|
||||||
matrix_nginx_proxy_proxy_matrix_client_api_addr_with_container: "{{ 'matrix-corporal:41080' if matrix_corporal_enabled else 'matrix-nginx-proxy:12080' }}"
|
matrix_nginx_proxy_proxy_matrix_client_api_addr_with_container: "{{ 'matrix-corporal:41080' if matrix_corporal_enabled else 'matrix-nginx-proxy:12080' }}"
|
||||||
matrix_nginx_proxy_proxy_matrix_client_api_addr_sans_container: "{{ '127.0.0.1:41080' if matrix_corporal_enabled else '127.0.0.1:12080' }}"
|
matrix_nginx_proxy_proxy_matrix_client_api_addr_sans_container: "{{ '127.0.0.1:41080' if matrix_corporal_enabled else '127.0.0.1:12080' }}"
|
||||||
matrix_nginx_proxy_proxy_matrix_client_api_client_max_body_size_mb: |-
|
matrix_nginx_proxy_proxy_matrix_client_api_client_max_body_size_mb: |-
|
||||||
@ -2185,6 +2211,22 @@ matrix_nginx_proxy_proxy_grafana_enabled: "{{ matrix_grafana_enabled }}"
|
|||||||
matrix_nginx_proxy_proxy_sygnal_enabled: "{{ matrix_sygnal_enabled }}"
|
matrix_nginx_proxy_proxy_sygnal_enabled: "{{ matrix_sygnal_enabled }}"
|
||||||
matrix_nginx_proxy_proxy_ntfy_enabled: "{{ matrix_ntfy_enabled }}"
|
matrix_nginx_proxy_proxy_ntfy_enabled: "{{ matrix_ntfy_enabled }}"
|
||||||
|
|
||||||
|
matrix_nginx_proxy_container_labels_traefik_enabled: "{{ matrix_playbook_traefik_labels_enabled }}"
|
||||||
|
matrix_nginx_proxy_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}"
|
||||||
|
matrix_nginx_proxy_container_labels_traefik_entrypoints: "{{ devture_traefik_config_entrypoint_primary }}"
|
||||||
|
|
||||||
|
matrix_nginx_proxy_container_labels_traefik_proxy_element_enabled: "{{ matrix_client_element_enabled }}"
|
||||||
|
matrix_nginx_proxy_container_labels_traefik_proxy_hydrogen_enabled: "{{ matrix_client_hydrogen_enabled }}"
|
||||||
|
matrix_nginx_proxy_container_labels_traefik_proxy_cinny_enabled: "{{ matrix_client_cinny_enabled }}"
|
||||||
|
matrix_nginx_proxy_container_labels_traefik_proxy_buscarron_enabled: "{{ matrix_bot_buscarron_enabled }}"
|
||||||
|
matrix_nginx_proxy_container_labels_traefik_proxy_dimension_enabled: "{{ matrix_dimension_enabled }}"
|
||||||
|
matrix_nginx_proxy_container_labels_traefik_proxy_etherpad_enabled: "{{ matrix_etherpad_enabled and matrix_etherpad_mode == 'standalone' }}"
|
||||||
|
matrix_nginx_proxy_container_labels_traefik_proxy_bot_go_neb_enabled: "{{ matrix_bot_go_neb_enabled }}"
|
||||||
|
matrix_nginx_proxy_container_labels_traefik_proxy_jitsi_enabled: "{{ matrix_jitsi_enabled }}"
|
||||||
|
matrix_nginx_proxy_container_labels_traefik_proxy_grafana_enabled: "{{ matrix_grafana_enabled }}"
|
||||||
|
matrix_nginx_proxy_container_labels_traefik_proxy_sygnal_enabled: "{{ matrix_sygnal_enabled }}"
|
||||||
|
matrix_nginx_proxy_container_labels_traefik_proxy_ntfy_enabled: "{{ matrix_ntfy_enabled }}"
|
||||||
|
|
||||||
matrix_nginx_proxy_proxy_matrix_corporal_api_enabled: "{{ matrix_corporal_enabled and matrix_corporal_http_api_enabled }}"
|
matrix_nginx_proxy_proxy_matrix_corporal_api_enabled: "{{ matrix_corporal_enabled and matrix_corporal_http_api_enabled }}"
|
||||||
matrix_nginx_proxy_proxy_matrix_corporal_api_addr_with_container: "matrix-corporal:41081"
|
matrix_nginx_proxy_proxy_matrix_corporal_api_addr_with_container: "matrix-corporal:41081"
|
||||||
