From 2e83bef13c1868b41a4c851a5485198355f15e9b Mon Sep 17 00:00:00 2001
From: Emerson Rocha Luiz <emerson@alligo.com.br>
Date: Tue, 7 Apr 2020 01:16:07 -0300
Subject: [PATCH] traefik-https (#5): NOW it works as expected; improved
 traefik-refactoring-to-yml (#6)

---
 ansible/inventories/etica.dev/hosts.yml       |  2 +-
 .../inventories/etica.dev/traefik/traefik.yml | 49 +++++++++++++++++++
 ansible/playbooks/docker-full-stack-start.yml |  5 +-
 .../playbooks/roles/traefik/defaults/main.yml |  1 +
 .../playbooks/roles/traefik/tasks/install.yml |  5 +-
 .../traefik/templates/traefik.service.j2      |  3 +-
 docker/full-stack/docker-compose.yml          | 33 +++++++------
 7 files changed, 78 insertions(+), 20 deletions(-)

diff --git a/ansible/inventories/etica.dev/hosts.yml b/ansible/inventories/etica.dev/hosts.yml
index 61f06f6..9d6a9a8 100644
--- a/ansible/inventories/etica.dev/hosts.yml
+++ b/ansible/inventories/etica.dev/hosts.yml
@@ -22,7 +22,7 @@ all:
 
     traefik_version: "2.2.0"
     traefik_arch: "linux_amd64"
-    # traefik_force_reinstall: yes
+    traefik_force_reinstall: yes
     traefik_conf_yml: "{{ playbook_dir }}/../inventories/etica.dev/traefik/traefik.yml"
 
     # traefik_api_dashboard: true
diff --git a/ansible/inventories/etica.dev/traefik/traefik.yml b/ansible/inventories/etica.dev/traefik/traefik.yml
index f12e41f..a33527c 100644
--- a/ansible/inventories/etica.dev/traefik/traefik.yml
+++ b/ansible/inventories/etica.dev/traefik/traefik.yml
@@ -1 +1,50 @@
+---
 # See https://github.com/containous/traefik/blob/master/docs/content/reference/static-configuration/file.yaml
+# See https://docs.traefik.io/user-guides/docker-compose/basic-example/
+# See https://docs.traefik.io/user-guides/docker-compose/acme-tls/
+
+# TODO: this fine, if on the inventory dir, will return errors; Fix this
+#       layout structure later (fititnt, 2020-04-07 00:29 BRT)
+
+global:
+  checkNewVersion: true
+  sendAnonymousUsage: false
+
+entryPoints:
+  web:
+    address: ":80"
+  websecure:
+    address: ":443"
+log:
+  level: "DEBUG" # level: "ERROR"
+
+api:
+  insecure: true
+  dashboard: true
+  debug: true
+
+ping:
+  entryPoint: traefik
+
+providers:
+  docker:
+    endpoint: "unix:///var/run/docker.sock"
+    exposedByDefault: true
+
+certificatesresolvers:
+  letsencrypt:
+    acme:
+      email: no-reply@etica.dev
+      storage: /etc/traefik/acme.json
+      tlschallenge: true
+      # Use the Let's Encrypt test server
+      # caserver: "https://acme-staging-v02.api.letsencrypt.org/directory"
+
+  # This is an example. The DNS challange needs tokens depending of the provider
+  # @see https://docs.traefik.io/user-guides/docker-compose/acme-dns/
+  letsencryptDns:
+    acme:
+      email: no-reply@etica.dev
+      storage: /etc/traefik/acme.json
+      dnschallenge:
+        provider: "ovh" # cloudflare, digitalocean, ...
diff --git a/ansible/playbooks/docker-full-stack-start.yml b/ansible/playbooks/docker-full-stack-start.yml
index b6d278d..b14a12c 100644
--- a/ansible/playbooks/docker-full-stack-start.yml
+++ b/ansible/playbooks/docker-full-stack-start.yml
@@ -33,8 +33,9 @@
         project_src: "{{ ansible_env.HOME }}/full-stack/"
         state: present
         services:
-          - hello
-          - hxl-proxy
+        #  - hello
+          - whoami
+        #  - hxl-proxy
       register: output
 
     - name: "docker-full-stack-start | services result"
diff --git a/ansible/playbooks/roles/traefik/defaults/main.yml b/ansible/playbooks/roles/traefik/defaults/main.yml
index 2fdbf90..a24196b 100644
--- a/ansible/playbooks/roles/traefik/defaults/main.yml
+++ b/ansible/playbooks/roles/traefik/defaults/main.yml
@@ -10,6 +10,7 @@ traefik_install_base: "/usr/local/bin/"
 # traefik_conf_yml: "{{ role_path }}/templates/traefik.yml.j2"
 # Please use something like:
 # traefik_conf_yml: "{{ playbook_dir }}/inventories/etica.dev/traefik/traefik.yml"
+# traefik_systemd_service_template: "" # You can also customize the systemd service template
 
