fix: Gitea Traefik routing and connection pool optimization

- Remove middleware reference from Gitea Traefik labels (caused routing issues) - Optimize Gitea connection pool settings (MAX_IDLE_CONNS=30, authentication_timeout=180s) - Add explicit service reference in Traefik labels - Fix intermittent 504 timeouts by improving PostgreSQL connection handling Fixes Gitea unreachability via git.michaelschiemer.de
2025-11-09 14:46:15 +01:00
parent 85c369e846
commit 36ef2a1e2c
1366 changed files with 104925 additions and 28719 deletions
--- a/deployment/ansible/playbooks/setup-ssl-certificates.yml
+++ b/deployment/ansible/playbooks/setup-ssl-certificates.yml
@@ -1,86 +1,19 @@
 ---
- name: Setup Let's Encrypt SSL Certificates via Traefik
-  hosts: production
-  become: no
+# Setup Let's Encrypt SSL Certificates via Traefik
+# Wrapper Playbook for traefik role ssl tasks
+- hosts: production
  gather_facts: yes
-
+  become: no
  vars:
    # ssl_domains and acme_email are defined in group_vars/production.yml
    # Can be overridden via -e flag if needed
-    domains: "{{ ssl_domains | default([gitea_domain, app_domain]) }}"
-
+    traefik_ssl_domains: "{{ ssl_domains | default([gitea_domain, app_domain]) }}"
  tasks:
-    - name: Check if acme.json exists and is a file
-      stat:
-        path: "{{ deploy_user_home }}/de iployment/stacks/traefik/acme.json"
-      register: acme_stat
-
-    - name: Remove acme.json if it's a directory
-      file:
-        path: "{{ deploy_user_home }}/deployment/stacks/traefik/acme.json"
-        state: absent
-      become: yes
-      when: acme_stat.stat.exists and acme_stat.stat.isdir
-
-    - name: Ensure Traefik acme.json exists and has correct permissions
-      file:
-        path: "{{ deploy_user_home }}/deployment/stacks/traefik/acme.json"
-        state: touch
-        mode: '0600'
-        owner: "{{ ansible_user }}"
-        group: "{{ ansible_user }}"
-      become: yes
-
-    - name: Verify Traefik is running
-      command: docker compose -f {{ deploy_user_home }}/deployment/stacks/traefik/docker-compose.yml ps traefik
-      register: traefik_status
-      changed_when: false
-
-    - name: Fail if Traefik is not running
-      fail:
-        msg: "Traefik is not running. Please start it first."
-      when: traefik_status.rc != 0 or "Up" not in traefik_status.stdout
-
-    - name: Force Traefik to reload configuration
-      command: docker compose -f {{ deploy_user_home }}/deployment/stacks/traefik/docker-compose.yml restart traefik
-      changed_when: true
-
-    - name: Wait for Traefik to be ready
-      wait_for:
-        timeout: 10
-      changed_when: false
-
-    - name: Trigger certificate request by accessing each domain
-      uri:
-        url: "https://{{ item }}"
-        method: GET
-        validate_certs: no
-        timeout: 5
-        status_code: [200, 301, 302, 303, 404, 502, 503]
-      loop: "{{ domains }}"
-      register: certificate_trigger
-      changed_when: false
-      ignore_errors: yes
-
-    - name: Wait for ACME certificate generation (30 seconds)
-      wait_for:
-        timeout: 30
-      changed_when: false
-
-    - name: Check if acme.json contains certificates
-      stat:
-        path: "{{ stacks_base_path }}/traefik/acme.json"
-      register: acme_file
-
-    - name: Display certificate status
-      debug:
-        msg: |
-          Certificate setup triggered.
-          Traefik will request Let's Encrypt certificates for:
-          {{ domains | join(', ') }}
-          ACME Email: {{ acme_email }}
-          
-          Check Traefik logs to see certificate generation progress:
-          docker compose -f {{ stacks_base_path }}/traefik/docker-compose.yml logs traefik | grep -i acme
-          
-          Certificates should be ready within 1-2 minutes.
+    - name: Include traefik ssl tasks
+      ansible.builtin.include_role:
+        name: traefik
+        tasks_from: ssl
+  tags:
+    - traefik
+    - ssl
+    - certificates