matrix_nginx_proxy_proxy_matrix_corporal_api_addr_sans_container: "127.0.0.1:41081"
|
matrix_nginx_proxy_proxy_matrix_corporal_api_addr_sans_container: "127.0.0.1:41081"
|
||||||
@ -2968,7 +3010,11 @@ prometheus_node_exporter_server_fqn: "{{ matrix_server_fqn_matrix }}"
|
|||||||
|
|
||||||
prometheus_node_exporter_container_network: "{{ matrix_docker_network }}"
|
prometheus_node_exporter_container_network: "{{ matrix_docker_network }}"
|
||||||
|
|
||||||
|
prometheus_node_exporter_container_additional_networks: "{{ [matrix_playbook_reverse_proxyable_services_additional_network] if matrix_playbook_reverse_proxyable_services_additional_network else [] }}"
|
||||||
|
|
||||||
prometheus_node_exporter_container_labels_traefik_enabled: false
|
prometheus_node_exporter_container_labels_traefik_enabled: false
|
||||||
|
prometheus_node_exporter_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}"
|
||||||
|
prometheus_node_exporter_container_labels_traefik_entrypoints: "{{ devture_traefik_config_entrypoint_primary }}"
|
||||||
|
|
||||||
######################################################################
|
######################################################################
|
||||||
#
|
#
|
||||||
@ -2995,7 +3041,11 @@ prometheus_postgres_exporter_server_fqn: "{{ matrix_server_fqn_matrix }}"
|
|||||||
|
|
||||||
prometheus_postgres_exporter_container_network: "{{ matrix_docker_network }}"
|
prometheus_postgres_exporter_container_network: "{{ matrix_docker_network }}"
|
||||||
|
|
||||||
|
prometheus_postgres_exporter_container_additional_networks: "{{ [matrix_playbook_reverse_proxyable_services_additional_network] if matrix_playbook_reverse_proxyable_services_additional_network else [] }}"
|
||||||
|
|
||||||
prometheus_postgres_exporter_container_labels_traefik_enabled: false
|
prometheus_postgres_exporter_container_labels_traefik_enabled: false
|
||||||
|
prometheus_postgres_exporter_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}"
|
||||||
|
prometheus_postgres_exporter_container_labels_traefik_entrypoints: "{{ devture_traefik_config_entrypoint_primary }}"
|
||||||
|
|
||||||
prometheus_postgres_exporter_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}"
|
prometheus_postgres_exporter_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}"
|
||||||
prometheus_postgres_exporter_database_username: matrix_prometheus_postgres_exporter
|
prometheus_postgres_exporter_database_username: matrix_prometheus_postgres_exporter
|
||||||
@ -3284,3 +3334,23 @@ matrix_user_creator_users_auto: |
|
|||||||
# /matrix-user-creator
|
# /matrix-user-creator
|
||||||
#
|
#
|
||||||
######################################################################
|
######################################################################
|
||||||
|
|
||||||
|
|
||||||
|
########################################################################
|
||||||
|
# #
|
||||||
|
# com.devture.ansible.role.traefik #
|
||||||
|
# #
|
||||||
|
########################################################################
|
||||||
|
|
||||||
|
# To completely disable the Traefik role from running, use `matrix_playbook_traefik_role_enabled: false`.
|
||||||
|
# See the comment there for more details about why we have both `devture_traefik_enabled` and `matrix_playbook_traefik_role_enabled`.
