From 19eb9e11963a4a8165e6e9bafcca699c5c2f4704 Mon Sep 17 00:00:00 2001 From: saibotk Date: Sun, 15 Aug 2021 23:55:23 +0200 Subject: [PATCH] traefik: Allow to define additional entrypoints This patch allows users to easily add new entrypoints on different ports. Such functionality comes in handy when having to deploy something like a docker registry on the same host but on a different port while still utilizing a shared certificate. --- roles/traefik/defaults/main.yml | 9 +++++++++ roles/traefik/templates/docker-compose.yml | 6 ++++++ 2 files changed, 15 insertions(+) diff --git a/roles/traefik/defaults/main.yml b/roles/traefik/defaults/main.yml index aa7f9a1..5b5a7c1 100644 --- a/roles/traefik/defaults/main.yml +++ b/roles/traefik/defaults/main.yml @@ -76,6 +76,15 @@ traefik_dynamic_conf: - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305 +# This config allows to add new entrypoints to traefik which are also automatically exposed / the port is automatically allocated. +# Can be used in cases where traefik needs to be used as a proxy because of the certificates it holds. Eg. gitlab registry on the +# same domain, where we want to use the existing certificate for the registry too. +# +# Example entry: +# - name: gitlabregistry +# port: 5050 +traefik_additional_entrypoints: [] + # Enables debug log level traefik_debug: false diff --git a/roles/traefik/templates/docker-compose.yml b/roles/traefik/templates/docker-compose.yml index 95b22b2..64a7ea0 100644 --- a/roles/traefik/templates/docker-compose.yml +++ b/roles/traefik/templates/docker-compose.yml @@ -95,6 +95,9 @@ services: ports: - "80:80" - "443:443" +{% for entrypoint in traefik_additional_entrypoints %} + - "{{ entrypoint.port }}:{{ entrypoint.port }}" +{% endfor %} volumes: - "{{ traefik_acme_location }}:/etc/traefik/acme" @@ -105,6 +108,9 @@ services: command: - "--entryPoints.web.address=:80" - "--entryPoints.websecure.address=:443" +{% for entrypoint in traefik_additional_entrypoints %} + - "--entryPoints.{{ entrypoint.name }}.address=:{{ entrypoint.port }}" +{% endfor %} - "--accesslog={{ traefik_access_log_enabled | bool | lower }}" {% if traefik_dynamic_conf != omit %} - "--providers.file.directory=/etc/traefik/dynamic_conf"