static_websites: Add optional www. alias & missing hidden service header

This patch adds the possibility to automatically create a www. alias for a website and also sets the alt-svc header with an information about a possible hidden service location.
2020-08-14 05:25:34 +02:00 · 2020-08-14 05:25:34 +02:00 · 426cebd2ae
commit 426cebd2ae
parent f429c43fe6
3 changed files with 7 additions and 2 deletions
--- a/roles/static_websites/README.md
+++ b/roles/static_websites/README.md
@ -30,6 +30,8 @@ static_websites:
  example:
    image: docker.io/acme/example-site    # docker image, can include a tag
    domain: example.com                   # domain that is published by traefik
+    certresolver: letsencrypt_cf          # specify traefik cert resolver (optional)
+    www: true                             # Add www. as alias (optional)
    hsts:                                 # HSTS advanced settings (optinal)
      preloaded: true                     # enable preloaded header
      subdomains: true                    # enable all subdomains header
--- a/roles/static_websites/defaults/main.yml
+++ b/roles/static_websites/defaults/main.yml
@ -30,6 +30,7 @@ static_websites_default_traefik_certresolver: letsencrypt_http
 #    image - docker image, can include a tag
 #    domain - domain that is published by traefik
 #    certresolver - specify traefik cert resolver (optional)
+#    www - should we add www. as alias (optional)
 #    hsts: - HSTS advanced settings (optional)
 #      preloaded - enable preloaded header
 #      subdomains - enable all subdomains header
--- a/roles/static_websites/templates/docker-compose.yml
+++ b/roles/static_websites/templates/docker-compose.yml
@ -39,7 +39,7 @@ services:
    security_opt:
      - no-new-privileges
    labels:
-      - "traefik.http.routers.static_websites_{{ key }}.rule=Host(`{{ value.domain }}`) && PathPrefix(`/`)"
+      - "traefik.http.routers.static_websites_{{ key }}.rule=Host(`{{ value.domain }}`{% if value.www is defined and value.www %},`www.{{ value.domain }}`{% endif %}) && PathPrefix(`/`)"
      - "traefik.http.routers.static_websites_{{ key }}.entrypoints=websecure"
      - "traefik.http.routers.static_websites_{{ key }}.tls=true"
      - "traefik.http.routers.static_websites_{{ key }}.tls.certresolver={{ value.certresolver | default(static_websites_default_traefik_certresolver) }}"
@ -55,7 +55,9 @@ services:
      - "traefik.http.middlewares.static_websites_{{ key }}.headers.stsPreload={{ value.hsts.preloaded | default(false) }}"
      - "traefik.http.middlewares.static_websites_{{ key }}.headers.stsIncludeSubdomains={{ value.hsts.subdomains | default(false) }}"
 {% endif %}
-
+{% if proxy_hiddenservice is defined and proxy_hiddenservice.content is defined %}
+      - "traefik.http.middlewares.static_websites_{{ key }}.headers.customresponseheaders.alt-svc=h2={{ proxy_hiddenservice['content'] | b64decode | trim }}:443; ma=2592000"
+{% endif %}
 {% if proxy_network is defined %}
      - "traefik.docker.network={{ proxy_network }}"
 {% endif %}