igor/Ubuntu_docs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

разное

Browse Source
This commit is contained in:
igor
2025-05-15 21:19:32 +05:00
parent 3bbdd7e866
commit 1d99814706
5 changed files with 178 additions and 50 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
Nginx_install.md
View File

@ -11,7 +11,7 @@ ssh igor@88.218.94.134 -p 2200
---------------------------------------------------------------------------------------------------- ----------------------------------------------------------------------------------------------------
```sh ```sh
sudo apt-get update && sudo apt-get update &&
sudo apt-get install nginx sudo apt-get install nginx -y
``` ```
Настройка самоподписанного сертификата для SSL nginx Настройка самоподписанного сертификата для SSL nginx
```sh ```sh
@ -21,10 +21,6 @@ sudo apt-get install nginx
```sh ```sh
sudo openssl dhparam -out /etc/nginx/dhparam.pem 4096 sudo openssl dhparam -out /etc/nginx/dhparam.pem 4096
``` ```
Создаём файл:
```sh
sudo mcedit /etc/nginx/conf.d/ssl.conf
```
И вписываем в него: И вписываем в него:
```sh ```sh
cd /etc/nginx/sites-available/ && cd /etc/nginx/sites-available/ &&

8
PowerDNS_install.md
View File

@ -135,6 +135,14 @@ sudo pdnsutil add-record locust.ge @ CAA 3600 "0 issue \"letsencrypt.org\"" &&
sudo pdnsutil add-record locust.ge @ TXT 3600 "\"v=spf1 ip4:88.218.94.134 -all\"" && sudo pdnsutil add-record locust.ge @ TXT 3600 "\"v=spf1 ip4:88.218.94.134 -all\"" &&
sudo pdnsutil add-record locust.ge @ MX 3600 "10 mail.locust.ge." && sudo pdnsutil add-record locust.ge @ MX 3600 "10 mail.locust.ge." &&
sudo pdnsutil add-record locust.ge mail A 3600 88.218.94.134 sudo pdnsutil add-record locust.ge mail A 3600 88.218.94.134
sudo pdnsutil add-record locust.ge @ NS 3600 ns1.geovizor.top
sudo pdnsutil add-record locust.ge @ NS 3600 ns2.geovizor.top
```
For deleting record please run command:
```sh
pdnsutil delete-rrset locust.ge locust.ge.locust.ge NS
``` ```

14
PowerDNS_install_SQIite3.md
View File

@ -127,3 +127,17 @@ sudo chmod 640 /etc/powerdns/pdns.d/pdns.local.sqlite.conf
``` ```
In PowerDNS configured to auto read config from dir /etc/powerdns/pdns.d/ In PowerDNS configured to auto read config from dir /etc/powerdns/pdns.d/
For delete record from SQLite run:
```sh
cp /var/lib/powerdns/pdns.sqlite3 /var/lib/powerdns/pdns.sqlite3.bak
sqlite3 /var/lib/powerdns/pdns.sqlite3
SELECT id, name FROM domains WHERE name = 'locust.ge';
SELECT id, name, type, content FROM records WHERE name = 'locust.ge.locust.ge' AND type = 'NS';
DELETE FROM records WHERE id IN (25, 26, 27, 28);
.exit
pdns_control notify locust.ge
```

