igor/Ubuntu_docs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
2d79601c7a58e6705545b718ba2581ce31d5c525
Ubuntu_docs/Traefik_install.md
igor 3993de1b95 Вазух
2025-04-20 11:38:25 +05:00

381 lines
8.6 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

Открываю нужный сервер
```sh
wsl
```
Или такой:
```sh
ssh igor@192.168.200.85 -p 22
```
# Установка Traefik на Linux Mint / Ubuntu
## 📥 Шаг 1. Установка зависимостей
Убедитесь, что установлены `wget` и `systemd`:
```sh
sudo apt update &&
sudo apt install wget
```
---
## 📥 Шаг 2. Скачать последнюю версию Traefik
Проверь актуальную версию на: [Traefik Releases](https://github.com/traefik/traefik/releases)
Пример для версии `v3.0.0`:
```bash
cd ~ &&
wget https://github.com/traefik/traefik/releases/download/v3.3.4/traefik_v3.3.4_linux_amd64.tar.gz
```
---
## 📥 Шаг 3. Распаковка и установка
```bash
cd ~ &&
tar -xvzf traefik_v3.3.4_linux_amd64.tar.gz &&
sudo mv traefik /usr/local/bin/
```
Проверь версию:
```bash
traefik version
```
---
## 📁 Шаг 4. Создание директории и базового конфига
```sh
sudo mkdir -p /etc/traefik &&
cd /etc/traefik
```
### Пример `traefik.yml`
```sh
cd /etc/traefik &&
sudo tee /etc/traefik/traefik.yml > /dev/null <<'EOF'
entryPoints:
web:
address: ":80"
http:
redirections:
entryPoint:
to: websecure
scheme: https
permanent: true
websecure:
address: ":443"
traefik:
address: ":8080"
api:
dashboard: true
insecure: true
providers:
file:
filename: "/etc/traefik/dynamic.yml"
# Настройка сертификатов (пример с Let's Encrypt)
certificatesResolvers:
myresolver:
acme:
email: "your-email@example.com"
storage: "/etc/traefik/acme.json"
httpChallenge:
entryPoint: web
log:
level: DEBUG
EOF
```
### Пример `dynamic.yml`
```sh
cd /etc/traefik &&
sudo tee /etc/traefik/dynamic.yml > /dev/null <<'EOF'
http:
routers:
dashboard:
entryPoints:
- traefik
rule: "Host(`localhost`)"
service: api@internal
ccalm-api-auth:
rule: "Host(`ccalm.test`) && PathPrefix(`/api/authorization/v02/`)"
service: org_ccalm_api_authorization_v02
entryPoints:
- websecure
tls:
certresolver: myresolver
middlewares:
- strip-auth-prefix
ccalm-dbms:
rule: "Host(`ccalm.test`) && PathPrefix(`/api/dbms/v09/`)"
service: org_ccalm_dbms_v09
entryPoints:
- websecure
tls:
certresolver: myresolver
middlewares:
- strip-dbms-prefix
ccalm-translation:
rule: "Host(`ccalm.test`) && PathPrefix(`/api/translation/v01/`)"
service: org_ccalm_translation_v01
entryPoints:
- websecure
tls:
certresolver: myresolver
middlewares:
- strip-translation-prefix
ccalm-login:
rule: "Host(`ccalm.test`) && PathPrefix(`/login/`)"
service: org_ccalm_login_v01
entryPoints:
- websecure
tls:
certresolver: myresolver
ccalm-default:
rule: "Host(`ccalm.test`)"
service: org_ccalm
entryPoints:
- websecure
tls:
certresolver: myresolver
powerdns:
rule: "Host(`powerdns.local`)"
service: local_powerdns
entryPoints:
- websecure
tls: {}
middlewares:
strip-auth-prefix:
stripPrefix:
prefixes:
- "/api/authorization/v02"
strip-dbms-prefix:
stripPrefix:
prefixes:
- "/api/dbms/v09"
strip-dbms-prefix:
stripPrefix:
prefixes:
- "/api/translation/v01"
services:
# Бэкенд для local_powerdns
local_powerdns:
loadBalancer:
servers:
- url: "http://192.168.200.85:9191"
healthCheck:
path: "/"
interval: "5s"
# Бэкенд для org_ccalm_api_authorization_v02 (HTTPS с отключенной проверкой SSL)
org_ccalm_api_authorization_v02:
loadBalancer:
servers:
- url: "https://192.168.200.184:8082"
serversTransport: insecureTransport # Ссылка на транспорт с отключенной проверкой
healthCheck:
path: "/"
interval: "5s"
