quadlets: - name: traefik type: container image: docker.io/traefik:latest pull: newer volumes: - "{{ config_root }}/traefik:/etc/traefik:Z" env: TZ: "{{ tz }}" command: - "--api.dashboard=true" - "--api.insecure=true" - "--providers.file.directory=/etc/traefik/dynamic" - "--providers.file.watch=true" - "--entrypoints.web.address=:80" - "--entrypoints.websecure.address=:443" - "--entrypoints.websecure.http.tls.certFile=/etc/traefik/server.crt" - "--entrypoints.websecure.http.tls.keyFile=/etc/traefik/server.key" - "--log.level=INFO" restart_policy: on-failure configs: - path: "{{ config_root }}/traefik/server.crt" template: {{ traefik_server_cert }} - path: "{{ config_root }}/traefik/server.key" template: {{ traefik_server_key }} - path: "{{ config_root }}/traefik/dynamic/dynamic.yml" template: | --- http: middlewares: redirect-https: redirectScheme: scheme: https permanent: true routers: redirect-to-https: rule: "HostRegexp(`{any:.*}`)" entryPoints: - web middlewares: - redirect-https service: noop {% for app_name in traefik_enabled_apps %} {{ app_name }}: rule: "PathPrefix(`/{{ app_name }}`)" service: {{ app_name }} entryPoints: - websecure tls: {} {% endfor %} dashboard: rule: "PathPrefix(`/dashboard`)" service: api@internal entryPoints: - websecure tls: {} services: noop: loadBalancer: servers: - url: "http://localhost" {% for app_name in traefik_enabled_apps %} {{ app_name }}: loadBalancer: servers: - url: "http://localhost:{{ lookup('vars', app_name).port }}" {% endfor %}