26
Traefik_install.md
View File

@ -80,7 +80,7 @@ providers:
certificatesResolvers: certificatesResolvers:
myresolver: myresolver:
acme: acme:
email: "your-email@example.com" email: "irigm@mail.ru"
storage: "/etc/traefik/acme.json" storage: "/etc/traefik/acme.json"
httpChallenge: httpChallenge:
entryPoint: web entryPoint: web
@ -103,56 +103,56 @@ http:
service: api@internal service: api@internal
ccalm-api-auth: ccalm-api-auth:
rule: "Host(`ccalm.test`) && PathPrefix(`/api/authorization/v02/`)"
service: org_ccalm_api_authorization_v02
entryPoints: entryPoints:
- websecure - websecure
rule: "Host(`ccalm.test`) && PathPrefix(`/api/authorization/v02/`)"
service: org_ccalm_api_authorization_v02
tls: tls:
certresolver: myresolver certresolver: myresolver
middlewares: middlewares:
- strip-auth-prefix - strip-auth-prefix
ccalm-dbms: ccalm-dbms:
rule: "Host(`ccalm.test`) && PathPrefix(`/api/dbms/v09/`)"
service: org_ccalm_dbms_v09
entryPoints: entryPoints:
- websecure - websecure
rule: "Host(`ccalm.test`) && PathPrefix(`/api/dbms/v09/`)"
service: org_ccalm_dbms_v09
tls: tls:
certresolver: myresolver certresolver: myresolver
middlewares: middlewares:
- strip-dbms-prefix - strip-dbms-prefix
ccalm-translation: ccalm-translation:
rule: "Host(`ccalm.test`) && PathPrefix(`/api/translation/v01/`)"
service: org_ccalm_translation_v01
entryPoints: entryPoints:
- websecure - websecure
rule: "Host(`ccalm.test`) && PathPrefix(`/api/translation/v01/`)"
service: org_ccalm_translation_v01
tls: tls:
certresolver: myresolver certresolver: myresolver
#middlewares: #middlewares:
# - strip-translation-prefix # - strip-translation-prefix
ccalm-login: ccalm-login:
rule: "Host(`ccalm.test`) && PathPrefix(`/login/`)"
service: org_ccalm_login_v01
entryPoints: entryPoints:
- websecure - websecure
rule: "Host(`ccalm.test`) && PathPrefix(`/login/`)"
service: org_ccalm_login_v01
tls: tls:
certresolver: myresolver certresolver: myresolver
ccalm-default: ccalm-default:
rule: "Host(`ccalm.test`)"
service: org_ccalm
entryPoints: entryPoints:
- websecure - websecure
rule: "Host(`ccalm.test`)"
service: org_ccalm
tls: tls:
certresolver: myresolver certresolver: myresolver
powerdns: powerdns:
rule: "Host(`powerdns.local`)"
service: local_powerdns
entryPoints: entryPoints:
- websecure - websecure
rule: "Host(`powerdns.local`)"
service: local_powerdns
tls: {} tls: {}
middlewares: middlewares:

172
Traefik_install_CCALM.md
View File

@ -1,7 +1,7 @@
# Устанавливаю Traefik на турецский сервер # Устанавливаю Traefik cервер в Астане
```sh ```sh
ssh igor@156.244.31.209 -p 2200 ssh igor@5.180.46.11 -p 2200
``` ```
# Установка Traefik на Linux Mint / Ubuntu # Установка Traefik на Linux Mint / Ubuntu
@ -24,6 +24,18 @@ cd ~ &&
wget https://github.com/traefik/traefik/releases/download/v3.3.4/traefik_v3.3.4_linux_amd64.tar.gz wget https://github.com/traefik/traefik/releases/download/v3.3.4/traefik_v3.3.4_linux_amd64.tar.gz
``` ```
## 📥 Создаём группу и пользователя под которым будет запускаться traefik
Создаём домашнюю директорию, группу и пользователя:
```sh
sudo mkdir -p /etc/traefik &&
cd /etc/traefik &&
sudo groupadd traefik &&
sudo useradd -s /bin/false -g traefik -d /etc/traefik traefik
```
--- ---
## 📥 Шаг 3. Распаковка и установка ## 📥 Шаг 3. Распаковка и установка
@ -38,6 +50,12 @@ wget https://github.com/traefik/traefik/releases/download/v3.3.4/traefik_v3.3.4_
traefik version traefik version
``` ```
Разрешаем занимать порты с номером меньше 1024
```sh
sudo setcap 'cap_net_bind_service=+ep' /usr/local/bin/traefik
```
```conf ```conf
Version: 3.3.4 Version: 3.3.4
Codename: saintnectaire Codename: saintnectaire
@ -48,12 +66,6 @@ OS/Arch: linux/amd64
--- ---
## 📁 Шаг 4. Создание директории и базового конфига
```sh
sudo mkdir -p /etc/traefik &&
cd /etc/traefik
```
### Пример `traefik.yml` ### Пример `traefik.yml`
```sh ```sh
cd /etc/traefik && cd /etc/traefik &&
@ -76,10 +88,6 @@ api:
dashboard: true dashboard: true
insecure: true insecure: true
providers:
file:
filename: "/etc/traefik/dynamic.yml"
# Настройка сертификатов (пример с Let's Encrypt) # Настройка сертификатов (пример с Let's Encrypt)
certificatesResolvers: certificatesResolvers:
myresolver: myresolver:
@ -89,6 +97,11 @@ certificatesResolvers:
httpChallenge: httpChallenge:
entryPoint: web entryPoint: web
providers:
file:
filename: "/etc/traefik/dynamic.yml"
watch: true
log: log:
level: DEBUG level: DEBUG
EOF EOF
@ -98,61 +111,155 @@ EOF
```sh ```sh
cd /etc/traefik && cd /etc/traefik &&
sudo tee /etc/traefik/dynamic.yml > /dev/null <<'EOF' sudo tee /etc/traefik/dynamic.yml > /dev/null <<'EOF'
---
http: http:
routers: routers:
dashboard: dashboard:
entryPoints: entryPoints:
- traefik - traefik
rule: "Host(`localhost`)" rule: "Host(`localhost`)"
service: api@internal service: api@internal
geovizor-api-zones: ccalm-api-auth:
rule: "Host(`geovizor.top`) && PathPrefix(`/api/v1/servers/localhost/zones/`)"
service: top_geovizor_api_zones_v01
entryPoints: entryPoints:
- websecure - websecure
rule: "(Host(`locust.ge`) || Host(`test.ccalm.org`)) && PathPrefix(`/api/authorization/v02/`)"
service: org_ccalm_api_authorization_v02
tls:
certresolver: myresolver
middlewares:
- strip-auth-prefix
ccalm-dbms:
entryPoints:
- websecure
rule: "(Host(`locust.ge`) || Host(`test.ccalm.org`)) && PathPrefix(`/api/dbms/v09/`)"
service: org_ccalm_dbms_v09
tls:
certresolver: myresolver
middlewares:
- strip-dbms-prefix
ccalm-translation:
entryPoints:
- websecure
rule: "(Host(`locust.ge`) || Host(`test.ccalm.org`)) && PathPrefix(`/api/translation/v01/`)"
service: org_ccalm_translation_v01
tls: tls:
certresolver: myresolver certresolver: myresolver
geovizor-default: ccalm-login:
rule: "Host(`geovizor.top`)"
service: top_geovizor_default
entryPoints: entryPoints:
- websecure - websecure
rule: "(Host(`locust.ge`) || Host(`test.ccalm.org`)) && PathPrefix(`/login/`)"
service: org_ccalm_login_v01
tls: tls:
certresolver: myresolver certresolver: myresolver
org-ccalm-main:
entryPoints:
- websecure