# Бэкенд для org_ccalm_dbms_v09 (HTTPS с отключенной проверкой SSL)
org_ccalm_dbms_v09:
loadBalancer:
servers:
- url: "https://192.168.200.184:8084"
serversTransport: insecureTransport
healthCheck:
path: "/"
interval: "5s"
# Бэкенд для org_ccalm_translation_v01 (HTTPS с отключенной проверкой SSL)
org_ccalm_translation_v01:
loadBalancer:
servers:
- url: "https://192.168.200.184:8085"
serversTransport: insecureTransport
healthCheck:
path: "/"
interval: "5s"
# Бэкенд для org_ccalm_login_v01 (HTTP, без SSL)
org_ccalm_login_v01:
loadBalancer:
servers:
- url: "http://192.168.200.184:3000"
healthCheck:
path: "/"
interval: "5s"
# Бэкенд по умолчанию org_ccalm (HTTPS с отключенной проверкой SSL)
org_ccalm:
loadBalancer:
servers:
- url: "https://192.168.200.184:8083"
serversTransport: insecureTransport
healthCheck:
path: "/"
interval: "5s"
# Определяем транспорт для отключения проверки SSL
serversTransports:
insecureTransport:
insecureSkipVerify: true
# Добавляем сертификаты
tls:
certificates:
- certFile: "/etc/traefik/certs/ccalm.test.crt"
keyFile: "/etc/traefik/certs/ccalm.test.key"
- certFile: "/etc/traefik/certs/powerdns.local.crt"
keyFile: "/etc/traefik/certs/powerdns.local.key"
- certFile: "/etc/traefik/certs/wildcard.local.crt"
keyFile: "/etc/traefik/certs/wildcard.local.key"
- certFile: "/etc/traefik/certs/wildcard.test.crt"
keyFile: "/etc/traefik/certs/wildcard.test.key"
EOF
```
Для хранения сертификатов файл:
```sh
sudo touch /etc/traefik/acme.json &&
sudo chmod 600 /etc/traefik/acme.json
```
---
## ⚙️ Шаг 5. Настройка systemd для автозапуска
Создайте файл сервиса:
```sh
cd /etc/systemd/system &&
sudo tee /etc/systemd/system/traefik.service > /dev/null <<'EOF'
[Unit]
Description=Traefik
After=network.target
[Service]
ExecStart=/usr/local/bin/traefik --configFile=/etc/traefik/traefik.yml
Restart=always
[Install]
WantedBy=multi-user.target
EOF
```
Примените:
```sh
sudo systemctl daemon-reload &&
sudo systemctl enable traefik &&
sudo systemctl start traefik &&
sudo systemctl status traefik
```
```sh
sudo systemctl restart traefik
```
---
## 🔎 Шаг 6. Проверка работы
Откройте в браузере:
```sh
open http://localhost:8080/dashboard/
```
> ⚠️ Доступ к дашборду открыт только с localhost. Для удалённого доступа настройте правила.
---
## ✅ Готово!
Traefik установлен, запущен как сервис и готов к работе.
Проверяем какие порты слушает:
```sh
sudo lsof -i -P -n | grep traefik
```
```sh
sudo journalctl -u traefik -f
```
---
## 🐳 Как вариант можно установить через Docker
Если Docker не установлен, установим его:
```sh
sudo apt update && sudo apt upgrade -y
sudo apt install -y docker.io docker-compose
sudo systemctl enable --now docker
```
Проверим версию:
```sh
docker --version
docker-compose --version
```
```sh
sudo mkdir -p /opt/traefik
cd /opt/traefik
```
```sh
cd /opt/traefik &&
sudo tee docker-compose.yml > /dev/null <<'EOF'
services:
traefik:
image: traefik:latest
container_name: traefik
restart: unless-stopped
ports:
- "80:80" # HTTP
- "443:443" # HTTPS
- "8080:8080" # Dashboard
volumes:
- /etc/traefik:/etc/traefik
- /var/run/docker.sock:/var/run/docker.sock:ro
command:
- "--configFile=/etc/traefik/traefik.yml"
networks:
- traefik-net
networks:
traefik-net:
driver: bridge
EOF
```
## Запуск контейнера
```sh
cd /opt/traefik &&
sudo docker-compose up -d
```
```sh
cd /opt/traefik &&
sudo docker-compose down
```
Откройте в браузере:
```sh
open http://192.168.200.85:8080/dashboard/
```
```sh
sudo docker logs traefik
```
Reference in New Issue View Git Blame Copy Permalink