|
||||||
|
devture_traefik_enabled: "{{ matrix_playbook_traefik_role_enabled }}"
|
||||||
|
|
||||||
|
devture_traefik_uid: "{{ matrix_user_uid }}"
|
||||||
|
devture_traefik_gid: "{{ matrix_user_gid }}"
|
||||||
|
|
||||||
|
########################################################################
|
||||||
|
# #
|
||||||
|
# /com.devture.ansible.role.traefik #
|
||||||
|
# #
|
||||||
|
########################################################################
|
||||||
|
@ -115,6 +115,9 @@
|
|||||||
- custom/matrix-user-creator
|
- custom/matrix-user-creator
|
||||||
- custom/matrix-common-after
|
- custom/matrix-common-after
|
||||||
|
|
||||||
|
- when: matrix_playbook_traefik_role_enabled | bool
|
||||||
|
role: galaxy/com.devture.ansible.role.traefik
|
||||||
|
|
||||||
- when: devture_systemd_service_manager_enabled | bool
|
- when: devture_systemd_service_manager_enabled | bool
|
||||||
role: galaxy/com.devture.ansible.role.systemd_service_manager
|
role: galaxy/com.devture.ansible.role.systemd_service_manager
|
||||||
|
|
||||||
|
@ -35,3 +35,6 @@
|
|||||||
|
|
||||||
- src: git+https://gitlab.com/etke.cc/roles/prometheus_postgres_exporter.git
|
- src: git+https://gitlab.com/etke.cc/roles/prometheus_postgres_exporter.git
|
||||||
version: v0.11.1-2
|
version: v0.11.1-2
|
||||||
|
|
||||||
|
- src: git+https://github.com/devture/com.devture.ansible.role.traefik.git
|
||||||
|
version: 407af71a3667b1d8083beb10bf22423ecf013f58
|
||||||
|
@ -40,6 +40,80 @@ matrix_nginx_proxy_container_additional_networks: []
|
|||||||
# Contains definition objects like this: `{"src": "/outside", "dst": "/inside", "options": "rw|ro|slave|.."}
|
# Contains definition objects like this: `{"src": "/outside", "dst": "/inside", "options": "rw|ro|slave|.."}
|
||||||
matrix_nginx_proxy_container_additional_volumes: []
|
matrix_nginx_proxy_container_additional_volumes: []
|
||||||
|
|
||||||
|
# matrix_nginx_proxy_container_labels_traefik_enabled controls whether labels to assist a Traefik reverse-proxy will be attached to the container.
|
||||||
|
# See `../templates/labels.j2` for details.
|
||||||
|
#
|
||||||
|
# To inject your own other container labels, see `matrix_nginx_proxy_container_labels_additional_labels`.
|
||||||
|
matrix_nginx_proxy_container_labels_traefik_enabled: false
|
||||||
|
matrix_nginx_proxy_container_labels_traefik_docker_network: "{{ matrix_nginx_proxy_container_network }}"
|
||||||
|
matrix_nginx_proxy_container_labels_traefik_entrypoints: web-secure
|
||||||
|
matrix_nginx_proxy_container_labels_traefik_tls_certResolver: default # noqa var-naming
|
||||||
|
|
||||||
|
matrix_nginx_proxy_container_labels_traefik_proxy_element_enabled: false
|
||||||
|
matrix_nginx_proxy_container_labels_traefik_proxy_element_hostname: "{{ matrix_server_fqn_element }}"
|
||||||
|
matrix_nginx_proxy_container_labels_traefik_proxy_element_tls: "{{ matrix_nginx_proxy_container_labels_traefik_entrypoints != 'web' }}"
|
||||||
|
matrix_nginx_proxy_container_labels_traefik_proxy_element_rule: "Host(`{{ matrix_nginx_proxy_container_labels_traefik_proxy_element_hostname }}`)"
|
||||||
|
|
||||||
|
matrix_nginx_proxy_container_labels_traefik_proxy_hydrogen_enabled: false
|
||||||
|
matrix_nginx_proxy_container_labels_traefik_proxy_hydrogen_hostname: "{{ matrix_server_fqn_hydrogen }}"
|
||||||
|
matrix_nginx_proxy_container_labels_traefik_proxy_hydrogen_tls: "{{ matrix_nginx_proxy_container_labels_traefik_entrypoints != 'web' }}"
|
||||||
|
matrix_nginx_proxy_container_labels_traefik_proxy_hydrogen_rule: "Host(`{{ matrix_nginx_proxy_container_labels_traefik_proxy_hydrogen_hostname }}`)"
|
||||||
|
|
||||||
|
matrix_nginx_proxy_container_labels_traefik_proxy_cinny_enabled: false
|
||||||
|
matrix_nginx_proxy_container_labels_traefik_proxy_cinny_hostname: "{{ matrix_server_fqn_cinny }}"
|
||||||
|
matrix_nginx_proxy_container_labels_traefik_proxy_cinny_tls: "{{ matrix_nginx_proxy_container_labels_traefik_entrypoints != 'web' }}"
|
||||||
|
matrix_nginx_proxy_container_labels_traefik_proxy_cinny_rule: "Host(`{{ matrix_nginx_proxy_container_labels_traefik_proxy_cinny_hostname }}`)"
|
||||||
|
|
||||||
|
matrix_nginx_proxy_container_labels_traefik_proxy_buscarron_enabled: false
