minor: add basic proxy role (#2)
Reviewed-on: #2 Co-authored-by: Luciano Giacchetta <luciano@gianet.us> Co-committed-by: Luciano Giacchetta <luciano@gianet.us>
This commit was merged in pull request #2.
This commit is contained in:
29
templates/traefik-service.j2
Normal file
29
templates/traefik-service.j2
Normal file
@@ -0,0 +1,29 @@
|
||||
# {{ ansible_managed }}
|
||||
[Unit]
|
||||
Description=Traefik
|
||||
Documentation=https://doc.traefik.io/traefik/
|
||||
#After=network-online.target
|
||||
AssertFileIsExecutable={{ traefik_opt }}/traefik
|
||||
AssertPathExists={{ traefik_etc }}/traefik.yml
|
||||
|
||||
[Service]
|
||||
# Run traefik as its own user (create new user with: useradd -r -s /bin/false -U -M traefik)
|
||||
User=traefik
|
||||
AmbientCapabilities=CAP_NET_BIND_SERVICE
|
||||
ReadOnlyDirectories=/
|
||||
|
||||
# configure service behavior
|
||||
Type=notify
|
||||
ExecStart={{ traefik_opt }}/traefik --configFile={{ traefik_etc }}/traefik.yml
|
||||
Restart=always
|
||||
WatchdogSec=1s
|
||||
|
||||
# allow writing of acme.json
|
||||
#ReadWritePaths=/var/traefik/acme.json
|
||||
# depending on log and entrypoint configuration, you may need to allow writing to other paths, too
|
||||
|
||||
# limit number of processes in this unit
|
||||
#LimitNPROC=1
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
Reference in New Issue
Block a user