use traefik v2 labels

roles/bitwarden/defaults/main.yml

@@ -4,6 +4,7 @@ bitwarden_available_externally: "false"
 bitwarden_data_directory: "{{ docker_home }}/bitwarden"
 bitwarden_port_a: "19080"
 bitwarden_port_b: "3012"
+bitwarden_hostname: "bitwarden"
 
 # Keep this token secret, this is password to access admin area of your server!
 # This token can be anything, but it's recommended to use a long, randomly generated string of characters,

roles/bitwarden/tasks/main.yml

@@ -22,12 +22,19 @@
       LOG_FILE: "/data/bitwarden.log"
       WEBSOCKET_ENABLED: "true"
     labels:
-      traefik.web.frontend.rule: "Host:bitwarden.{{ ansible_nas_domain }}"
       traefik.enable: "{{ bitwarden_available_externally }}"
-      traefik.web.port: "80"
-      traefik.hub.frontend.rule: "Host:bitwarden.{{ ansible_nas_domain }};Path:/notifications/hub"
-      traefik.hub.port: "bitwarden_port_b"
-      traefik.hub.protocol: "ws"
+      traefik.http.routers.bitwarden.rule: "Host(`{{ bitwarden_hostname }}.{{ ansible_nas_domain }}`)"
+      traefik.http.routers.bitwarden.tls.certresolver: "letsencrypt"
+      traefik.http.routers.bitwarden.tls.domains[0].main: "{{ ansible_nas_domain }}"
+      traefik.http.routers.bitwarden.tls.domains[0].sans: "*.{{ ansible_nas_domain }}"
+      traefik.http.routers.bitwarden.service: "bitwarden"
+      traefik.http.services.bitwarden.loadbalancer.server.port: "80"
+      traefik.http.routers.bitwarden-ws.rule: "Host(`{{ bitwarden_hostname }}.{{ ansible_nas_domain }}`) && Path(`/notifications/hub`)"
+      traefik.http.routers.bitwarden-ws.tls.certresolver: "letsencrypt"
+      traefik.http.routers.bitwarden-ws.tls.domains[0].main: "{{ ansible_nas_domain }}"
+      traefik.http.routers.bitwarden-ws.tls.domains[0].sans: "*.{{ ansible_nas_domain }}"
+      traefik.http.routers.bitwarden-ws.service: "bitwarden-ws"
+      traefik.http.services.bitwarden-ws.loadbalancer.server.port: "3012"
     memory: "{{ bitwarden_memory }}"
     restart_policy: unless-stopped