|
||||||
|
matrix_nginx_proxy_container_labels_traefik_proxy_buscarron_hostname: "{{ matrix_server_fqn_buscarron }}"
|
||||||
|
matrix_nginx_proxy_container_labels_traefik_proxy_buscarron_tls: "{{ matrix_nginx_proxy_container_labels_traefik_entrypoints != 'web' }}"
|
||||||
|
matrix_nginx_proxy_container_labels_traefik_proxy_buscarron_rule: "Host(`{{ matrix_nginx_proxy_container_labels_traefik_proxy_buscarron_hostname }}`)"
|
||||||
|
|
||||||
|
matrix_nginx_proxy_container_labels_traefik_proxy_dimension_enabled: false
|
||||||
|
matrix_nginx_proxy_container_labels_traefik_proxy_dimension_hostname: "{{ matrix_server_fqn_dimension }}"
|
||||||
|
matrix_nginx_proxy_container_labels_traefik_proxy_dimension_tls: "{{ matrix_nginx_proxy_container_labels_traefik_entrypoints != 'web' }}"
|
||||||
|
matrix_nginx_proxy_container_labels_traefik_proxy_dimension_rule: "Host(`{{ matrix_nginx_proxy_container_labels_traefik_proxy_dimension_hostname }}`)"
|
||||||
|
|
||||||
|
matrix_nginx_proxy_container_labels_traefik_proxy_etherpad_enabled: false
|
||||||
|
matrix_nginx_proxy_container_labels_traefik_proxy_etherpad_hostname: "{{ matrix_server_fqn_etherpad }}"
|
||||||
|
matrix_nginx_proxy_container_labels_traefik_proxy_etherpad_tls: "{{ matrix_nginx_proxy_container_labels_traefik_entrypoints != 'web' }}"
|
||||||
|
matrix_nginx_proxy_container_labels_traefik_proxy_etherpad_rule: "Host(`{{ matrix_nginx_proxy_container_labels_traefik_proxy_etherpad_hostname }}`)"
|
||||||
|
|
||||||
|
matrix_nginx_proxy_container_labels_traefik_proxy_bot_go_neb_enabled: false
|
||||||
|
matrix_nginx_proxy_container_labels_traefik_proxy_bot_go_neb_hostname: "{{ matrix_server_fqn_bot_go_neb }}"
|
||||||
|
matrix_nginx_proxy_container_labels_traefik_proxy_bot_go_neb_tls: "{{ matrix_nginx_proxy_container_labels_traefik_entrypoints != 'web' }}"
|
||||||
|
matrix_nginx_proxy_container_labels_traefik_proxy_bot_go_neb_rule: "Host(`{{ matrix_nginx_proxy_container_labels_traefik_proxy_bot_go_neb_hostname }}`)"
|
||||||
|
|
||||||
|
matrix_nginx_proxy_container_labels_traefik_proxy_jitsi_enabled: false
|
||||||
|
matrix_nginx_proxy_container_labels_traefik_proxy_jitsi_hostname: "{{ matrix_server_fqn_jitsi }}"
|
||||||
|
matrix_nginx_proxy_container_labels_traefik_proxy_jitsi_tls: "{{ matrix_nginx_proxy_container_labels_traefik_entrypoints != 'web' }}"
|
||||||
|
matrix_nginx_proxy_container_labels_traefik_proxy_jitsi_rule: "Host(`{{ matrix_nginx_proxy_container_labels_traefik_proxy_jitsi_hostname }}`)"
|
||||||
|
|
||||||
|
matrix_nginx_proxy_container_labels_traefik_proxy_grafana_enabled: false
|
||||||
|
matrix_nginx_proxy_container_labels_traefik_proxy_grafana_hostname: "{{ matrix_server_fqn_grafana }}"
|
||||||
|
matrix_nginx_proxy_container_labels_traefik_proxy_grafana_tls: "{{ matrix_nginx_proxy_container_labels_traefik_entrypoints != 'web' }}"
|
||||||
|
matrix_nginx_proxy_container_labels_traefik_proxy_grafana_rule: "Host(`{{ matrix_nginx_proxy_container_labels_traefik_proxy_grafana_hostname }}`)"
|
||||||
|
|
||||||
|
matrix_nginx_proxy_container_labels_traefik_proxy_sygnal_enabled: false
|
||||||
|
matrix_nginx_proxy_container_labels_traefik_proxy_sygnal_hostname: "{{ matrix_server_fqn_sygnal }}"
|
||||||
|
matrix_nginx_proxy_container_labels_traefik_proxy_sygnal_tls: "{{ matrix_nginx_proxy_container_labels_traefik_entrypoints != 'web' }}"
|
||||||
|
matrix_nginx_proxy_container_labels_traefik_proxy_sygnal_rule: "Host(`{{ matrix_nginx_proxy_container_labels_traefik_proxy_sygnal_hostname }}`)"
|
||||||
|
|
||||||
|
matrix_nginx_proxy_container_labels_traefik_proxy_ntfy_enabled: false
|
||||||
|
matrix_nginx_proxy_container_labels_traefik_proxy_ntfy_hostname: "{{ matrix_server_fqn_ntfy }}"
|
||||||
|
matrix_nginx_proxy_container_labels_traefik_proxy_ntfy_tls: "{{ matrix_nginx_proxy_container_labels_traefik_entrypoints != 'web' }}"
|
||||||
|
matrix_nginx_proxy_container_labels_traefik_proxy_ntfy_rule: "Host(`{{ matrix_nginx_proxy_container_labels_traefik_proxy_ntfy_hostname }}`)"
|
||||||
|
|
||||||
|
# matrix_nginx_proxy_container_labels_additional_labels contains a multiline string with additional labels to add to the container label file.
