diff --git a/intern/docker_omada/templates/docker-compose.yml b/intern/docker_omada/templates/docker-compose.yml index 2208464f8399667ce204a9c08c9fab61f6bd366a..9b0923a55fcc3395b9d6a6000780875fb0eea500 100644 --- a/intern/docker_omada/templates/docker-compose.yml +++ b/intern/docker_omada/templates/docker-compose.yml @@ -20,14 +20,16 @@ services: sysctls: - net.ipv4.ip_unprivileged_port_start=0 volumes: + - "{{ certFile }}:/cert/tls.crt:ro" + - "{{ keyFile }}:/cert/tls.key:ro" - "{{ basedir }}/data:/opt/tplink/EAPController/data" - "{{ basedir }}/logs:/opt/tplink/EAPController/logs" environment: TZ: Europe/Berlin PUID: 508 PGID: 508 - MANAGE_HTTP_PORT: 80 - MANAGE_HTTPS_PORT: 443 + MANAGE_HTTP_PORT: 8088 + MANAGE_HTTPS_PORT: 8043 PORTAL_HTTP_PORT: 8088 PORTAL_HTTPS_PORT: 8843 PORT_ADOPT_V1: 29812 @@ -44,10 +46,9 @@ services: - traefik.enable=true - traefik.http.routers.{{ servicename }}.rule=Host(`{{ domain }}`) - traefik.http.routers.{{ servicename }}.entrypoints=websecure - - traefik.http.services.{{ servicename }}.loadbalancer.serversTransport={{ servicename }} - - traefik.http.services.{{ servicename }}.loadbalancer.server.port=443 - - traefik.http.services.{{ servicename }}.loadbalancer.server.scheme=https - - traefik.http.serversTransports.{{ servicename }}.insecureSkipVerify=true + - "traefik.http.routers.{{ servicename }}.middlewares={{ servicename }}-redirect" + - "traefik.http.middlewares.{{ servicename }}-redirect.redirectregex.regex=(.)*" + - "traefik.http.middlewares.{{ servicename }}-redirect.redirectregex.replacement=https://{{ domain }}:8043" networks: - default - web diff --git a/site.yml b/site.yml index 4f9e2907c9e4eed08ff51802a693a9bd371aa6bd..d2de75f704dbd0a2e5e52f5725ad837d1e49dd8b 100644 --- a/site.yml +++ b/site.yml @@ -86,7 +86,9 @@ role: intern/docker_omada, tags: omada, servicename: omada, basedir: /srv/omada, - domain: "omada.warpzone.lan" + domain: "omada.warpzone.lan", + certFile: "/srv/traefik/warpzone+internal+services.pem", + keyFile: "/srv/traefik/warpzone+internal+services.key" } - { role: intern/docker_unifi, tags: unifi,