 # To force reinstall / update the traefik, please set this to yes
 traefik_force_reinstall: no
diff --git a/ansible/playbooks/roles/traefik/tasks/install.yml b/ansible/playbooks/roles/traefik/tasks/install.yml
index 9155f47..b192543 100644
--- a/ansible/playbooks/roles/traefik/tasks/install.yml
+++ b/ansible/playbooks/roles/traefik/tasks/install.yml
@@ -19,7 +19,7 @@
   file:
     path: "/etc/traefik/acme.json"
     state: touch
-    mode: '0750'
+    mode: '0600'
   # become: yes
 
 - name: "Download {{ traefik_download_url }}"
@@ -37,7 +37,8 @@
 
 - name: "Create systemd service"
   template:
-    src: "traefik.service.j2"
+    # src: "traefik.service.j2"
+    src: "{{ traefik_systemd_service_template | default('traefik.service.j2') }}"
     dest: "/etc/systemd/system/traefik.service"
     mode: 0664
   notify:
diff --git a/ansible/playbooks/roles/traefik/templates/traefik.service.j2 b/ansible/playbooks/roles/traefik/templates/traefik.service.j2
index 54ec847..891cd82 100644
--- a/ansible/playbooks/roles/traefik/templates/traefik.service.j2
+++ b/ansible/playbooks/roles/traefik/templates/traefik.service.j2
@@ -17,7 +17,8 @@ After=network-online.target
 
 # configure service behavior
 Type=notify
-ExecStart=/usr/local/bin/traefik --configFile=/etc/traefik/traefik.toml
+#ExecStart=/usr/local/bin/traefik --configFile=/etc/traefik/traefik.toml
+ExecStart=/usr/local/bin/traefik --configFile=/etc/traefik/traefik.yml
 Restart=always
 WatchdogSec=1s
 
diff --git a/docker/full-stack/docker-compose.yml b/docker/full-stack/docker-compose.yml
index 991797d..e8bc1a2 100644
--- a/docker/full-stack/docker-compose.yml
+++ b/docker/full-stack/docker-compose.yml
@@ -7,26 +7,31 @@ version: "3"
 services:
   # hxldash:
   
-  hello:
-    image: nginxdemos/hello
-    labels:
-      - traefik.http.routers.http.rule=Host(`hello.hxl.etica.dev`)
-      - traefik.http.routers.https.rule=Host(`hello.hxl.etica.dev`)
-      - traefik.http.routers.https.entrypoints=https
-      - traefik.http.routers.https.tls=true
-      # - traefik.http.routers.https.tls.certresolver=letsencrypt
+  # hello:
+  #   image: nginxdemos/hello
+  #   labels:
+  #     - traefik.http.routers.http.rule=Host(`hello.hxl.etica.dev`)
+  #     - traefik.http.routers.https.rule=Host(`hello.hxl.etica.dev`)
+  #     - traefik.http.routers.https.entrypoints=https
+  #     - traefik.http.routers.https.tls=true
+  #     # - traefik.http.routers.https.tls.certresolver=letsencrypt
 
   whoami:
     image: containous/whoami
     container_name: whoami
     labels:
-      - traefik.http.routers.http.rule=Host(`${DOMAIN}`)
-      - traefik.http.routers.http.entrypoints=http
-      - traefik.http.routers.http.middlewares=redirect
-      - traefik.http.routers.https.rule=Host(`${DOMAIN}`)
-      - traefik.http.routers.https.entrypoints=https
-      - traefik.http.routers.https.tls=true
+      - "traefik.enable=true"
+      - "traefik.http.routers.whoami.rule=Host(`whoami.hxl.etica.dev`)"
+      - "traefik.http.routers.whoami.entrypoints=web,websecure"
+      - "traefik.http.routers.whoami.tls.certresolver=letsencrypt"
+      # - traefik.http.routers.http.rule=Host(`${DOMAIN}`)
+      # - traefik.http.routers.http.entrypoints=web,websecure
+      # - traefik.http.routers.http.middlewares=redirect
+      # - traefik.http.routers.https.rule=Host(`${DOMAIN}`)
+      # - traefik.http.routers.https.entrypoints=https
+      # - traefik.http.routers.https.tls=true
       # - traefik.http.routers.https.tls.certresolver=${HTPPS_CERTIFICATE_RESOLVER}
+      # - traefik.http.routers.http.entrypoints=web,websecure
 
   hxl-proxy:
     # image: unocha/hxl-proxy:latest