|
||||||
|
# See `../templates/labels.j2` for details.
|
||||||
|
#
|
||||||
|
# Example:
|
||||||
|
# matrix_nginx_proxy_container_labels_additional_labels: |
|
||||||
|
# my.label=1
|
||||||
|
# another.label="here"
|
||||||
|
matrix_nginx_proxy_container_labels_additional_labels: ''
|
||||||
|
|
||||||
|
|
||||||
# A list of extra arguments to pass to the container
|
# A list of extra arguments to pass to the container
|
||||||
matrix_nginx_proxy_container_extra_arguments: []
|
matrix_nginx_proxy_container_extra_arguments: []
|
||||||
|
|
||||||
|
@ -22,6 +22,14 @@
|
|||||||
- "{{ matrix_nginx_proxy_data_path }}"
|
- "{{ matrix_nginx_proxy_data_path }}"
|
||||||
- "{{ matrix_nginx_proxy_confd_path }}"
|
- "{{ matrix_nginx_proxy_confd_path }}"
|
||||||
|
|
||||||
|
- name: Ensure Matrix nginx-proxy labels file is created
|
||||||
|
ansible.builtin.template:
|
||||||
|
src: "{{ role_path }}/templates/labels.j2"
|
||||||
|
dest: "{{ matrix_nginx_proxy_base_path }}/labels"
|
||||||
|
owner: "{{ matrix_user_username }}"
|
||||||
|
group: "{{ matrix_user_groupname }}"
|
||||||
|
mode: 0640
|
||||||
|
|
||||||
- name: Ensure Matrix nginx-proxy configured (main config override)
|
- name: Ensure Matrix nginx-proxy configured (main config override)
|
||||||
ansible.builtin.template:
|
ansible.builtin.template:
|
||||||
src: "{{ role_path }}/templates/nginx/nginx.conf.j2"
|
src: "{{ role_path }}/templates/nginx/nginx.conf.j2"
|
||||||
|
144
roles/custom/matrix-nginx-proxy/templates/labels.j2
Normal file
144
roles/custom/matrix-nginx-proxy/templates/labels.j2
Normal file
@ -0,0 +1,144 @@
|
|||||||
|
{% if matrix_nginx_proxy_container_labels_traefik_enabled %}
|
||||||
|
traefik.enable=true
|
||||||
|
|
||||||
|
{% if matrix_nginx_proxy_container_labels_traefik_docker_network %}
|
||||||
|
traefik.docker.network={{ matrix_nginx_proxy_container_labels_traefik_docker_network }}
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
|
|
||||||
|
{% if matrix_nginx_proxy_container_labels_traefik_proxy_element_enabled %}
|
||||||
|
# Element
|
||||||
|
traefik.http.routers.matrix-nginx-proxy-element.rule={{ matrix_nginx_proxy_container_labels_traefik_proxy_element_rule }}
|
||||||
|
traefik.http.routers.matrix-nginx-proxy-element.service=matrix-nginx-proxy-web
|
||||||
|
traefik.http.routers.matrix-nginx-proxy-element.tls={{ matrix_nginx_proxy_container_labels_traefik_proxy_element_tls | to_json }}
|
||||||
|
{% if matrix_nginx_proxy_container_labels_traefik_proxy_element_tls %}
|
||||||
|
traefik.http.routers.matrix-nginx-proxy-element.tls.certResolver={{ matrix_nginx_proxy_container_labels_traefik_tls_certResolver }}
|
||||||
|
{% endif %}
|
||||||
|
traefik.http.routers.matrix-nginx-proxy-element.entrypoints={{ matrix_nginx_proxy_container_labels_traefik_entrypoints }}
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
|
|
||||||
|
{% if matrix_nginx_proxy_container_labels_traefik_proxy_hydrogen_enabled %}
|
||||||
|
# Hydrogen
|
||||||
|
traefik.http.routers.matrix-nginx-proxy-hydrogen.rule={{ matrix_nginx_proxy_container_labels_traefik_proxy_hydrogen_rule }}
|
||||||
|
traefik.http.routers.matrix-nginx-proxy-hydrogen.service=matrix-nginx-proxy-web
|
||||||
|
