Add some HTTP-compression-related variables

This commit is contained in:
Slavi Pantaleev 2024-11-15 10:38:05 +02:00
parent e3bfbeb1ce
commit e1a97c6dbf
3 changed files with 21 additions and 10 deletions
docs
roles/mash/playbook_base/defaults

View file

@ -13,9 +13,9 @@ Below, we offer some suggestions for how to make this playbook more interoperabl
## Disabling Traefik installation
If you're installing [Traefik](services/traefik.md) on your server in another way, you can use your already installed Traefik instance and [disable the Traefik instance installed by MASH](services/traefik.md#using-another-traefik-instance-not-installing-traefik).
If you're installing [Traefik](services/traefik.md) on your server in another way, you can use your already installed Traefik instance by pointing MASH to your existing Traefik reverse-proxy (see the [Traefik managed by you](services/traefik.md#traefik-managed-by-you) guide).
If you are using the [matrix-docker-ansible-deploy](https://github.com/spantaleev/matrix-docker-ansible-deploy) playbook, it already runs its own Traefik instance (`matrix-traefik`). We recommend that you [disable the Traefik instance installed by MASH](services/traefik.md#using-another-traefik-instance-not-installing-traefik), because the Traefik instance installed by the Matrix playbook does the same, but also contains additional configuration for handling the Matrix federation port (`8448`).
If you are using the [matrix-docker-ansible-deploy](https://github.com/spantaleev/matrix-docker-ansible-deploy) playbook against the same server where you'd like MASH services installed, it already runs its own Traefik instance (`matrix-traefik`). In this case, we recommend following the same [Traefik managed by you](services/traefik.md#traefik-managed-by-you) guide, because `matrix-docker-ansible-deploy` installs Traefik the same way, but also injects additional configuration for handling the Matrix federation port (`8448` on a `matrix-federation` entrypoint) and internal communication between services (a `matrix-internal-matrix-client-api` entrypoint).
## Disabling Docker installation

View file

@ -9,7 +9,9 @@ Enabling the Traefik service will automatically wire all other services to use i
## Configuration
To enable this service, add the following configuration to your `vars.yml` file and re-run the [installation](../installing.md) process:
To enable this service, add the following configuration to your `vars.yml` file and re-run the [installation](../installing.md) process.
### Traefik managed by the playbook
```yaml
########################################################################
@ -23,11 +25,6 @@ mash_playbook_reverse_proxy_type: playbook-managed-traefik
# The email address that Traefik will pass to Let's Encrypt when obtaining SSL certificates
traefik_config_certificatesResolvers_acme_email: your-email@example.com
# Or, if you'd like to install Traefik yourself:
#
# mash_playbook_reverse_proxy_type: other-traefik-container
# mash_playbook_reverse_proxyable_services_additional_network: traefik
########################################################################
# #
# /traefik #
@ -37,12 +34,11 @@ traefik_config_certificatesResolvers_acme_email: your-email@example.com
Enabling the Traefik service, as shown above, automatically installs a [tecnativa/docker-socket-proxy](https://github.com/Tecnativa/docker-socket-proxy) service/container (powered by the [com.devture.ansible.role.container_socket_proxy](https://github.com/devture/com.devture.ansible.role.container_socket_proxy) Ansible role) to improve security by not mounting a Docker socket into the Traefik container.
This [Ansible role we use for Traefik](https://github.com/mother-of-all-self-hosting/ansible-role-traefik) supports various configuration options. Feel free to consult [its `default/main.yml` variables file](https://github.com/mother-of-all-self-hosting/ansible-role-traefik/blob/main/defaults/main.yml).
Below, you can find some guidance about common tweaks you may wish to do.
## Using another Traefik instance (not installing Traefik)
### Traefik managed by you
Sometimes you may already have a Traefik instance running on the server and you may wish to not have the playbook install Traefik.
@ -56,6 +52,14 @@ mash_playbook_reverse_proxy_type: other-traefik-container
# Tell the playbook to attach services which require reverse-proxying to an additional network by default (e.g. traefik)
# This needs to match your Traefik network.
mash_playbook_reverse_proxyable_services_additional_network: traefik
# Uncomment and adjust the variables below if you'd like to enable HTTP-compression.
#
# For this to work, you will need to define a compress middleware (https://doc.traefik.io/traefik/middlewares/http/compress/) for your Traefik instance
# using a file (https://doc.traefik.io/traefik/providers/file/) or Docker (https://doc.traefik.io/traefik/providers/docker/) configuration provider.
#
# mash_playbook_reverse_proxy_traefik_middleware_compession_enabled: true
# mash_playbook_reverse_proxy_traefik_middleware_compession_name: my-compression-middleware@file
```
## Increase logging verbosity

View file

@ -78,6 +78,13 @@ mash_playbook_docker_installation_daemon_options_custom: {}
# yet still use Traefik installed in another way.
mash_playbook_traefik_labels_enabled: "{{ mash_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}"
# Specifies whether the Traefik reverse-proxy (if `mash_playbook_reverse_proxy_type` indicates that Traefik is being used) defines a compression middleware.
mash_playbook_reverse_proxy_traefik_middleware_compession_enabled: "{{ traefik_config_http_middlewares_compression_enabled if (traefik_enabled and traefik_config_http_middlewares_compression_enabled) else false }}"
# Specifies the name of the compression middleware defined for the Traefik reverse-proxy (if `mash_playbook_reverse_proxy_type` indicates that Traefik is being used).
# It's better to use a fully-qualified middleware name (e.g. `compression@docker` or `compression@file`) here to prevent ambiguity.
mash_playbook_reverse_proxy_traefik_middleware_compession_name: "{{ (traefik_config_http_middlewares_compression_middleware_name + '@file') if traefik_enabled else '' }}"
# Controls the additional network that reverse-proxyable services will be connected to.
mash_playbook_reverse_proxyable_services_additional_network: "{{ traefik_container_network if traefik_enabled | default(false) else '' }}"