Merge pull request #719 from nickjones33/ipallowlist

Traefik IPWhiteList deprecated - Use IPAllowList Instead

roles/bitwarden/defaults/main.yml

@@ -5,7 +5,7 @@ bitwarden_data_directory: "{{ docker_home }}/bitwarden"
 bitwarden_port_a: "19080"
 bitwarden_port_b: "3012"
 bitwarden_hostname: "bitwarden"
-bitwarden_ip_whitelist: "0.0.0.0/0"
+bitwarden_ip_allowlist: "0.0.0.0/0"
 
 # Keep this token secret, this is password to access admin area of your server!
 # This token can be anything, but it's recommended to use a long, randomly generated string of characters,

roles/bitwarden/tasks/main.yml

@@ -1,6 +1,11 @@
 ---
 - name: Start Bitwarden
   block:
+    - name: Check for Deprecated IP Whitelist setting
+      ansible.builtin.fail:
+        msg: "Use bitwarden_ip_allowlist instead of bitwarden_ip_whitelist! Read https://traefik.io/blog/announcing-traefik-proxy-v2-11/ for more information."
+      when: bitwarden_ip_whitelist is defined
+
     - name: Create Bitwarden Directories
       ansible.builtin.file:
         path: "{{ item }}"
@@ -31,16 +36,16 @@
           traefik.http.routers.bitwarden.tls.domains[0].main: "{{ ansible_nas_domain }}"
           traefik.http.routers.bitwarden.tls.domains[0].sans: "*.{{ ansible_nas_domain }}"
           traefik.http.routers.bitwarden.service: "bitwarden"
-          traefik.http.routers.bitwarden.middlewares: "bitwarden-ipwhitelist@docker"
+          traefik.http.routers.bitwarden.middlewares: "bitwarden-ipallowlist@docker"
           traefik.http.services.bitwarden.loadbalancer.server.port: "80"
           traefik.http.routers.bitwarden-ws.rule: "Host(`{{ bitwarden_hostname }}.{{ ansible_nas_domain }}`) && Path(`/notifications/hub`)"
           traefik.http.routers.bitwarden-ws.tls.certresolver: "letsencrypt"
           traefik.http.routers.bitwarden-ws.tls.domains[0].main: "{{ ansible_nas_domain }}"
           traefik.http.routers.bitwarden-ws.tls.domains[0].sans: "*.{{ ansible_nas_domain }}"
           traefik.http.routers.bitwarden-ws.service: "bitwarden-ws"
-          traefik.http.routers.bitwarden-ws.middlewares: "bitwarden-ipwhitelist@docker"
+          traefik.http.routers.bitwarden-ws.middlewares: "bitwarden-ipallowlist@docker"
           traefik.http.services.bitwarden-ws.loadbalancer.server.port: "3012"
-          traefik.http.middlewares.bitwarden-ipwhitelist.ipwhitelist.sourcerange: "{{ bitwarden_ip_whitelist }}"
+          traefik.http.middlewares.bitwarden-ipallowlist.ipallowlist.sourcerange: "{{ bitwarden_ip_allowlist }}"
         memory: "{{ bitwarden_memory }}"
         restart_policy: unless-stopped
 

roles/portainer/defaults/main.yml

@@ -8,7 +8,7 @@ portainer_data_directory: "{{ docker_home }}/portainer/config"
 # network
 portainer_port: "9000"
 portainer_hostname: "portainer"
-portainer_ip_whitelist: "0.0.0.0/0"
+portainer_ip_allowlist: "0.0.0.0/0"
 
 # docker
 portainer_container_name: "portainer"

roles/portainer/tasks/main.yml

@@ -1,6 +1,11 @@
 ---
 - name: Start Portainer
   block:
+    - name: Check for Deprecated IP Whitelist setting
+      ansible.builtin.fail:
+        msg: "Use portainer_ip_allowlist instead of portainer_ip_whitelist! Read https://traefik.io/blog/announcing-traefik-proxy-v2-11/ for more information."
+      when: portainer_ip_whitelist is defined
+
     - name: Create Portainer Directories
       ansible.builtin.file:
         path: "{{ item }}"
@@ -28,8 +33,8 @@
           traefik.http.routers.portainer.tls.domains[0].main: "{{ ansible_nas_domain }}"
           traefik.http.routers.portainer.tls.domains[0].sans: "*.{{ ansible_nas_domain }}"
           traefik.http.services.portainer.loadbalancer.server.port: "9443"
-          traefik.http.routers.portainer.middlewares: "portainer-ipwhitelist@docker"
-          traefik.http.middlewares.portainer-ipwhitelist.ipwhitelist.sourcerange: "{{ portainer_ip_whitelist }}"
+          traefik.http.routers.portainer.middlewares: "portainer-ipallowlist@docker"
+          traefik.http.middlewares.portainer-ipallowlist.ipallowlist.sourcerange: "{{ portainer_ip_allowlist }}"
   when: portainer_enabled is true
 
 - name: Stop Portainer