From f05b5689f86243b227068cf9331d8146fbc33cf8 Mon Sep 17 00:00:00 2001 From: Trygve Laugstøl Date: Mon, 27 Feb 2023 11:35:40 +0100 Subject: unifi-controller --- terraform/conflatorio-docker/traefik.tf | 42 ++++++++++++++++++++++----------- 1 file changed, 28 insertions(+), 14 deletions(-) (limited to 'terraform/conflatorio-docker') diff --git a/terraform/conflatorio-docker/traefik.tf b/terraform/conflatorio-docker/traefik.tf index 46d4671..a1cedec 100644 --- a/terraform/conflatorio-docker/traefik.tf +++ b/terraform/conflatorio-docker/traefik.tf @@ -1,20 +1,20 @@ resource "docker_network" "traefik" { name = "traefik" -# ipv6 = true + # ipv6 = true ipam_config { gateway = "172.20.0.1" subnet = "172.20.0.0/16" } -# ipam_config { -# subnet = "fd00:dead:beef::/48" -# gateway = "fd00:dead:beef::1" -# } + # ipam_config { + # subnet = "fd00:dead:beef::/48" + # gateway = "fd00:dead:beef::1" + # } } resource "docker_image" "traefik" { - name = "traefik:2.9" + name = "traefik:2.9.8" } resource "docker_container" "traefik" { @@ -47,7 +47,10 @@ resource "docker_container" "traefik" { command = [ "--log.level=DEBUG", - "--api.insecure=true", + "--api=true", + "--api.dashboard=true", + "--api.debug=true", + # "--api.insecure=true", "--providers.docker=true", "--providers.docker.exposedbydefault=false", "--entrypoints.websecure.address=:443", @@ -58,15 +61,26 @@ resource "docker_container" "traefik" { "--certificatesresolvers.linode.acme.dnschallenge.resolvers=1.1.1.1:53,8.8.8.8:53", "--certificatesresolvers.linode.acme.email=root@trygvis.io", "--certificatesresolvers.linode.acme.storage=/letsencrypt/acme.json", - ] - # labels { - # label = "traefik.enable" - # value = "true" - # } + # There doesn't seem to be a way to define a specific + # serversTransport through the CLI or lables, to here backend + # certificate checks are globally disabled. + "--serverstransport.insecureskipverify", + ] - # - "{{ docker_service__root }}/traefik/letsencrypt:/letsencrypt" - # - "/var/run/docker.sock:/var/run/docker.sock:ro" + dynamic "labels" { + for_each = [ + { label = "traefik.enable", value = "true" }, + { label = "traefik.http.routers.traefik.service", value = "api@internal" }, + { label = "traefik.http.routers.traefik.rule", value = "Host(`conflatorio.vpn.trygvis.io`)" }, + { label = "traefik.http.routers.traefik.entrypoints", value = "websecure" }, + { label = "traefik.http.routers.traefik.tls.certresolver", value = "linode" }, + ] + content { + label = labels.value["label"] + value = labels.value["value"] + } + } env = [ "LINODE_TOKEN=${data.sops_file_entry.linode_token.data}" -- cgit v1.2.3