Merge pull request #677 from khartahk/portainer-add-traefik-whitelist

davestephens · web-flow · commit fc1836a859e4 · 2023-11-19T09:19:35.000Z
portainer: option to set whielisted ips in traefik, use port from vars
diff --git a/roles/portainer/defaults/main.yml b/roles/portainer/defaults/main.yml
@@ -8,6 +8,7 @@ portainer_data_directory: "{{ docker_home }}/portainer/config"
 # network
 portainer_port: "9000"
 portainer_hostname: "portainer"
+portainer_ip_whitelist: "0.0.0.0/0"
 
 # docker
 portainer_container_name: "portainer"
diff --git a/roles/portainer/tasks/main.yml b/roles/portainer/tasks/main.yml
@@ -28,6 +28,8 @@
           traefik.http.routers.portainer.tls.domains[0].main: "{{ ansible_nas_domain }}"
           traefik.http.routers.portainer.tls.domains[0].sans: "*.{{ ansible_nas_domain }}"
           traefik.http.services.portainer.loadbalancer.server.port: "9443"
+          traefik.http.routers.portainer.middlewares: "portainer-ipwhitelist@docker"
+          traefik.http.middlewares.portainer-ipwhitelist.ipwhitelist.sourcerange: "{{ portainer_ip_whitelist }}"
   when: portainer_enabled is true
 
 - name: Stop Portainer
