Skip to content

Commit

Permalink
Merge pull request #719 from nickjones33/ipallowlist
Browse files Browse the repository at this point in the history
Traefik IPWhiteList deprecated - Use IPAllowList Instead
  • Loading branch information
davestephens authored Aug 16, 2024
2 parents 06d7508 + 3d3bd76 commit 2151f62
Show file tree
Hide file tree
Showing 4 changed files with 17 additions and 7 deletions.
2 changes: 1 addition & 1 deletion roles/bitwarden/defaults/main.yml
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ bitwarden_data_directory: "{{ docker_home }}/bitwarden"
bitwarden_port_a: "19080"
bitwarden_port_b: "3012"
bitwarden_hostname: "bitwarden"
bitwarden_ip_whitelist: "0.0.0.0/0"
bitwarden_ip_allowlist: "0.0.0.0/0"

# Keep this token secret, this is password to access admin area of your server!
# This token can be anything, but it's recommended to use a long, randomly generated string of characters,
Expand Down
11 changes: 8 additions & 3 deletions roles/bitwarden/tasks/main.yml
Original file line number Diff line number Diff line change
@@ -1,6 +1,11 @@
---
- name: Start Bitwarden
block:
- name: Check for Deprecated IP Whitelist setting
ansible.builtin.fail:
msg: "Use bitwarden_ip_allowlist instead of bitwarden_ip_whitelist! Read https://traefik.io/blog/announcing-traefik-proxy-v2-11/ for more information."
when: bitwarden_ip_whitelist is defined

- name: Create Bitwarden Directories
ansible.builtin.file:
path: "{{ item }}"
Expand Down Expand Up @@ -31,16 +36,16 @@
traefik.http.routers.bitwarden.tls.domains[0].main: "{{ ansible_nas_domain }}"
traefik.http.routers.bitwarden.tls.domains[0].sans: "*.{{ ansible_nas_domain }}"
traefik.http.routers.bitwarden.service: "bitwarden"
traefik.http.routers.bitwarden.middlewares: "bitwarden-ipwhitelist@docker"
traefik.http.routers.bitwarden.middlewares: "bitwarden-ipallowlist@docker"
traefik.http.services.bitwarden.loadbalancer.server.port: "80"
traefik.http.routers.bitwarden-ws.rule: "Host(`{{ bitwarden_hostname }}.{{ ansible_nas_domain }}`) && Path(`/notifications/hub`)"
traefik.http.routers.bitwarden-ws.tls.certresolver: "letsencrypt"
traefik.http.routers.bitwarden-ws.tls.domains[0].main: "{{ ansible_nas_domain }}"
traefik.http.routers.bitwarden-ws.tls.domains[0].sans: "*.{{ ansible_nas_domain }}"
traefik.http.routers.bitwarden-ws.service: "bitwarden-ws"
traefik.http.routers.bitwarden-ws.middlewares: "bitwarden-ipwhitelist@docker"
traefik.http.routers.bitwarden-ws.middlewares: "bitwarden-ipallowlist@docker"
traefik.http.services.bitwarden-ws.loadbalancer.server.port: "3012"
traefik.http.middlewares.bitwarden-ipwhitelist.ipwhitelist.sourcerange: "{{ bitwarden_ip_whitelist }}"
traefik.http.middlewares.bitwarden-ipallowlist.ipallowlist.sourcerange: "{{ bitwarden_ip_allowlist }}"
memory: "{{ bitwarden_memory }}"
restart_policy: unless-stopped

Expand Down
2 changes: 1 addition & 1 deletion roles/portainer/defaults/main.yml
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ portainer_data_directory: "{{ docker_home }}/portainer/config"
# network
portainer_port: "9000"
portainer_hostname: "portainer"
portainer_ip_whitelist: "0.0.0.0/0"
portainer_ip_allowlist: "0.0.0.0/0"

# docker
portainer_container_name: "portainer"
Expand Down
9 changes: 7 additions & 2 deletions roles/portainer/tasks/main.yml
Original file line number Diff line number Diff line change
@@ -1,6 +1,11 @@
---
- name: Start Portainer
block:
- name: Check for Deprecated IP Whitelist setting
ansible.builtin.fail:
msg: "Use portainer_ip_allowlist instead of portainer_ip_whitelist! Read https://traefik.io/blog/announcing-traefik-proxy-v2-11/ for more information."
when: portainer_ip_whitelist is defined

- name: Create Portainer Directories
ansible.builtin.file:
path: "{{ item }}"
Expand Down Expand Up @@ -28,8 +33,8 @@
traefik.http.routers.portainer.tls.domains[0].main: "{{ ansible_nas_domain }}"
traefik.http.routers.portainer.tls.domains[0].sans: "*.{{ ansible_nas_domain }}"
traefik.http.services.portainer.loadbalancer.server.port: "9443"
traefik.http.routers.portainer.middlewares: "portainer-ipwhitelist@docker"
traefik.http.middlewares.portainer-ipwhitelist.ipwhitelist.sourcerange: "{{ portainer_ip_whitelist }}"
traefik.http.routers.portainer.middlewares: "portainer-ipallowlist@docker"
traefik.http.middlewares.portainer-ipallowlist.ipallowlist.sourcerange: "{{ portainer_ip_allowlist }}"
when: portainer_enabled is true

- name: Stop Portainer
Expand Down

0 comments on commit 2151f62

Please sign in to comment.