rule: "Host(`locust.ge`) || Host(`test.ccalm.org`)"
service: org_ccalm_main
tls:
certresolver: myresolver
acme-http:
rule: "PathPrefix(`/.well-known/acme-challenge/`)"
entryPoints:
- web
middlewares: []
service: noop
priority: 1000
services: services:
top_geovizor_api_zones_v01: # backend org_ccalm_api_authorization_v02
org_ccalm_api_authorization_v02:
loadBalancer: loadBalancer:
servers: servers:
- url: "http://156.244.31.209:8081" - url: "https://127.0.0.1:8082"
serversTransport: insecureTransport
healthCheck: healthCheck:
path: "/" path: "/"
interval: "5s" interval: "5s"
# Бэкенд по умолчанию top_geovizor # org_ccalm_dbms_v09 backend
top_geovizor_default: org_ccalm_dbms_v09:
loadBalancer: loadBalancer:
servers: servers:
- url: "http://127.0.0.1:8082" - url: "https://127.0.0.1:8084"
serversTransport: insecureTransport
healthCheck: healthCheck:
path: "/" path: "/"
interval: "5s" interval: "5s"
# Translation backend
org_ccalm_translation_v01:
loadBalancer:
servers:
- url: "https://ccalm.org"
passHostHeader: false
serversTransport: insecureTransport
healthCheck:
path: ""
interval: "5s"
# Backend for org_ccalm_login_v01 (HTTP, without SSL)
org_ccalm_login_v01:
loadBalancer:
servers:
- url: "https://127.0.0.1:8081"
healthCheck:
path: "/"
interval: "5s"
serversTransport: insecureTransport
# Default backend for ccalm.org
org_ccalm_main:
loadBalancer:
servers:
- url: "https://127.0.0.1:8083"
healthCheck:
path: "/"
interval: "5s"
serversTransport: insecureTransport
# Fake noop secvices
noop:
loadBalancer:
servers:
- url: "http://127.0.0.1"
# Определяем транспорт для отключения проверки SSL # Определяем транспорт для отключения проверки SSL
serversTransports: serversTransports:
insecureTransport: insecureTransport:
insecureSkipVerify: true insecureSkipVerify: true
# Добавляем сертификаты middlewares:
tls: strip-dbms-prefix:
certificates: stripPrefix:
prefixes:
- "/api/dbms/v09"
strip-auth-prefix:
stripPrefix:
prefixes:
- "/api/authorization/v02"
dashboard-auth:
basicAuth:
users:
- "admin:$apr1$NUoqcU3I$O6VxeuGhsA6RSIyh6rNbo." # Пароль хешируется так: htpasswd -nb admin t745632746573t
EOF EOF
``` ```
For checking syntactic:
```sh
yamllint -d "{extends: default, rules: {line-length: disable}}" /etc/traefik/dynamic.yml
```
Для хранения сертификатов файл: Для хранения сертификатов файл:
```sh ```sh
sudo touch /etc/traefik/acme.json && sudo touch /etc/traefik/acme.json &&
@ -167,10 +274,12 @@ EOF
cd /etc/systemd/system && cd /etc/systemd/system &&
sudo tee /etc/systemd/system/traefik.service > /dev/null <<'EOF' sudo tee /etc/systemd/system/traefik.service > /dev/null <<'EOF'
[Unit] [Unit]
Description=Traefik Description=Reverse proxy Traefik
After=network.target After=network.target
[Service] [Service]
User=traefik
Group=traefik
ExecStart=/usr/local/bin/traefik --configFile=/etc/traefik/traefik.yml ExecStart=/usr/local/bin/traefik --configFile=/etc/traefik/traefik.yml
Restart=always Restart=always
@ -179,7 +288,6 @@ WantedBy=multi-user.target
EOF EOF
``` ```
Примените: Примените:
```sh ```sh
sudo systemctl daemon-reload && sudo systemctl daemon-reload &&
@ -195,12 +303,11 @@ EOF
--- ---
## 🔎 Шаг 6. Проверка работы ## 🔎 Шаг 6. Проверка работы
Откройте в браузере: Откройте в браузере cпаролем что быше "":
```sh ```sh
open http://localhost:8080/dashboard/ open https://5.180.46.11:8080/dashboard
``` ```
> ⚠️ Доступ к дашборду открыт только с localhost. Для удалённого доступа настройте правила.
--- ---
@ -220,6 +327,9 @@ sudo journalctl -u traefik -f
## 🐳 Как вариант можно установить через Docker ## 🐳 Как вариант можно установить через Docker