igor/Ubuntu_docs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

По директориям раскидал

Browse Source
This commit is contained in:
igor
2025-05-20 20:16:22 +05:00
parent cab906cff1
commit 332e1b84e9
18 changed files with 1920 additions and 1460 deletions
Download Patch File Download Diff File Expand all files Collapse all files

395
Proxy/Traefik_install_CCALM.md Normal file
View File

@ -0,0 +1,395 @@
# Устанавливаю Traefik cервер в Астане
```sh
ssh igor@5.180.46.11 -p 2200
```
# Установка Traefik на Linux Mint / Ubuntu
## 📥 Шаг 1. Установка зависимостей
Убедитесь, что установлены `wget` и `systemd`:
```sh
sudo apt update &&
sudo apt install wget
```
---
## 📥 Шаг 2. Скачать последнюю версию Traefik
Проверь актуальную версию на: [Traefik Releases](https://github.com/traefik/traefik/releases)
Пример для версии `v3.0.0`:sudo mc
```sh
cd ~ &&
wget https://github.com/traefik/traefik/releases/download/v3.3.4/traefik_v3.3.4_linux_amd64.tar.gz
```
## 📥 Создаём группу и пользователя под которым будет запускаться traefik
Создаём домашнюю директорию, группу и пользователя:
```sh
sudo mkdir -p /etc/traefik &&
cd /etc/traefik &&
sudo groupadd traefik &&
sudo useradd -s /bin/false -g traefik -d /etc/traefik traefik
```
---
## 📥 Шаг 3. Распаковка и установка
```sh
cd ~ &&
tar -xvzf traefik_v3.3.4_linux_amd64.tar.gz &&
sudo mv traefik /usr/local/bin/
```
Проверь версию:
```sh
traefik version
```
Разрешаем занимать порты с номером меньше 1024
```sh
sudo setcap 'cap_net_bind_service=+ep' /usr/local/bin/traefik
```
```conf
Version: 3.3.4
Codename: saintnectaire
Go version: go1.23.6
Built: 2025-02-25T10:11:01Z
OS/Arch: linux/amd64
```
---
### Пример `traefik.yml`
```sh
cd /etc/traefik &&
sudo tee /etc/traefik/traefik.yml > /dev/null <<'EOF'
entryPoints:
web:
address: ":80"
http:
redirections:
entryPoint:
to: websecure
scheme: https
permanent: true
websecure:
address: ":443"
traefik:
address: ":8080"
api:
dashboard: true
insecure: true
# Настройка сертификатов (пример с Let's Encrypt)
certificatesResolvers:
myresolver:
acme:
email: "irigm@mail.ru"
storage: "/etc/traefik/acme.json"
httpChallenge:
entryPoint: web
providers:
file:
filename: "/etc/traefik/dynamic.yml"
watch: true
log:
level: DEBUG
EOF
```
### Пример `dynamic.yml`
```sh
cd /etc/traefik &&
sudo tee /etc/traefik/dynamic.yml > /dev/null <<'EOF'
---
http:
routers:
dashboard:
entryPoints:
- traefik
rule: "Host(`localhost`)"
service: api@internal
ccalm-api-auth:
entryPoints:
- websecure
rule: "(Host(`locust.ge`) || Host(`test.ccalm.org`)) && PathPrefix(`/api/authorization/v02/`)"
service: org_ccalm_api_authorization_v02
tls:
certresolver: myresolver
middlewares:
- strip-auth-prefix
ccalm-dbms:
entryPoints:
- websecure
rule: "(Host(`locust.ge`) || Host(`test.ccalm.org`)) && PathPrefix(`/api/dbms/v09/`)"
service: org_ccalm_dbms_v09
tls:
certresolver: myresolver
middlewares:
- strip-dbms-prefix
ccalm-translation:
entryPoints:
- websecure
rule: "(Host(`locust.ge`) || Host(`test.ccalm.org`)) && PathPrefix(`/api/translation/v01/`)"
service: org_ccalm_translation_v01
tls:
certresolver: myresolver
ccalm-login:
entryPoints:
- websecure
rule: "(Host(`locust.ge`) || Host(`test.ccalm.org`)) && PathPrefix(`/login/`)"
service: org_ccalm_login_v01
tls:
certresolver: myresolver
org-ccalm-main:
entryPoints:
- websecure
rule: "Host(`locust.ge`) || Host(`test.ccalm.org`)"
service: org_ccalm_main
tls:
certresolver: myresolver
acme-http:
rule: "PathPrefix(`/.well-known/acme-challenge/`)"
entryPoints:
- web
middlewares: []
service: noop
priority: 1000
services:
# backend org_ccalm_api_authorization_v02
org_ccalm_api_authorization_v02:
loadBalancer:
servers:
- url: "https://127.0.0.1:8082"
serversTransport: insecureTransport
healthCheck:
path: "/"
interval: "5s"
# org_ccalm_dbms_v09 backend
org_ccalm_dbms_v09:
loadBalancer:
servers:
- url: "https://127.0.0.1:8084"
serversTransport: insecureTransport
healthCheck:
path: "/"
interval: "5s"
# Translation backend
org_ccalm_translation_v01:
loadBalancer:
servers:
- url: "https://ccalm.org"
passHostHeader: false
serversTransport: insecureTransport
healthCheck:
path: ""
interval: "5s"
# Backend for org_ccalm_login_v01 (HTTP, without SSL)
org_ccalm_login_v01:
loadBalancer:
servers:
- url: "https://127.0.0.1:8081"
healthCheck:
path: "/"
interval: "5s"
serversTransport: insecureTransport
# Default backend for ccalm.org
org_ccalm_main:
loadBalancer:
servers:
- url: "https://127.0.0.1:8083"
healthCheck:
path: "/"
interval: "5s"
serversTransport: insecureTransport
# Fake noop secvices
noop:
loadBalancer:
servers:
- url: "http://127.0.0.1"
# Определяем транспорт для отключения проверки SSL
serversTransports:
insecureTransport:
insecureSkipVerify: true
middlewares:
strip-dbms-prefix:
stripPrefix:
prefixes:
- "/api/dbms/v09"
strip-auth-prefix:
stripPrefix:
prefixes:
- "/api/authorization/v02"
dashboard-auth:
basicAuth:
users:
- "admin:$apr1$NUoqcU3I$O6VxeuGhsA6RSIyh6rNbo." # Пароль хешируется так: htpasswd -nb admin t745632746573t
EOF
```
For checking syntactic:
```sh
yamllint -d "{extends: default, rules: {line-length: disable}}" /etc/traefik/dynamic.yml
```
Для хранения сертификатов файл:
```sh
sudo touch /etc/traefik/acme.json &&
sudo chmod 600 /etc/traefik/acme.json
```
---
## ⚙️ Шаг 5. Настройка systemd для автозапуска
Создайте файл сервиса:
```sh
cd /etc/systemd/system &&
sudo tee /etc/systemd/system/traefik.service > /dev/null <<'EOF'
[Unit]
Description=Reverse proxy Traefik
After=network.target
[Service]
User=traefik
Group=traefik
ExecStart=/usr/local/bin/traefik --configFile=/etc/traefik/traefik.yml
Restart=always
[Install]
WantedBy=multi-user.target
EOF
```
Примените:
```sh
sudo systemctl daemon-reload &&
sudo systemctl enable traefik &&
sudo systemctl start traefik &&
sudo systemctl status traefik
```
```sh
sudo systemctl restart traefik
```
---
## 🔎 Шаг 6. Проверка работы
Откройте в браузере cпаролем что быше "":
```sh
open https://5.180.46.11:8080/dashboard
```
---
## ✅ Готово!
Traefik установлен, запущен как сервис и готов к работе.
Проверяем какие порты слушает:
```sh
sudo lsof -i -P -n | grep traefik
```
```sh
sudo journalctl -u traefik -f
```
---
## 🐳 Как вариант можно установить через Docker
Если Docker не установлен, установим его:
```sh
sudo apt update && sudo apt upgrade -y
sudo apt install -y docker.io docker-compose
sudo systemctl enable --now docker
```
Проверим версию:
```sh
docker --version
docker-compose --version
```
```sh
sudo mkdir -p /opt/traefik
cd /opt/traefik
```
```sh
cd /opt/traefik &&
sudo tee docker-compose.yml > /dev/null <<'EOF'
services:
traefik:
image: traefik:latest
container_name: traefik
restart: unless-stopped
ports:
- "80:80" # HTTP
- "443:443" # HTTPS
- "8080:8080" # Dashboard
volumes:
- /etc/traefik:/etc/traefik
- /var/run/docker.sock:/var/run/docker.sock:ro
command:
- "--configFile=/etc/traefik/traefik.yml"
networks:
- traefik-net
networks:
traefik-net:
driver: bridge
EOF
```
## Запуск контейнера
```sh
cd /opt/traefik &&
sudo docker-compose up -d
```
```sh
cd /opt/traefik &&
sudo docker-compose down
```
Откройте в браузере:
```sh
open http://192.168.200.85:8080/dashboard/
```
```sh
sudo docker logs traefik
```