Use traefik 2.5.

README.md

@@ -13,19 +13,21 @@ Role Variables
 --------------
 
 ```
+traefik_install_user: {{ ansible_user }
+traefik_install_path: /home/{{ traefik_install_user }}
+traefik_letsencrypt_email: 
 traefik_virtual_host: localhost
-traefik:
+traefik_expose_internally: True
-  expose_internally: True
+traefik_expose_externally: False
-  expose_externally: False
+traefik_use_acme_staging: True
-  use_acme_staging: True
+traefik_dns_challenge_provider: False
-  dns_challenge_provider: False
 # NOT WORKING YET!
 # Extra mapping, for name -> internal address, like myservice: 'http://otherhost:12345'
-  #extra_mapping:
+#traefik_extra_mapping:
 #   myservice: http://otherhost:12345
 # use key:value pairs here to add additional environment variables to your traefik docker image.
 # for instance, if you're using a dns challenge provider place your api keys etc here.
-  #additional_env_vars:
+#traefik_additional_env_vars:
 #  # DUMMY_KEY: DUMMY_VALUE
 #  CLOUDFLARE_EMAIL: EMAIL
 #  CLOUDFLARE_API_KEY: API_KEY

defaults/main.yml

@@ -1,19 +1,20 @@
 ---
 # defaults file for traefik
+traefik_install_user: '{{ ansible_user }}' # This user must be present on the host
+traefik_install_path: '/home/{{ traefik_install_user }}'
 traefik_virtual_host: localhost
-traefik:
+traefik_expose_internally: True
-  expose_internally: True
+traefik_expose_externally: False
-  expose_externally: False
+traefik_enable_acme: False
-  enable_acme: False
+traefik_use_acme_staging: True
-  use_acme_staging: True
+traefik_dns_challenge_provider: False
-  dns_challenge_provider: False
 # NOT WORKING YET!
 # Extra mapping, for name -> internal address, like myservice: 'http://otherhost:12345'
-  #extra_mapping:
+#traefik_extra_mapping:
-  #   myservice: http://otherhost:12345
+#  - myservice: http://otherhost:12345
 # use key:value pairs here to add additional environment variables to your traefik docker image.
 # for instance, if you're using a dns challenge provider place your api keys etc here.
-  #additional_env_vars:
+#traefik_additional_env_vars:
 #  # DUMMY_KEY: DUMMY_VALUE
 #  CLOUDFLARE_EMAIL: EMAIL
 #  CLOUDFLARE_API_KEY: API_KEY

tasks/main.yml

@@ -3,64 +3,64 @@
 
 - name: Ensure traefik config directory exists
   file:
-    path: /home/{{ docker_user }}/traefik
+    path: "{{ traefik_install_path }}/traefik"
     state: directory
-    owner: '{{ docker_user }}'
+    owner: '{{ traefik_install_user }}'
-    group: '{{ docker_user }}'
+    group: '{{ traefik_install_user }}'
   tags: config
 
 - name: Ensure traefik rules directory exists
   file:
-    path: /home/{{ docker_user }}/traefik/rules
+    path: "{{ traefik_install_path }}/traefik/rules"
     state: directory
-    owner: '{{ docker_user }}'
+    owner: '{{ traefik_install_user }}'
-    group: '{{ docker_user }}'
+    group: '{{ traefik_install_user }}'
   tags: config
 
 - name: Provide TLS default options
   template:
     src: templates/t2-rules-tls-options.toml.j2
-    dest: /home/{{ docker_user }}/traefik/rules/tls-options.toml
+    dest: "{{ traefik_install_path }}/traefik/rules/tls-options.toml"
-    owner: "{{ docker_user }}"
+    owner: "{{ traefik_install_user }}"
-    group: "{{ docker_user }}"
+    group: "{{ traefik_install_user }}"
     mode: '0644'
   tags: config
 
 - name: Provide docker-compose.yml
   template:
     src: templates/docker-compose.traefik.yml.j2
-    dest: /home/{{ docker_user }}/traefik/docker-compose.yml
+    dest: "{{ traefik_install_path }}/traefik/docker-compose.yml"
-    owner: "{{ docker_user }}"
+    owner: "{{ traefik_install_user }}"
-    group: "{{ docker_user }}"
+    group: "{{ traefik_install_user }}"
     mode: '0644'
   tags: config
 
 - name: Provide traefik.toml
   template:
     src: templates/traefik.toml.j2
