xbazzi/ansible-on-prem
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
ansible-on-prem/roles/docker/swarm/stacks/files/traefik-compose.yml
xbazzi e7ba86f10a
All checks were successful
Simple Mirror to GitHub / mirror (push) Successful in 35s
Details
Feat: add scylladb + a bunch of stuff I forgot to commit earlier
2025-08-21 23:43:52 -06:00

142 lines
5.1 KiB
YAML
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

services:
traefik:
image: traefik:v3.4
networks:
# Connect to the 'traefik_proxy' overlay network for inter-container communication across nodes
- traefik_proxy
ports:
# Expose Traefik's entry points to the Swarm
# Swarm requires the long syntax for ports.
- target: 80 # Container port (Traefik web entry point)
published: 80 # Host port exposed on the nodes
protocol: tcp
# 'host' mode binds directly to the node's IP where the task runs.
# 'ingress' mode uses Swarm's Routing Mesh (load balances across nodes).
# Choose based on your load balancing strategy. 'host' is often simpler if using an external LB.
mode: host
- target: 443 # Container port ( Traefik websecure entry point)
published: 443 # Host port
protocol: tcp
mode: host
# External EntryPoint host port
- target: 8443
published: 8443
protocol: tcp
mode: host
volumes:
# Mount the Docker socket for the Swarm provider
# This MUST be run from a manager node to access the Swarm API via the socket.
- /docker-shared/stacks/data/traefik/certs:/certs:ro
- /docker-shared/stacks/data/traefik/dynamic:/dynamic:ro
- /docker-shared/stacks/data/traefik/logs:/logs/
- /var/run/docker.sock:/var/run/docker.sock:ro # Swarm API socket
# Traefik Static configuration via command-line arguments
command:
# HTTP EntryPoint
- "--entrypoints.web.address=:80"
# External EntryPoint
- "--entrypoints.external.address=:8443"
- "--entrypoints.external.http.tls=true"
# Configure HTTP to HTTPS Redirection
- "--entrypoints.web.http.redirections.entrypoint.to=websecure"
- "--entrypoints.web.http.redirections.entrypoint.scheme=https"
- "--entrypoints.web.http.redirections.entrypoint.permanent=true"
# HTTPS EntryPoint
- "--entrypoints.websecure.address=:443"
- "--entrypoints.websecure.http.tls=true"
# Attach dynamic TLS file
- "--providers.file.filename=/dynamic/tls.yaml"
# Providers
# Enable the Docker Swarm provider (instead of Docker provider)
- "--providers.swarm.endpoint=unix:///var/run/docker.sock"
# Watch for Swarm service changes (requires socket access)
- "--providers.swarm.watch=true"
# Recommended: Don't expose services by default; require explicit labels
- "--providers.swarm.exposedbydefault=false"
# Specify the default network for Traefik to connect to services
- "--providers.swarm.network=traefik_traefik_proxy"
# API & Dashboard
# - "--api=true" # Enable API
# - "--api"
# - "--api.insecure=true" # Enale API
- "--api.dashboard=true" # Enable the dashboard
- "--api.insecure=false" # Explicitly disable insecure API mod
# Observability
- "--log.level=DEBUG" # Set the Log Level e.g INFO, DEBUG
- "--accesslog=true" # Enable Access Logs
- "--metrics.prometheus=true" # Enable Prometheus
deploy:
mode: replicated
replicas: 1
placement:
# Placement constraints restrict where Traefik tasks can run.
# Running on manager nodes is common for accessing the Swarm API via the socket.
constraints:
- node.role == manager
# Traefik Dynamic configuration via labels
# In Swarm, labels on the service definition configure Traefik routing for that service.
labels:
- "traefik.enable=true"
# Dashboard router
- "traefik.http.routers.dashboard.rule=Host(`traefik.lan.xbazzi.com`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))"
- "traefik.http.routers.dashboard.entrypoints=websecure"
# - "traefik.http.routers.dashboard.entrypoints=web"
- "traefik.http.routers.dashboard.service=api@internal"
- "traefik.http.routers.dashboard.tls=true"
# - "traefik.http.routers.dashboard.tls=false"
# Basicauth middleware
- "traefik.http.middlewares.dashboard-auth.basicauth.users=admin:$$apr1$$E5TT9jjy$$FWtnebebWTH/fiL.oz3jg1"
- "traefik.http.routers.dashboard.middlewares=dashboard-auth@swarm"
# Service hint
- "traefik.http.services.traefik.loadbalancer.server.port=8080"
# Deploy the Whoami application
whoami:
image: traefik/whoami
networks:
- traefik_proxy
deploy:
labels:
# Enable Service discovery for Traefik
- "traefik.enable=true"
# Define the WHoami router rule
- "traefik.http.routers.whoami.rule=Host(`whoami.lan.xbazzi.com`)"
# Expose Whoami on the HTTPS entrypoint
- "traefik.http.routers.whoami.entrypoints=websecure"
# - "traefik.http.routers.whoami.entrypoints=web"
# Enable TLS
- "traefik.http.routers.whoami.tls=true"
# - "traefik.http.routers.whoami.tls=false"
# Expose the whoami port number to Traefik
- "traefik.http.services.whoami.loadbalancer.server.port=80"
placement:
constraints:
- node.role != manager
# Define the overlay network for Swarm
networks:
traefik_proxy:
driver: overlay
attachable: true
Reference in New Issue View Git Blame Copy Permalink