From 7a0d18b97f42e498382673b5e3eaa37340fe6f02 Mon Sep 17 00:00:00 2001 From: aleidk Date: Fri, 6 Dec 2024 20:33:28 -0300 Subject: [PATCH] feat: add traefik router to docker swarm --- files/docker/compose-traefik.yaml | 43 ++++++++++++++++ playbooks/setup/alpine.yaml | 85 ++++++++++++++++++++++++++++--- 2 files changed, 121 insertions(+), 7 deletions(-) create mode 100644 files/docker/compose-traefik.yaml diff --git a/files/docker/compose-traefik.yaml b/files/docker/compose-traefik.yaml new file mode 100644 index 0000000..6d50240 --- /dev/null +++ b/files/docker/compose-traefik.yaml @@ -0,0 +1,43 @@ +version: '3' +networks: + reverse-proxy: + external: true +services: + traefik: + container_name: traefix-proxy + image: 'traefik:latest' + restart: unless-stopped + networks: + - reverse-proxy + ports: + - '80:80' + - '443:443' + - '8080:8080' + healthcheck: + test: 'wget -qO- http://localhost:80/ping || exit 1' + interval: 4s + timeout: 2s + retries: 5 + volumes: + - '/var/run/docker.sock:/var/run/docker.sock:ro' + - '/data/coolify/proxy:/traefik' + command: + - '--ping=true' + - '--ping.entrypoint=http' + - '--api.dashboard=true' + - '--api.insecure=true' + - '--entrypoints.http.address=:80' + - '--entryPoints.http.forwardedHeaders.trustedIPs=10.0.10.0/24' + - '--entrypoints.https.address=:443' + - '--entryPoints.https.forwardedHeaders.trustedIPs=10.0.10.0/24' + - '--entrypoints.http.http.encodequerysemicolons=true' + - '--entryPoints.http.http2.maxConcurrentStreams=50' + - '--entrypoints.https.http.encodequerysemicolons=true' + - '--entryPoints.https.http2.maxConcurrentStreams=50' + - '--providers.docker.exposedbydefault=false' + - "--providers.swarm.endpoint=tcp://127.0.0.1:2377" + labels: + - traefik.enable=true + - traefik.http.routers.traefik.entrypoints=http + - traefik.http.routers.traefik.service=api@internal + - traefik.http.services.traefik.loadbalancer.server.port=8080 diff --git a/playbooks/setup/alpine.yaml b/playbooks/setup/alpine.yaml index 51331d0..0eb750d 100644 --- a/playbooks/setup/alpine.yaml +++ b/playbooks/setup/alpine.yaml @@ -85,12 +85,6 @@ key: "{{ robo.authorized_key }}" key_options: "command=\"{{ robo.allowed_commands | join('; ') }}\"" - handlers: - - name: Restart sshd - ansible.builtin.service: - name: sshd - state: restarted - - name: Setup Docker hosts: docker user: root @@ -98,10 +92,13 @@ ../../variables/secrets.yaml tasks: - name: Install packages + notify: Restart docker ansible.builtin.package: state: present name: - docker + - docker-cli-compose + - py3-yaml - py3-pip - py3-docker-py @@ -117,7 +114,71 @@ - name: Enable Docker Swarm mode community.docker.docker_swarm: state: present - advertise_addr: "{{ ansible_default_ipv4.address }}" + + - name: Create Traefik network + community.docker.docker_network: + name: reverse-proxy + driver: overlay + attachable: true + + - name: Deploy Traefik service + community.docker.docker_compose_v2: + remove_orphans: true + project_name: reverse-proxy + definition: + networks: + reverse-proxy: + external: true + services: + traefik: + container_name: traefix-proxy + image: 'traefik:latest' + restart: unless-stopped + networks: + - reverse-proxy + ports: + # listen on host ports without ingress network + - target: 80 + published: 80 + protocol: tcp + mode: host + - target: 443 + published: 443 + protocol: tcp + mode: host + - target: 8080 + published: 8080 + protocol: tcp + mode: host + volumes: + - /var/run/docker.sock:/var/run/docker.sock:ro + healthcheck: + test: 'wget -qO- http://localhost:80/ping || exit 1' + interval: 4s + timeout: 2s + retries: 5 + command: + - '--ping=true' + - '--ping.entrypoint=http' + - '--api.dashboard=true' + - '--api.insecure=true' + - '--entrypoints.http.address=:80' + - '--entryPoints.http.forwardedHeaders.trustedIPs=10.0.10.0/24' + - '--entrypoints.http.http.encodequerysemicolons=true' + - '--entryPoints.http.http2.maxConcurrentStreams=50' + # - "--providers.swarm.endpoint=tcp://{{ ansible_default_ipv4.address }}:2375" + - --providers.swarm.exposedByDefault=false + - --providers.swarm.network=reverse-proxy + deploy: + mode: global + placement: + constraints: + - node.role==manager + labels: + - traefik.enable=true + - traefik.http.routers.traefik.entrypoints=http + - traefik.http.routers.traefik.service=api@internal + - traefik.http.services.traefik.loadbalancer.server.port=8080 - name: Check if Docker context exists local_action: ansible.builtin.command docker context inspect {{ ansible_hostname }} @@ -136,3 +197,13 @@ remote_addrs: ["{{ hostvars['manager']['ansible_default_ipv4']['address'] }}"] when: not docker_swarm_manager | bool + + handlers: + - name: Restart sshd + ansible.builtin.service: + name: sshd + state: restarted + - name: Restart docker + ansible.builtin.service: + name: docker + state: restarted