ansible-roles/docker-services
6
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Activity

Add global ipwhitelist on traefik

Browse Source
This commit is contained in:
tchivert 2023-03-01 18:29:00 +01:00
parent 3dab765238
commit 69e8e45188
5 changed files with 14 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
README.md
View File

@ -57,6 +57,7 @@ Example variables
traefik_domain: 'mydomain.com' traefik_domain: 'mydomain.com'
traefik_letsencrypt_email: 'cert@mydomain.com' traefik_letsencrypt_email: 'cert@mydomain.com'
traefik_ipwhitelist: '42.42.42.42/32, 192.168.1.0/24, 127.0.0.1/32'
maildev_domain: 'maildev.mydomain.com' maildev_domain: 'maildev.mydomain.com'

3
templates/compose/grafana.yml.j2
View File

@ -29,6 +29,9 @@ services:
traefik.http.routers.grafana.tls: true traefik.http.routers.grafana.tls: true
traefik.http.routers.grafana.tls.certresolver: letsencrypt traefik.http.routers.grafana.tls.certresolver: letsencrypt
traefik.http.routers.grafana.entrypoints: websecure traefik.http.routers.grafana.entrypoints: websecure
{% if traefik_ipwhitelist is defined %}
¦ traefik.http.routers.grafana.middlewares: "clientips@docker"
{% endif %}
traefik.http.services.grafana.loadbalancer.server.port: 3000 traefik.http.services.grafana.loadbalancer.server.port: 3000
environment: environment:
GF_AUTH_ANONYMOUS_ENABLED: "{{ grafana_auth_anonymous_enabled|string|lower }}" GF_AUTH_ANONYMOUS_ENABLED: "{{ grafana_auth_anonymous_enabled|string|lower }}"

3
templates/compose/maildev.yml.j2
View File

@ -19,6 +19,9 @@ services:
traefik.http.routers.maildev.tls: true traefik.http.routers.maildev.tls: true
traefik.http.routers.maildev.tls.certresolver: letsencrypt traefik.http.routers.maildev.tls.certresolver: letsencrypt
traefik.http.routers.maildev.entrypoints: websecure traefik.http.routers.maildev.entrypoints: websecure
{% if traefik_ipwhitelist is defined %}
traefik.http.routers.maildev.middlewares: "clientips@docker"
{% endif %}
traefik.http.services.maildev.loadbalancer.server.port: 1080 traefik.http.services.maildev.loadbalancer.server.port: 1080
networks: networks:
- traefik - traefik

3
templates/compose/redisinsight.yml.j2
View File

@ -23,6 +23,9 @@ services:
traefik.http.routers.redisinsight.entrypoints: "websecure" traefik.http.routers.redisinsight.entrypoints: "websecure"
traefik.http.routers.redisinsight.tls.certresolver: "letsencrypt" traefik.http.routers.redisinsight.tls.certresolver: "letsencrypt"
traefik.http.services.redisinsight.loadbalancer.server.port: "5000" traefik.http.services.redisinsight.loadbalancer.server.port: "5000"
{% if traefik_ipwhitelist is defined %}
¦ traefik.http.routers.redisinsight.middlewares: "clientips@docker"
{% endif %}
{% if redisinsight_auth is defined %} {% if redisinsight_auth is defined %}
## AUTH ## AUTH
traefik.http.routers.redisinsight-auth.rule: "Host(`{{ redisinsight_domain }}`)" traefik.http.routers.redisinsight-auth.rule: "Host(`{{ redisinsight_domain }}`)"

3
templates/compose/traefik.yml.j2
View File

@ -34,6 +34,9 @@ services:
traefik.http.routers.traefik.tls.certresolver: letsencrypt traefik.http.routers.traefik.tls.certresolver: letsencrypt
traefik.http.routers.traefik.middlewares: auth traefik.http.routers.traefik.middlewares: auth
traefik.http.routers.dashboard.rule: Host(`{{ traefik_domain }}`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`)) traefik.http.routers.dashboard.rule: Host(`{{ traefik_domain }}`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))
{% if traefik_ipwhitelist is defined %}
traefik.http.middlewares.clientips.ipwhitelist.sourcerange: {{ traefik_ipwhitelist }}
{% endif %}
traefik.http.middlewares.auth.basicauth.users: "ludal:$$apr1$$N3vklVTY$$zrq2kwkaVdynGlakyb4J7." traefik.http.middlewares.auth.basicauth.users: "ludal:$$apr1$$N3vklVTY$$zrq2kwkaVdynGlakyb4J7."
traefik.http.middlewares.auth.basicauth.realm: {{ traefik_domain }} - restricted access traefik.http.middlewares.auth.basicauth.realm: {{ traefik_domain }} - restricted access
logging: logging: