coseeing · AnsonShie · Oct 10, 2025 · Oct 10, 2025 · Oct 10, 2025 · Oct 10, 2025
diff --git a/ansible_yaml/a11yvillage-be-playbook.yml b/ansible_yaml/a11yvillage-be-playbook.yml
@@ -12,9 +12,12 @@
     certbot_source_directory: /usr/local/certbot-src
     certbot_executable_path: "{{ certbot_source_directory }}/venv/bin/certbot"
     domain: api.a11yvillage.coseeing.org
+    traefik_certresolver: a11yvillage-api
+    traefik_router_prefix: a11yvillage-api-service--
     email: tsengwoody@coseeing.org
     ecr_location: 622913514517.dkr.ecr.ap-northeast-1.amazonaws.com
     image_name: "{{ ecr_location }}/a11yvillage-be:{{ deploy_tag }}"
+    traefik_path: /data/entry/entry
   collections:
     - community.docker
     - community.aws
@@ -83,6 +86,17 @@
         mode: '0755'
       become: true
 
+    - name: Load Traefik source config (a11yvillage-be)
+      set_fact:
+        traefik_source_config: "{{ lookup('file', playbook_dir + '/extra/a11yvillage-be.yml') | from_yaml }}"
+
+    - name: Transform Traefik config (placeholders -> prefix -> labels)
+      set_fact:
+        traefik_labels_list: "{{ (traefik_source_config
+          | replace_placeholders(domain, traefik_certresolver)
+          | apply_prefix(traefik_router_prefix)
+          ) | flatten_to_labels }}"
+
     - name: Create .env file
       copy:
         dest: "{{ docker_compose_dir }}/.env"
@@ -109,12 +123,7 @@
               networks:
                 - default
                 - entry
-              labels:
-                - "traefik.enable=true"
-                - "traefik.http.routers.api-a11yvillage.rule=Host(`api.a11yvillage.coseeing.org`)"
-                - "traefik.http.routers.api-a11yvillage.entrypoints=websecure"
-                - "traefik.http.routers.api-a11yvillage.tls.certresolver=api-a11yvillageresolver"
-                - "traefik.docker.network=entry"
+              labels: {{ (['traefik.enable=true', 'traefik.docker.network=entry'] + traefik_labels_list) | to_json }}
               deploy:
                 resources:
                   limits:
@@ -137,6 +146,45 @@
               driver: bridge
               name: entry
 
+    - name: Ensure Traefik config directory exists
+      file:
+        path: "{{ traefik_path }}"
+        state: directory
+        mode: '0755'
+      become: true
+
+    - name: Check if Traefik config exists
+      stat:
+        path: "{{ traefik_path }}/traefik.yml"
+      register: traefik_file
+
+    - name: Load Traefik config when present
+      slurp:
+        src: "{{ traefik_path }}/traefik.yml"
+      register: traefik_slurp
+      when: traefik_file.stat.exists
+
+    - name: Initialize Traefik config fact
+      set_fact:
+        traefik_config: "{{ (traefik_slurp.content | b64decode | from_yaml) if traefik_file.stat.exists else {} }}"
+
+    - name: Ensure certificatesResolvers map exists
+      set_fact:
+        traefik_config: "{{ traefik_config | combine({'certificatesResolvers': (traefik_config.certificatesResolvers | default({}))}, recursive=True) }}"
+
+    - name: Ensure resolver block exists in Traefik config
+      set_fact:
+        traefik_config: "{{ traefik_config | combine({'certificatesResolvers': { (traefik_certresolver): { 'acme': { 'tlsChallenge': {}, 'email': email, 'storage': '/letsencrypt/' + traefik_certresolver + '.json' } }}}, recursive=True) }}"
+      when: traefik_certresolver not in (traefik_config.certificatesResolvers | default({}))
+
+    - name: Write back Traefik config
+      copy:
+        dest: "{{ traefik_path }}/traefik.yml"
+        content: "{{ traefik_config | to_nice_yaml }}"
+        mode: '0644'
+      become: true
+      register: traefik_write_result
+
     - name: Update the repository cache and update package "unzip" to latest version using default
       apt:
         name: unzip
@@ -180,3 +228,17 @@
     - name: Show compose_result Detail info
       debug:
         var: compose_result
+
+    - name: Restart traefik service
+      docker_compose_v2:
+        project_src: "{{ traefik_path }}"
+        state: restarted
+        services:
+          - traefik
+      register: traefik_result
+      when: traefik_write_result.changed
+
+    - name: Show traefik_result Detail info
+      debug:
+        var: traefik_result
+      when: traefik_write_result.changed
diff --git a/ansible_yaml/a11yvillage-fe-playbook.yml b/ansible_yaml/a11yvillage-fe-playbook.yml
@@ -17,6 +17,7 @@
     email: tsengwoody@coseeing.org
     ecr_location: 622913514517.dkr.ecr.ap-northeast-1.amazonaws.com
     image_name: "{{ ecr_location }}/a11yvillage-fe:{{ deploy_tag }}"
+    traefik_path: /data/entry/entry
   collections:
     - community.docker
     - community.aws
@@ -110,6 +111,45 @@
               driver: bridge
               name: entry
 
+    - name: Ensure Traefik config directory exists
+      file:
+        path: "{{ traefik_path }}"
+        state: directory
+        mode: '0755'
+      become: true
+
+    - name: Check if Traefik config exists
+      stat:
+        path: "{{ traefik_path }}/traefik.yml"
+      register: traefik_file
+
+    - name: Load Traefik config when present
+      slurp:
+        src: "{{ traefik_path }}/traefik.yml"
+      register: traefik_slurp
+      when: traefik_file.stat.exists
+
+    - name: Initialize Traefik config fact
+      set_fact:
+        traefik_config: "{{ (traefik_slurp.content | b64decode | from_yaml) if traefik_file.stat.exists else {} }}"
+
+    - name: Ensure certificatesResolvers map exists
+      set_fact:
+        traefik_config: "{{ traefik_config | combine({'certificatesResolvers': (traefik_config.certificatesResolvers | default({}))}, recursive=True) }}"
+
+    - name: Ensure resolver block exists in Traefik config (a11yvillage-fe)
+      set_fact:
+        traefik_config: "{{ traefik_config | combine({'certificatesResolvers': { (traefik_certresolver): { 'acme': { 'tlsChallenge': {}, 'email': email, 'storage': '/letsencrypt/' + traefik_certresolver + '.json' } }}}, recursive=True) }}"
+      when: traefik_certresolver not in (traefik_config.certificatesResolvers | default({}))
+
+    - name: Write back Traefik config
+      copy:
+        dest: "{{ traefik_path }}/traefik.yml"
+        content: "{{ traefik_config | to_nice_yaml }}"
+        mode: '0644'
+      become: true
+      register: traefik_write_result
+
     - name: Update the repository cache and update package "unzip" to latest version using default
       apt:
         name: unzip
@@ -153,3 +193,17 @@
     - name: Show compose_result Detail info
       debug:
         var: compose_result
+
+    - name: Restart traefik service
+      docker_compose_v2:
+        project_src: "{{ traefik_path }}"
+        state: restarted
+        services:
+          - traefik
+      register: traefik_result
+      when: traefik_write_result.changed
+
+    - name: Show traefik_result Detail info
+      debug:
+        var: traefik_result
+      when: traefik_write_result.changed
diff --git a/ansible_yaml/coseeing-be-playbook.yml b/ansible_yaml/coseeing-be-playbook.yml
@@ -12,9 +12,12 @@
     certbot_source_directory: /usr/local/certbot-src
     certbot_executable_path: "{{ certbot_source_directory }}/venv/bin/certbot"
     domain: api.coseeing.org
+    traefik_certresolver: coseeing-api
+    traefik_router_prefix: coseeing-api-service--
     email: tsengwoody@coseeing.org
     ecr_location: 622913514517.dkr.ecr.ap-northeast-1.amazonaws.com
     image_name: "{{ ecr_location }}/coseeing-be:{{ deploy_tag }}"
+    traefik_path: /data/entry/entry
   collections:
     - community.docker
     - community.aws
@@ -83,6 +86,17 @@
         mode: '0755'
       become: true
 
+    - name: Load Traefik source config (coseeing-be)
+      set_fact:
+        traefik_source_config: "{{ lookup('file', playbook_dir + '/extra/coseeing-be.yml') | from_yaml }}"
+
+    - name: Transform Traefik config (placeholders -> prefix -> labels)
+      set_fact:
+        traefik_labels_list: "{{ (traefik_source_config
+          | replace_placeholders(domain, traefik_certresolver)
+          | apply_prefix(traefik_router_prefix)
+          ) | flatten_to_labels }}"
+
     - name: Create .env file
       copy:
         dest: "{{ docker_compose_dir }}/.env"
@@ -110,12 +124,7 @@
               networks:
                 - default
                 - entry
-              labels:
-                - "traefik.enable=true"
-                - "traefik.http.routers.api-coseeing.rule=Host(`api.coseeing.org`)"
-                - "traefik.http.routers.api-coseeing.entrypoints=websecure"
-                - "traefik.http.routers.api-coseeing.tls.certresolver=api-coseeing"
-                - "traefik.docker.network=entry"
+              labels: {{ (['traefik.enable=true', 'traefik.docker.network=entry'] + traefik_labels_list) | to_json }}
               deploy:
                 resources:
                   limits:
@@ -139,6 +148,43 @@
               driver: bridge
               name: entry
 
+    - name: Ensure Traefik config directory exists
+      file:
+        path: "{{ traefik_path }}"
+        state: directory
+        mode: '0755'
+
+    - name: Check if Traefik config exists
+      stat:
+        path: "{{ traefik_path }}/traefik.yml"
+      register: traefik_file
+
+    - name: Load Traefik config when present
+      slurp:
+        src: "{{ traefik_path }}/traefik.yml"
+      register: traefik_slurp
+      when: traefik_file.stat.exists
+
+    - name: Initialize Traefik config fact
+      set_fact:
+        traefik_config: "{{ (traefik_slurp.content | b64decode | from_yaml) if traefik_file.stat.exists else {} }}"
+
+    - name: Ensure certificatesResolvers map exists
+      set_fact:
+        traefik_config: "{{ traefik_config | combine({'certificatesResolvers': (traefik_config.certificatesResolvers | default({}))}, recursive=True) }}"
+
+    - name: Ensure resolver block exists in Traefik config
+      set_fact:
+        traefik_config: "{{ traefik_config | combine({'certificatesResolvers': { (traefik_certresolver): { 'acme': { 'tlsChallenge': {}, 'email': email, 'storage': '/letsencrypt/' + traefik_certresolver + '.json' } }}}, recursive=True) }}"
+      when: traefik_certresolver not in (traefik_config.certificatesResolvers | default({}))
+
+    - name: Write back Traefik config
+      copy:
+        dest: "{{ traefik_path }}/traefik.yml"
+        content: "{{ traefik_config | to_nice_yaml }}"
+        mode: '0644'
+      register: traefik_write_result
+
     - name: Update the repository cache and update package "unzip" to latest version using default
       apt:
         name: unzip
@@ -182,3 +228,17 @@
     - name: Show compose_result Detail info
       debug:
         var: compose_result
+
+    - name: Restart traefik service
+      docker_compose_v2:
+        project_src: "{{ traefik_path }}"
+        state: restarted
+        services:
+          - traefik
+      register: traefik_result
+      when: traefik_write_result.changed
+
+    - name: Show traefik_result Detail info
+      debug:
+        var: traefik_result
+      when: traefik_write_result.changed
diff --git a/ansible_yaml/coseeing-fe-playbook.yml b/ansible_yaml/coseeing-fe-playbook.yml
@@ -17,6 +17,7 @@
     email: tsengwoody@coseeing.org
     ecr_location: 622913514517.dkr.ecr.ap-northeast-1.amazonaws.com
     image_name: "{{ ecr_location }}/coseeing-fe:{{ deploy_tag }}"
+    traefik_path: /data/entry/entry
   collections:
     - community.docker
     - community.aws
@@ -110,6 +111,45 @@
               driver: bridge
               name: entry
 
+    - name: Ensure Traefik config directory exists
+      file:
+        path: "{{ traefik_path }}"
+        state: directory
+        mode: '0755'
+      become: true
+
+    - name: Check if Traefik config exists
+      stat:
+        path: "{{ traefik_path }}/traefik.yml"
+      register: traefik_file
+
+    - name: Load Traefik config when present
+      slurp:
+        src: "{{ traefik_path }}/traefik.yml"
+      register: traefik_slurp
+      when: traefik_file.stat.exists
+
+    - name: Initialize Traefik config fact
+      set_fact:
+        traefik_config: "{{ (traefik_slurp.content | b64decode | from_yaml) if traefik_file.stat.exists else {} }}"
+
+    - name: Ensure certificatesResolvers map exists
+      set_fact:
+        traefik_config: "{{ traefik_config | combine({'certificatesResolvers': (traefik_config.certificatesResolvers | default({}))}, recursive=True) }}"
+
+    - name: Ensure resolver block exists in Traefik config (coseeing-fe)
+      set_fact:
+        traefik_config: "{{ traefik_config | combine({'certificatesResolvers': { (traefik_certresolver): { 'acme': { 'tlsChallenge': {}, 'email': email, 'storage': '/letsencrypt/' + traefik_certresolver + '.json' } }}}, recursive=True) }}"
+      when: traefik_certresolver not in (traefik_config.certificatesResolvers | default({}))
+
+    - name: Write back Traefik config
+      copy:
+        dest: "{{ traefik_path }}/traefik.yml"
+        content: "{{ traefik_config | to_nice_yaml }}"
+        mode: '0644'
+      become: true
+      register: traefik_write_result
+
     - name: Update the repository cache and update package "unzip" to latest version using default
       apt:
         name: unzip
@@ -153,3 +193,17 @@
     - name: Show compose_result Detail info
       debug:
         var: compose_result
+
+    - name: Restart traefik service
+      docker_compose_v2:
+        project_src: "{{ traefik_path }}"
+        state: restarted
+        services:
+          - traefik
+      register: traefik_result
+      when: traefik_write_result.changed
+
+    - name: Show traefik_result Detail info
+      debug:
+        var: traefik_result
+      when: traefik_write_result.changed
diff --git a/ansible_yaml/extra/a11yvillage-be.yml b/ansible_yaml/extra/a11yvillage-be.yml
@@ -0,0 +1,10 @@
+http:
+  routers:
+    https:
+      rule: Host(`(`host`)`)
+      entrypoints: websecure
+      tls:
+        certresolver: (`certresolver`)
+    http:
+      rule: Host(`(`host`)`)
+      entrypoints: webinsecure
diff --git a/ansible_yaml/extra/coseeing-be.yml b/ansible_yaml/extra/coseeing-be.yml
@@ -0,0 +1,10 @@
+http:
+  routers:
+    https:
+      rule: Host(`(`host`)`)
+      entrypoints: websecure
+      tls:
+        certresolver: (`certresolver`)
+    http:
+      rule: Host(`(`host`)`)
+      entrypoints: webinsecure