traefik.http.routers.matrix-nginx-proxy-hydrogen.tls={{ matrix_nginx_proxy_container_labels_traefik_proxy_hydrogen_tls | to_json }}
|
||||||
|
{% if matrix_nginx_proxy_container_labels_traefik_proxy_hydrogen_tls %}
|
||||||
|
traefik.http.routers.matrix-nginx-proxy-hydrogen.tls.certResolver={{ matrix_nginx_proxy_container_labels_traefik_tls_certResolver }}
|
||||||
|
{% endif %}
|
||||||
|
traefik.http.routers.matrix-nginx-proxy-hydrogen.entrypoints={{ matrix_nginx_proxy_container_labels_traefik_entrypoints }}
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
|
|
||||||
|
{% if matrix_nginx_proxy_container_labels_traefik_proxy_cinny_enabled %}
|
||||||
|
# Cinny
|
||||||
|
traefik.http.routers.matrix-nginx-proxy-cinny.rule={{ matrix_nginx_proxy_container_labels_traefik_proxy_cinny_rule }}
|
||||||
|
traefik.http.routers.matrix-nginx-proxy-cinny.service=matrix-nginx-proxy-web
|
||||||
|
traefik.http.routers.matrix-nginx-proxy-cinny.tls={{ matrix_nginx_proxy_container_labels_traefik_proxy_cinny_tls | to_json }}
|
||||||
|
{% if matrix_nginx_proxy_container_labels_traefik_proxy_cinny_tls %}
|
||||||
|
traefik.http.routers.matrix-nginx-proxy-cinny.tls.certResolver={{ matrix_nginx_proxy_container_labels_traefik_tls_certResolver }}
|
||||||
|
{% endif %}
|
||||||
|
traefik.http.routers.matrix-nginx-proxy-cinny.entrypoints={{ matrix_nginx_proxy_container_labels_traefik_entrypoints }}
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
|
|
||||||
|
{% if matrix_nginx_proxy_container_labels_traefik_proxy_buscarron_enabled %}
|
||||||
|
# Buscarron
|
||||||
|
traefik.http.routers.matrix-nginx-proxy-buscarron.rule={{ matrix_nginx_proxy_container_labels_traefik_proxy_buscarron_rule }}
|
||||||
|
traefik.http.routers.matrix-nginx-proxy-buscarron.service=matrix-nginx-proxy-web
|
||||||
|
traefik.http.routers.matrix-nginx-proxy-buscarron.tls={{ matrix_nginx_proxy_container_labels_traefik_proxy_buscarron_tls | to_json }}
|
||||||
|
{% if matrix_nginx_proxy_container_labels_traefik_proxy_buscarron_tls %}
|
||||||
|
traefik.http.routers.matrix-nginx-proxy-buscarron.tls.certResolver={{ matrix_nginx_proxy_container_labels_traefik_tls_certResolver }}
|
||||||
|
{% endif %}
|
||||||
|
traefik.http.routers.matrix-nginx-proxy-buscarron.entrypoints={{ matrix_nginx_proxy_container_labels_traefik_entrypoints }}
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
|
|
||||||
|
{% if matrix_nginx_proxy_container_labels_traefik_proxy_dimension_enabled %}
|
||||||
|
# Dimension
|
||||||
|
traefik.http.routers.matrix-nginx-proxy-dimension.rule={{ matrix_nginx_proxy_container_labels_traefik_proxy_dimension_rule }}
|
||||||
|
traefik.http.routers.matrix-nginx-proxy-dimension.service=matrix-nginx-proxy-web
|
||||||
|
traefik.http.routers.matrix-nginx-proxy-dimension.tls={{ matrix_nginx_proxy_container_labels_traefik_proxy_dimension_tls | to_json }}
|
||||||
|
{% if matrix_nginx_proxy_container_labels_traefik_proxy_dimension_tls %}
|
||||||
|
traefik.http.routers.matrix-nginx-proxy-dimension.tls.certResolver={{ matrix_nginx_proxy_container_labels_traefik_tls_certResolver }}
|
||||||
|
{% endif %}
|
||||||
|
traefik.http.routers.matrix-nginx-proxy-dimension.entrypoints={{ matrix_nginx_proxy_container_labels_traefik_entrypoints }}
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