-    dest: /home/{{ docker_user }}/traefik/traefik.toml
+    dest: "{{ traefik_install_path }}/traefik/traefik.toml"
-    owner: "{{ docker_user }}"
+    owner: "{{ traefik_install_user }}"
-    group: "{{ docker_user }}"
+    group: "{{ traefik_install_user }}"
     mode: '0644'
   tags: config
 
-- name: Configure SSL
+- name: Configure SSL (if no existing certificates are found on the server)
   copy:
-    content: ""
+    content: "{}"
     force: no
-    dest: /home/{{ docker_user }}/traefik/acme.json
+    dest: "{{ traefik_install_path }}/traefik/acme.json"
     mode: 0600
   tags: config
 
 - name: "docker-compose: Teardown existing Traefik service (only removes the containers)"
   docker_compose:
-    project_src: "/home/{{ docker_user }}/traefik/"
+    project_src: "{{ traefik_install_path }}/traefik/"
     state: absent
   tags: ['never', 'teardown']
 
 - name: "docker-compose: Start Traefik service"
   docker_compose:
-    project_src: "/home/{{ docker_user }}/traefik/"
+    project_src: "{{ traefik_install_path }}/traefik/"
   register: output
   tags: service_start
 

templates/docker-compose.traefik.yml.j2

@@ -8,28 +8,28 @@ networks:
 services:
   # Load Balancer / SSL / Web Server
   revproxy:
-    image: traefik:v2.2
+    image: traefik:v2.5
-    restart: always
+    restart: unless-stopped
     networks:
       - public
     ports:
-{% if traefik.expose_internally | default(False) %}
+{% if traefik_expose_internally | default(False) %}
       - "8181:8080"
 {% endif %}
       - "80:80"
       - "443:443"
-{% if traefik.additional_env_vars | default(False) %}
+{% if traefik_additional_env_vars | default(False) %}
     environment:
-{% for item in traefik.additional_env_vars | dict2items %}
+{% for item in traefik_additional_env_vars | dict2items %}
       - {{item.key}}={{item.value}}
 {% endfor %}
 {% endif %}
     volumes:
       - /var/run/docker.sock:/var/run/docker.sock
-      - /home/{{ docker_user }}/traefik/traefik.toml:/traefik.toml
+      - {{ traefik_install_path }}/traefik/traefik.toml:/traefik.toml
-      - /home/{{ docker_user }}/traefik/acme.json:/acme.json
+      - {{ traefik_install_path }}/traefik/acme.json:/acme.json
-      - /home/{{ docker_user }}/traefik/rules:/rules
+      - {{ traefik_install_path }}/traefik/rules:/rules
-{% if traefik.expose_externally | default(False) %}
+{% if traefik_expose_externally | default(False) %}
     labels:
       - "traefik.enable=true"
       - "traefik.docker.network=traefik"

templates/traefik.toml.j2

@@ -26,29 +26,29 @@ defaultEntryPoints = ["web", "websecure"]
   directory = "/rules"
   watch = true
 
-{% if traefik.enable_acme %}
+{% if traefik_enable_acme %}
 [certificatesResolvers.defaultresolver.acme]
-{% if traefik.use_acme_staging %}
+{% if traefik_use_acme_staging %}
   caServer = "https://acme-staging-v02.api.letsencrypt.org/directory"
 {% endif %}
-  email = "{{ letsencrypt_email }}"
+  email = "{{ traefik_letsencrypt_email }}"
   storage = "acme.json"
   [certificatesResolvers.defaultresolver.acme.httpChallenge]
     entryPoint = "web"
 {% endif %}
 
 
-{% if traefik.extra_mapping | default(False) %}
+{% if traefik_extra_mapping | default(False) %}
 ### NOT WORKING YET!
 #[backends]
-{% for service_name in traefik.extra_mapping %}
+{% for service_name in traefik_extra_mapping %}
 #[backends.{{ service_name }}_backend]
 #    [backends.{{ service_name }}_backend.servers.server1]
-#    url = "{{ traefik.extra_mapping[service_name] }}"
+#    url = "{{ traefik_extra_mapping[service_name] }}"
 {% endfor %}
 #
 #[frontends]
-{% for service_name in traefik.extra_mapping %}
+{% for service_name in traefik_extra_mapping %}
 #  [frontends.{{ service_name }}_frontend]
 #  backend = "{{ service_name }}_backend"
 #  [frontends.{{ service_name }}_frontend.routes.test_1]