traefik template update

library/compose/traefik/config/example.externalservice.yaml

@@ -1,21 +0,0 @@
-# --> (Example) Expose an external service using Traefik...
-# http:
-#   # -- Change Router Configuration here...
-#   routers:
-#     your-local-router:
-#       rule: "Host(`your-local-service.your-domain.com`)"  # <-- Change Rules here...
-#       service: your-local-service  # <-- Change Service Name here...
-#       priority: 1000  # <-- (Optional) Change Routing Priority here...
-#       entryPoints:
-#         - web
-#         - websecure
-#       tls:
-#         certResolver: cloudflare
-#
-#   # -- Change Service Configuration here...
-#   services:
-#     your-local-service:  # <-- Change Service Name here...
-#       loadBalancer:
-#         servers:
-#           - url: "http://your-local-service:port"  # <-- Change Target Service URL here...
-# <--

library/compose/traefik/config/example.middleware-authentik.yaml

@@ -1,20 +0,0 @@
-# --> (Example) Securely expose apps using the Traefik proxy outpost...
-# http:
-#   middlewares:
-#     authentik-middleware:
-#       forwardAuth:
-#         address: http://your-authentik-outpost-fqdn:9000/outpost.goauthentik.io/auth/traefik
-#         trustForwardHeader: true
-#         authResponseHeaders:
-#           - X-authentik-username
-#           - X-authentik-groups
-#           - X-authentik-email
-#           - X-authentik-name
-#           - X-authentik-uid
-#           - X-authentik-jwt
-#           - X-authentik-meta-jwks
-#           - X-authentik-meta-outpost
-#           - X-authentik-meta-provider
-#           - X-authentik-meta-app
-#           - X-authentik-meta-version
-# <--

library/compose/traefik/config/example.middleware-passbolt.yaml

@@ -1,22 +0,0 @@
-# --> (Optional) When using Passbolt with Traefik...
-# http:
-#   middlewares:
-#     passbolt-middleware:
-#       headers:
-#         FrameDeny: true
-#         AccessControlAllowMethods: 'GET,OPTIONS,PUT'
-#         AccessControlAllowOriginList:
-#           - origin-list-or-null
-#         AccessControlMaxAge: 100
-#         AddVaryHeader: true
-#         BrowserXssFilter: true
-#         ContentTypeNosniff: true
-#         ForceSTSHeader: true
-#         STSIncludeSubdomains: true
-#         STSPreload: true
-#         ContentSecurityPolicy: default-src 'self' 'unsafe-inline'
-#         CustomFrameOptionsValue: SAMEORIGIN
-#         ReferrerPolicy: same-origin
-#         PermissionsPolicy: vibrate 'self'
-#         STSSeconds: 315360000
-# <--

library/compose/traefik/config/example.tls.yaml

@@ -1,18 +0,0 @@
-# --> (Example) Change TLS Configuration here...
-# tls:
-#   options:
-#     default:
-#       minVersion: VersionTLS12
-#       sniStrict: true
-#       curvePreferences:
-#         - CurveP256
-#         - CurveP384
-#         - CurveP521
-#       cipherSuites:
-#         - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
-#         - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
-#         - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
-#         - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
-#         - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
-#         - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305
-# <--

library/compose/traefik/config/traefik.yaml → library/compose/traefik/config/traefik.yaml.j2

@@ -5,46 +5,51 @@ global:
 
 # --> (Optional) Change log level and format here ...
 #     - level: [TRACE, DEBUG, INFO, WARN, ERROR, FATAL]
-# log:
-#  level: ERROR
-# <--
+{% if traefik_log_level is defined %}
+log:
+  level: {{ traefik_log_level }}
+{% endif %}
 
 # --> (Optional) Enable accesslog here ...
-# accesslog: {}
-# <--
+{% if traefik_accesslog_enabled %}
+accesslog: {}
+{% endif %}
 
 # --> (Optional) Enable API and Dashboard here, don't do in production
-# api:
-#   dashboard: true
-#   insecure: true
-# <--
+{% if dashboard_enabled %}
+api:
+  dashboard: true
+  insecure: true
+{% endif %}
 
 # -- Change EntryPoints here...
 entryPoints:
   web:
     address: :80
     # --> (Optional) Redirect all HTTP to HTTPS
-    # http:
-    #   redirections:
-    #     entryPoint:
-    #       to: websecure
-    #       scheme: https
-    # <--
+    {% if traefik_redirect_http_to_https %}
+    http:
+      redirections:
+        entryPoint:
+          to: websecure
+          scheme: https
+    {% endif %}
   websecure:
     address: :443
 
 # -- Configure your CertificateResolver here...
 certificatesResolvers:
-  cloudflare:
+  {{ traefik_acme_dns_provider }}:
     acme:
       email: {{ acme_email }}
-      storage: /var/traefik/certs/cloudflare-acme.json
+      storage: /var/traefik/certs/acme.json
       caServer: "https://acme-v02.api.letsencrypt.org/directory"
       dnsChallenge:
-        provider: cloudflare  # <-- (Optional) Change this to your DNS provider
+        provider: {{ traefik_acme_dns_provider }}
         resolvers:
-          - "1.1.1.1:53"
-          - "8.8.8.8:53"
+{% for resolver in traefik_acme_dns_resolvers %}
+          - "{{ resolver }}"
+{% endfor %}
 
 # --> (Optional) Disable TLS Cert verification check
 # serversTransport:
@@ -53,10 +58,8 @@ certificatesResolvers:
 
 providers:
   docker:
-    exposedByDefault: false  # <-- (Optional) Change this to true if you want to expose all services
-    # Specify discovery network - This ensures correct name resolving and possible issues with containers, that are in multiple networks.
-    # E.g. Database container in a separate network and a container in the frontend and database network.
-    network: frontend
+    exposedByDefault: false
+    network: {{ network_name }}
   file:
     directory: /etc/traefik
     watch: true

library/compose/traefik/template.yaml

@@ -1,3 +1,4 @@
+
 ---
 kind: "compose"
 metadata:
@@ -22,6 +23,35 @@ spec:
         type: "email"
         description: "Email address for ACME (Let's Encrypt) registration"
         default: ""
+      traefik_log_level:
+        type: "enum"
+        description: "Traefik log level"
+        default: "INFO"
+        values:
+          - "TRACE"
+          - "DEBUG"
+          - "INFO"
+          - "WARN"
+          - "ERROR"
+          - "FATAL"
+      traefik_accesslog_enabled:
+        type: "bool"
+        description: "Enable Traefik access log"
+        default: false
+      traefik_redirect_http_to_https:
+        type: "bool"
+        description: "Redirect all HTTP to HTTPS"
+        default: true
+      traefik_acme_dns_provider:
+        type: "string"
+        description: "ACME DNS provider"
+        default: "cloudflare"
+      traefik_acme_dns_resolvers:
+        type: "list"
+        description: "ACME DNS resolvers"
+        default:
+          - "1.1.1.1:53"
+          - "8.8.8.8:53"
   ports:
     prompt: "Expose ports via 'ports' mapping?"
     toggle: "ports_enabled"