igor/Ubuntu_docs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

+

Browse Source
This commit is contained in:
igor
2025-08-25 07:41:03 +05:00
parent 3ca998f1cf
commit b6111740e8
11 changed files with 649 additions and 214 deletions
Download Patch File Download Diff File Expand all files Collapse all files

209
Proxy/top.geovizor.traefik_first.md Normal file
View File

@ -0,0 +1,209 @@
Congif to first level proxy
Connecting to infrascructure
```sh
ssh igor@192.168.200.81
```
```sh
sudo apt update &&
sudo apt install wget
```
```sh
cd /etc/traefik &&
sudo tee /etc/traefik/traefik.yml > /dev/null <<'EOF'
entryPoints:
web:
address: ":80"
websecure:
address: ":443"
http8080:
address: ":8080"
https8443:
address: ":8443"
traefik:
address: ":8989"
api:
dashboard: true
insecure: true
log:
level: DEBUG
filePath: "/var/log/traefik/traefik.log"
accessLog:
filePath: "/var/log/traefik/access.log"
providers:
file:
filename: "/etc/traefik/dynamic.yml"
watch: true
EOF
```
```sh
cd /etc/traefik &&
sudo tee /etc/traefik/dynamic.yml > /dev/null <<'EOF'
---
http:
routers:
dashboard:
rule: "Host(`192.168.200.81`) && Host(`localhost`)" # или другой домен
entryPoints:
- traefik
service: api@internal
middlewares:
- auth
redirect-to-https:
entryPoints:
- web
rule: "HostRegexp(`{any:.+}`)"
service: noop
middlewares:
- redirect-to-https-middleware
gotify:
entryPoints:
- websecure
- https8443
rule: "Host(`gotify.geovizor.top`)"
service: gotify
tls: true
webdav:
entryPoints:
- websecure
- https8443
rule: "Host(`webdav.geovizor.top`)"
service: webdav
tls: true
ccalm-auth:
entryPoints:
- websecure
rule: "Host(`ccalm.test`) && PathPrefix(`/api/authorization/v02`)"
service: ccalm-auth
middlewares:
- strip-api-authorization
tls: true
ccalm-dbms:
entryPoints:
- websecure
rule: "Host(`ccalm.test`) && PathPrefix(`/api/dbms/v09`)"
service: ccalm-dbms
middlewares:
- strip-api-dbms
tls: true
ccalm-login:
entryPoints:
- websecure
rule: "Host(`ccalm.test`) && PathPrefix(`/login`)"
service: ccalm-login
tls: true
ccalm-default:
entryPoints:
- websecure
rule: "Host(`ccalm.test`)"
service: ccalm-default
tls: true
certbot:
entryPoints:
- websecure
rule: "PathPrefix(`/.well-known/acme-challenge/`)"
service: certbot
tls: true
middlewares:
auth:
basicAuth:
users:
- "admin:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/" # admin/admin
redirect-to-https-middleware:
redirectScheme:
scheme: https
permanent: true
strip-api-authorization:
replacePathRegex:
regex: ^/api/authorization/v02/(.*)
replacement: /$1
strip-api-dbms:
replacePathRegex:
regex: ^/api/dbms/v09/(.*)
replacement: /$1
services:
gotify:
loadBalancer:
servers:
- url: "https://192.168.200.84:8080"
passHostHeader: true
healthCheck:
path: "/"
interval: "5s"
serversTransport: insecureTransport
webdav:
loadBalancer:
servers:
- url: "http://127.0.0.1:8085"
ccalm-auth:
loadBalancer:
servers:
- url: "https://192.168.200.184:8082"
ccalm-dbms:
loadBalancer:
servers:
- url: "https://192.168.200.184:8084"
ccalm-login:
loadBalancer:
servers:
- url: "http://192.168.200.184:3000"
ccalm-default:
loadBalancer:
servers:
- url: "https://192.168.200.184:8083"
certbot:
loadBalancer:
servers:
- url: "http://127.0.0.1:9080"
noop:
loadBalancer:
servers:
- url: "http://0.0.0.0" # placeholder
# Определяем транспорт для отключения проверки SSL
serversTransports:
insecureTransport:
insecureSkipVerify: true
EOF
```
```sh
sudo systemctl daemon-reload &&
sudo systemctl enable traefik &&
sudo systemctl start traefik &&
sudo systemctl status traefik
```