arillso.traefik
Ansible Role: traefik
Contents
Overview
Traefik is a reverse proxy built with Go. It can be used with different systems like Kubernetes and Docker. Version 2 also supports TCP routing.
This role installs Traefik on a server to work as a reverse proxy and load balancer, allowing one server to host multiple Docker applications.
Note: This setup is designed for a single server to manage many applications. If you need high availability, consider using Kubernetes or similar tools with Traefik.
How to Install
ansible-galaxy install arillso.traefik
Requirements
- Docker
Variables Used
Traefik version 2.0 and above uses YAML configuration. This role generates the config based on the provided Ansible variables. There are quick-setup variables for easy installation but you can also customize everything fully.
The quick-setup lets you configure:
- Let's Encrypt certificate resolver
- Standard entrypoints
- Standard Docker provider
Quick-setup variables start with traefik_qs_.
| Name | Default | Description |
|---|---|---|
traefik_dir |
/etc/traefik |
Directory for Traefik data |
traefik_hostname |
"{{ inventory_hostname }}" |
Hostname for this instance |
traefik_network |
traefik_proxy |
Name of the generated network |
traefik_qs_send_anonymous_usage |
false |
Send anonymous usage data |
traefik_qs_https |
false |
Set up HTTPS endpoint |
traefik_qs_https_redirect |
false |
Redirect to HTTPS if needed |
traefik_qs_https_le |
false |
Use Let's Encrypt for TLS (if HTTPS is enabled) |
traefik_qs_https_le_mail |
undefined | Email for Let's Encrypt (Required) |
traefik_qs_log_level |
ERROR |
Log level to apply |
traefik_container_name |
'traefik' |
Name of the container |
traefik_network_name |
'traefik_proxy' |
Network name |
traefik_network_ipam_subnet |
'172.16.1.0/24' |
Subnet |
traefik_network_ipam_gateway |
'172.16.1.1' |
Gateway |
traefik_network_ipam_iprange |
'172.16.1.0/24' |
IP range |
traefik_image |
'traefik' |
Image to use |
traefik_add_volumes |
[] |
Additional volumes to mount |
traefik_ports |
['80:80', '443:443'] |
Shared ports |
traefik_labels |
{} |
Labels for the Traefik container |
The default config names are:
- Entrypoints:
httphttps
- Providers:
docker
- Certificate Resolvers:
letsencrypt
Detailed Configuration
This role also allows detailed configuration of Traefik using YAML. The following variables can be used for that:
| Name | Default | Description |
|---|---|---|
traefik_confkey_global |
undefined | see Docs 📑 |
traefik_confkey_serversTransport |
undefined | see Docs 📑 |
traefik_confkey_entryPoints |
undefined | see Docs 📑 |
traefik_confkey_providers |
undefined | see Docs 📑 |
traefik_confkey_api |
undefined | see Docs 📑 |
traefik_confkey_metrics |
undefined | see Docs 📑 |
traefik_confkey_ping |
undefined | see Docs 📑 |
traefik_confkey_log |
undefined | see Docs 📑 |
traefik_confkey_accessLog |
undefined | see Docs 📑 |
traefik_confkey_tracing |
undefined | see Docs 📑 |
traefik_confkey_hostResolver |
undefined | see Docs 📑 |
traefik_confkey_certificatesResolvers |
undefined | see Docs 📑 |
These keys are combined into the configuration after the quick-setup config. Use the combine() filter in non-recursive mode to add options as needed. To overwrite quick-setup variables, use their corresponding keys.
Compatibility with Other Roles
This role builds on the previous sbaerlocher/ansible.traefik role for Traefik v2. Most variables from that role will still work, except for three specific cases which need you to update your config using the _confkey_ variables.
Variables Needing Manual Updates
traefik_configuration_file
The traefik_configuration_file does not affect your installation. Traefik's config changed with version 2 and is not backward compatible. Refer to the Traefik docs to recreate your custom configuration using the _confkey_ variables.
traefik_api
The API setup in Traefik v2 allows various configurations. For simplicity, we removed automatic API configuration since it may not easily merge with custom settings.
To create a basic, unsecured API on container port 8080, use:
traefik_confkey_api:
insecure: true
dashboard: true # Enables the dashboard
traefik_ports:
- '80:80'
- '443:443'
- '8080:8080'
This will set up an entrypoint on port 8080.
traefik_ping
Like the API, ping configuration allows for custom setups, making automatic generation unfeasible.
Follow the Traefik config docs for ping for your desired setup. For example, to expose the ping endpoint on port 8082, use:
traefik_confkey_entryPoints:
ping:
address: ':8082'
traefik_confkey_ping:
entryPoint: 'ping'
traefik_ports:
- '80:80'
- '443:443'
- '8082:8082'
ansible-galaxy install arillso.traefik