|
|
||||||
|
{% if matrix_nginx_proxy_container_labels_traefik_proxy_etherpad_enabled %}
|
||||||
|
# Etherpad
|
||||||
|
traefik.http.routers.matrix-nginx-proxy-etherpad.rule={{ matrix_nginx_proxy_container_labels_traefik_proxy_etherpad_rule }}
|
||||||
|
traefik.http.routers.matrix-nginx-proxy-etherpad.service=matrix-nginx-proxy-web
|
||||||
|
traefik.http.routers.matrix-nginx-proxy-etherpad.tls={{ matrix_nginx_proxy_container_labels_traefik_proxy_etherpad_tls | to_json }}
|
||||||
|
{% if matrix_nginx_proxy_container_labels_traefik_proxy_etherpad_tls %}
|
||||||
|
traefik.http.routers.matrix-nginx-proxy-etherpad.tls.certResolver={{ matrix_nginx_proxy_container_labels_traefik_tls_certResolver }}
|
||||||
|
{% endif %}
|
||||||
|
traefik.http.routers.matrix-nginx-proxy-etherpad.entrypoints={{ matrix_nginx_proxy_container_labels_traefik_entrypoints }}
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
|
|
||||||
|
{% if matrix_nginx_proxy_container_labels_traefik_proxy_bot_go_neb_enabled %}
|
||||||
|
# Go NEB bot
|
||||||
|
traefik.http.routers.matrix-nginx-proxy-bot_go_neb.rule={{ matrix_nginx_proxy_container_labels_traefik_proxy_bot_go_neb_rule }}
|
||||||
|
traefik.http.routers.matrix-nginx-proxy-bot_go_neb.service=matrix-nginx-proxy-web
|
||||||
|
traefik.http.routers.matrix-nginx-proxy-bot_go_neb.tls={{ matrix_nginx_proxy_container_labels_traefik_proxy_bot_go_neb_tls | to_json }}
|
||||||
|
{% if matrix_nginx_proxy_container_labels_traefik_proxy_bot_go_neb_tls %}
|
||||||
|
traefik.http.routers.matrix-nginx-proxy-bot_go_neb.tls.certResolver={{ matrix_nginx_proxy_container_labels_traefik_tls_certResolver }}
|
||||||
|
{% endif %}
|
||||||
|
traefik.http.routers.matrix-nginx-proxy-bot_go_neb.entrypoints={{ matrix_nginx_proxy_container_labels_traefik_entrypoints }}
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
|
|
||||||
|
{% if matrix_nginx_proxy_container_labels_traefik_proxy_jitsi_enabled %}
|
||||||
|
# Jitsi
|
||||||
|
traefik.http.routers.matrix-nginx-proxy-jitsi.rule={{ matrix_nginx_proxy_container_labels_traefik_proxy_jitsi_rule }}
|
||||||
|
traefik.http.routers.matrix-nginx-proxy-jitsi.service=matrix-nginx-proxy-web
|
||||||
|
traefik.http.routers.matrix-nginx-proxy-jitsi.tls={{ matrix_nginx_proxy_container_labels_traefik_proxy_jitsi_tls | to_json }}
|
||||||
|
{% if matrix_nginx_proxy_container_labels_traefik_proxy_jitsi_tls %}
|
||||||
|
traefik.http.routers.matrix-nginx-proxy-jitsi.tls.certResolver={{ matrix_nginx_proxy_container_labels_traefik_tls_certResolver }}
|
||||||
|
{% endif %}
|
||||||
|
traefik.http.routers.matrix-nginx-proxy-jitsi.entrypoints={{ matrix_nginx_proxy_container_labels_traefik_entrypoints }}
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
|
|
||||||
|
{% if matrix_nginx_proxy_container_labels_traefik_proxy_grafana_enabled %}
|
||||||
|
# Grafana
|
||||||
|
traefik.http.routers.matrix-nginx-proxy-grafana.rule={{ matrix_nginx_proxy_container_labels_traefik_proxy_grafana_rule }}
|
||||||
|
traefik.http.routers.matrix-nginx-proxy-grafana.service=matrix-nginx-proxy-web
|
||||||
|
traefik.http.routers.matrix-nginx-proxy-grafana.tls={{ matrix_nginx_proxy_container_labels_traefik_proxy_grafana_tls | to_json }}
|
||||||
|
