traefik: Replace dns-01 with tls-sni-01

2023-11-05 17:02:09 +01:00 · 2023-11-05 17:02:09 +01:00 · cff8bddc30
commit cff8bddc30
parent dcd6f11d68
3 changed files with 28 additions and 23 deletions
--- a/services/traefik/config/traefik.yaml
+++ b/services/traefik/config/traefik.yaml
@ -77,8 +77,7 @@ certificatesResolvers:
      caServer: "{{ lets_encrypt_url|default('https://acme-v02.api.letsencrypt.org/directory') }}"
      email: "kacper@kadet.net"
      storage: "/etc/traefik/acme/lets-encrypt.json"
-      dnsChallenge: 
-        provider: ovh
+      tlsChallenge: {}
  lets-encrypt-tls:
    acme:
      caServer: "{{ lets_encrypt_url|default('https://acme-v02.api.letsencrypt.org/directory') }}"
--- a/services/traefik/stack.yml
+++ b/services/traefik/stack.yml
@ -2,12 +2,18 @@ version: "{{ compose_version }}"

 services:
  ingress:
-    image: traefik:v2.8
+    image: traefik:v2.10
    env_file:
      - ./ovh.env
    ports:
-      - 80:80
-      - 443:443
+      - target: 80
+        published: 80
+        protocol: tcp
+        mode: host
+      - target: 443
+        published: 443
+        protocol: tcp
+        mode: host
    volumes:
      - ./config/acme:/etc/traefik/acme
      - ./config/traefik.yaml:/etc/traefik/traefik.yaml:ro
@ -17,4 +23,4 @@ services:
      placement:
        constraints:
          - node.role == manager
-    networks: ['{{ ingress_network }}']
+    networks: ["{{ ingress_network }}"]
--- a/vars/services.yml
+++ b/vars/services.yml
@ -20,27 +20,27 @@ service_config:
    ovh_endpoint: ovh-eu
    ovh_application_key: !vault |
      $ANSIBLE_VAULT;1.1;AES256
-      36316437333734643766303734613564306539363531323832623032343233303739303135633563
-      3263613130636262386463323836353238656164306462660a616533366165313437636331303766
-      33383963393464313032303336343761306436316163346630306262363762613831373838663837
-      6363373339316534640a333766373162343864613730376563303361656138323262306339613530
-      34653466333161353433326632323731306565643930383962653233346162343362
+      30373131373061356637613064356462383064343336633335663830666330363763666631303962
+      3739306161336635326133623864623737303836656166380a633332376335623234353739373939
+      36646538333139323365386434666664333161396461636130336338373337393163653439316364
+      3362396431373838380a636334306362333139623731343061633636393335346563303330656230
+      37613366613338643065356234306333393134323866363132616532643136313734
    ovh_application_secret: !vault |
      $ANSIBLE_VAULT;1.1;AES256
-      37363635656333343863393435343031306630373038663561303038383136616138363538333636
-      6438353634323266356233633034613263653435386262300a393962656564366432643932373264
-      36656161353730376636646233363662376636383461656434306339646339643865626162646435
-      3835623031326137320a653962383531663532663436316264313035356237623466663262643735
-      66646465646531643638653165316531336430356266393631353439633236323733656463643935
-      6436623435613135313862643962663362656539363165303037
+      63613637353337636239326538623466623133353137323261656434393734616430656236313563
+      6635343434303037623233373930646531373038636437610a623763393363336163353834626334
+      65313064626162623138303436383639363261323235356531366562336132353831323133623232
+      3564386138353734340a656166616566623833383530363831346433623032383266306436316637
+      36613436626463613635373437333836646163626663653134326632356430646230663732323962
+      6537636439303866636636303961376138343536333466303736
    ovh_consumer_key: !vault |
      $ANSIBLE_VAULT;1.1;AES256
-      64356531386663353164303762396664393031323864363362346336346166353933336334303563
-      6135386139616638396136336534656562643061653630650a366365653234643439323537663766
-      31643864353032303237633933326334626161646336346532386566333465333230383639313664
-      3531383466316437390a393130303136356262363231643063373763303265393563326565633965
-      39303464363636366638373065363535353161613334373530623062376333373234666161323731
-      3764613331316433653335376337356464313137336563643834
+      39323462633866363837323161313133383438316338303937316335333736366337316636353562
+      3162653032646365363863363835393964326262356531350a616264663663383164613162396237
+      31663662363064623566313530396533633931303635396335633533346662373663353230343038
+      6136356234336235370a646666363933616233643737626264656438333030653433303336326230
+      34303333393266646430663239623962306261343062643935616139366132666133656265643434
+      3932356533663161616332626135613461373432373766333730

    traefik_token: !vault |
      $ANSIBLE_VAULT;1.1;AES256