infrastructure/ansible/plays/services/traefik/docker-compose.yaml

84 lines
2.7 KiB
YAML
Raw Permalink Normal View History

2023-03-30 21:51:23 +02:00
{% set deploy_traefik_fa = with_fa|default(false) %}
---
version: '3.9'
services:
traefik:
2023-10-10 19:03:58 +02:00
image: traefik:v2.10
container_name: traefik
2023-04-20 20:25:54 +02:00
ulimits:
nofile:
soft: 4000
hard: 15000
restart: always
2023-08-10 14:16:30 +02:00
network_mode: host
privileged: true
volumes:
- "/var/run/docker.sock:/var/run/docker.sock:z"
- "./traefik.yaml:/etc/traefik/traefik.yaml:Z,ro"
2022-10-01 15:34:55 +02:00
- "./dynamic.yaml:/etc/traefik/dynamic.yaml:Z,ro"
- "acme:/acme"
2023-04-16 16:10:44 +02:00
labels:
- "prometheus-scrape.enabled=true"
- "prometheus-scrape.port=9091"
- "prometheus-scrape.hostname=host.docker.internal"
2023-03-30 21:51:23 +02:00
{% if deploy_traefik_fa %}
2022-10-01 15:34:55 +02:00
traefik-fa:
2023-04-09 22:08:47 +02:00
image: quay.io/oauth2-proxy/oauth2-proxy:latest
restart: unless-stopped
2023-08-10 16:29:52 +02:00
networks:
2023-09-15 07:56:18 +02:00
- default # needs network access to talk to keycloak
2023-08-10 16:29:52 +02:00
- metrics
2022-10-01 15:34:55 +02:00
depends_on:
- traefik
2023-04-09 22:08:47 +02:00
labels:
traefik.enable: 'true'
2024-01-22 18:56:17 +01:00
traefik.docker.network: '${COMPOSE_PROJECT_NAME}_default'
2023-04-09 22:08:47 +02:00
traefik.http.routers.oauth.entrypoints: websecure
2023-07-12 03:02:31 +02:00
traefik.http.routers.oauth.rule: Host(`traefik-fa.tobiasmanske.de`) || (PathPrefix(`/oauth2`) && !Host(`rss.tobiasmanske.de`))
2023-04-09 22:08:47 +02:00
traefik.http.services.oauth.loadbalancer.server.port: '4180'
2023-04-16 16:10:44 +02:00
prometheus-scrape.enabled: "true"
prometheus-scrape.port: "9091"
2023-04-09 22:08:47 +02:00
environment:
OAUTH2_PROXY_PROVIDER: 'keycloak-oidc'
OAUTH2_PROXY_CLIENT_ID: '{{ traefik.oidc.client_id }}'
OAUTH2_PROXY_CLIENT_SECRET: '{{ traefik.oidc.client_secret }}'
OAUTH2_PROXY_OIDC_ISSUER_URL: '{{ traefik.oidc.issuer_url }}'
OAUTH2_PROXY_COOKIE_DOMAIN: '.tobiasmanske.de'
OAUTH2_PROXY_COOKIE_REFRESH: '1h'
OAUTH2_PROXY_COOKIE_SECURE: 'true'
OAUTH2_PROXY_COOKIE_SECRET: '{{ traefik.oidc.cookie_secret }}'
OAUTH2_PROXY_EMAIL_DOMAINS: '*'
OAUTH2_PROXY_FOOTER: '-'
OAUTH2_PROXY_HTTP_ADDRESS: '0.0.0.0:4180'
2023-04-16 16:10:44 +02:00
OAUTH2_PROXY_METRICS_ADDRESS: "0.0.0.0:9091"
2023-04-09 22:08:47 +02:00
OAUTH2_PROXY_PASS_BASIC_AUTH: 'false'
OAUTH2_PROXY_PASS_USER_HEADERS: 'true'
OAUTH2_PROXY_REVERSE_PROXY: 'true'
OAUTH2_PROXY_SET_AUTHORIZATION_HEADER: 'true'
OAUTH2_PROXY_SET_XAUTHREQUEST: 'true'
OAUTH2_PROXY_WHITELIST_DOMAIN: '.tobiasmanske.de'
whoami:
image: containous/whoami
2022-10-01 15:34:55 +02:00
labels:
- "traefik.enable=true"
2024-01-22 18:56:17 +01:00
- "traefik.docker.network=${COMPOSE_PROJECT_NAME}_default"
2023-04-09 22:08:47 +02:00
- "traefik.http.services.whoami.loadbalancer.server.port=80"
- "traefik.http.routers.whoami.rule=Host(`test.tobiasmanske.de`)"
- "traefik.http.routers.whoami.entryPoints=websecure"
- "traefik.http.routers.whoami.middlewares=oauth@file"
2022-10-01 15:34:55 +02:00
2023-03-30 21:51:23 +02:00
{% endif %}
2022-10-01 15:34:55 +02:00
volumes:
acme:
networks:
default:
driver: bridge
2024-02-22 01:51:53 +01:00
enable_ipv6: true
2023-08-10 16:29:52 +02:00
metrics:
external: true
...