{% if matrix_nginx_proxy_container_labels_traefik_proxy_grafana_tls %}
|
||||||
|
traefik.http.routers.matrix-nginx-proxy-grafana.tls.certResolver={{ matrix_nginx_proxy_container_labels_traefik_tls_certResolver }}
|
||||||
|
{% endif %}
|
||||||
|
traefik.http.routers.matrix-nginx-proxy-grafana.entrypoints={{ matrix_nginx_proxy_container_labels_traefik_entrypoints }}
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
|
|
||||||
|
{% if matrix_nginx_proxy_container_labels_traefik_proxy_sygnal_enabled %}
|
||||||
|
# Sygnal
|
||||||
|
traefik.http.routers.matrix-nginx-proxy-sygnal.rule={{ matrix_nginx_proxy_container_labels_traefik_proxy_sygnal_rule }}
|
||||||
|
traefik.http.routers.matrix-nginx-proxy-sygnal.service=matrix-nginx-proxy-web
|
||||||
|
traefik.http.routers.matrix-nginx-proxy-sygnal.tls={{ matrix_nginx_proxy_container_labels_traefik_proxy_sygnal_tls | to_json }}
|
||||||
|
{% if matrix_nginx_proxy_container_labels_traefik_proxy_sygnal_tls %}
|
||||||
|
traefik.http.routers.matrix-nginx-proxy-sygnal.tls.certResolver={{ matrix_nginx_proxy_container_labels_traefik_tls_certResolver }}
|
||||||
|
{% endif %}
|
||||||
|
traefik.http.routers.matrix-nginx-proxy-sygnal.entrypoints={{ matrix_nginx_proxy_container_labels_traefik_entrypoints }}
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
|
|
||||||
|
{% if matrix_nginx_proxy_container_labels_traefik_proxy_ntfy_enabled %}
|
||||||
|
# ntfy
|
||||||
|
traefik.http.routers.matrix-nginx-proxy-ntfy.rule={{ matrix_nginx_proxy_container_labels_traefik_proxy_ntfy_rule }}
|
||||||
|
traefik.http.routers.matrix-nginx-proxy-ntfy.service=matrix-nginx-proxy-web
|
||||||
|
traefik.http.routers.matrix-nginx-proxy-ntfy.tls={{ matrix_nginx_proxy_container_labels_traefik_proxy_ntfy_tls | to_json }}
|
||||||
|
{% if matrix_nginx_proxy_container_labels_traefik_proxy_ntfy_tls %}
|
||||||
|
traefik.http.routers.matrix-nginx-proxy-ntfy.tls.certResolver={{ matrix_nginx_proxy_container_labels_traefik_tls_certResolver }}
|
||||||
|
{% endif %}
|
||||||
|
traefik.http.routers.matrix-nginx-proxy-ntfy.entrypoints={{ matrix_nginx_proxy_container_labels_traefik_entrypoints }}
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
|
|
||||||
|
traefik.http.services.matrix-nginx-proxy-web.loadbalancer.server.port=8080
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
|
{{ matrix_nginx_proxy_container_labels_additional_labels }}
|
@ -24,6 +24,7 @@ ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \
|
|||||||
--cap-drop=ALL \
|
--cap-drop=ALL \
|
||||||
--read-only \
|
--read-only \
|
||||||
--tmpfs=/tmp:rw,noexec,nosuid,size={{ matrix_nginx_proxy_tmp_directory_size_mb }}m \
|
--tmpfs=/tmp:rw,noexec,nosuid,size={{ matrix_nginx_proxy_tmp_directory_size_mb }}m \
|
||||||
|
--label-file={{ matrix_nginx_proxy_base_path }}/labels \
|
||||||
--network={{ matrix_nginx_proxy_container_network }} \
|
--network={{ matrix_nginx_proxy_container_network }} \
|
||||||
{% if matrix_nginx_proxy_container_http_host_bind_port %}
|
{% if matrix_nginx_proxy_container_http_host_bind_port %}
|
||||||
-p {{ matrix_nginx_proxy_container_http_host_bind_port }}:8080 \
|
-p {{ matrix_nginx_proxy_container_http_host_bind_port }}:8080 \
|
||||||
|
Loading…
Reference in New Issue
Block a user