docker_mailserver_certbot_enabled

2025-11-02 19:07:11 +01:00 · 2025-11-02 19:07:11 +01:00 · 55ed0e8e47
commit 55ed0e8e47
parent 0490fe2404
2 changed files with 26 additions and 0 deletions
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -57,3 +57,6 @@ docker_mailserver_relay_host: ""
 # Nécessite de fournir des variables supplémentaires :
 # - docker_mailserver_dovecot_oauth2_configuration
 docker_mailserver_configure_oauth: false
+
+# Active une configuration avec certbot pour que traefik récupère un certificat
+docker_mailserver_certbot_enabled: false
--- a/templates/docker-compose.yml
+++ b/templates/docker-compose.yml
@ -52,6 +52,29 @@ services:
    networks:
      - default

+{% if docker_mailserver_certbot_enabled %}
+  certificate:
+    image: nginx
+    environment:
+      - NGINX_HOST={{ docker_mailserver_fqdn }}
+      - NGINX_PORT=80
+    labels:
+      traefik.enable: true
+      traefik.docker.network: traefik
+      traefik.http.routers.certificate_{{ docker_mailserver_service_id }}.entrypoints: websecure
+      traefik.http.routers.certificate_{{ docker_mailserver_service_id }}.tls: true
+      traefik.http.routers.certificate_{{ docker_mailserver_service_id }}.tls.certresolver: letsencrypt
+      traefik.http.routers.certificate_{{ docker_mailserver_service_id }}.rule: "Host(`{{ docker_mailserver_fqdn }}`)"
+      traefik.http.services.certificate_{{ docker_mailserver_service_id }}.loadbalancer.server.port: 80
+    restart: always
+    networks:
+      - traefik
+
+{% endif %}
 networks:
  default:
    internal: false
+{% if docker_mailserver_certbot_enabled %}
+  traefik:
+    external: true
+{% endif %}