Julien Fastré
4cef67a91d
Included comments at the top of all template files indicating that they are managed by Ansible and should not be edited manually. This ensures clarity and avoids unintended manual modifications.
53 lines
1.5 KiB
YAML
53 lines
1.5 KiB
YAML
# this file is managed by ansible. Do not edit it by hand.
|
|
services:
|
|
reverse-proxy:
|
|
# The official v3 Traefik docker image
|
|
image: traefik:v3.2
|
|
# Enables the web UI and tells Traefik to listen to docker
|
|
command:
|
|
{% if traefik_debug|default(False) -%}
|
|
- "--log.level=debug"
|
|
{% endif -%}
|
|
{% if traefik_insecure|default(False) -%}
|
|
- "--api.insecure=true"
|
|
{% endif -%}
|
|
- "--providers.docker=true"
|
|
- "--providers.docker.exposedByDefault=false"
|
|
- "--entryPoints.web.address=:80"
|
|
- "--entryPoints.web.http.redirections.entrypoint.scheme=https"
|
|
- "--entryPoints.websecure.address=:443"
|
|
{%+ for ip in traefik_trusted_ips|default([]) +%}
|
|
- "--entryPoints.websecure.forwardedHeaders.trustedIPs={{ ip }}"
|
|
{%+ endfor +%}
|
|
{%+ for c in chills +%}
|
|
{%+ if c.expose_port is not false +%}
|
|
- "--entryPoints.chill{{ c.chill_environment }}.address=:{{ c.expose_port }}"
|
|
{% endif +%}
|
|
{% endfor +%}
|
|
|
|
ports:
|
|
# The HTTP port
|
|
- "80:80"
|
|
- "443:443"
|
|
# The Web UI (enabled by --api.insecure=true)
|
|
- "8080:8080"
|
|
{% for c in chills +%}
|
|
{% if c.expose_port is not false +%}
|
|
- "{{ c.expose_port }}:{{ c.expose_port }}"
|
|
{% endif +%}
|
|
{%+ endfor +%}
|
|
|
|
volumes:
|
|
# So that Traefik can listen to the Docker events
|
|
- /var/run/docker.sock:/var/run/docker.sock
|
|
networks:
|
|
- traefik
|
|
|
|
networks:
|
|
traefik:
|
|
name: traefik
|
|
driver: bridge
|
|
ipam:
|
|
config:
|
|
- subnet: 172.150.0.0/24
|