igor/Ubuntu_docs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

разное

Browse Source
This commit is contained in:
igor
2025-05-15 21:19:32 +05:00
parent 3bbdd7e866
commit 1d99814706
5 changed files with 178 additions and 50 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
Nginx_install.md
View File

@ -11,7 +11,7 @@ ssh igor@88.218.94.134 -p 2200
----------------------------------------------------------------------------------------------------
```sh
sudo apt-get update &&
sudo apt-get install nginx
sudo apt-get install nginx -y
```
Настройка самоподписанного сертификата для SSL nginx
```sh
@ -21,10 +21,6 @@ sudo apt-get install nginx
```sh
sudo openssl dhparam -out /etc/nginx/dhparam.pem 4096
```
Создаём файл:
```sh
sudo mcedit /etc/nginx/conf.d/ssl.conf
```
И вписываем в него:
```sh
cd /etc/nginx/sites-available/ &&

8
PowerDNS_install.md
View File

@ -135,6 +135,14 @@ sudo pdnsutil add-record locust.ge @ CAA 3600 "0 issue \"letsencrypt.org\"" &&
sudo pdnsutil add-record locust.ge @ TXT 3600 "\"v=spf1 ip4:88.218.94.134 -all\"" &&
sudo pdnsutil add-record locust.ge @ MX 3600 "10 mail.locust.ge." &&
sudo pdnsutil add-record locust.ge mail A 3600 88.218.94.134
sudo pdnsutil add-record locust.ge @ NS 3600 ns1.geovizor.top
sudo pdnsutil add-record locust.ge @ NS 3600 ns2.geovizor.top
```
For deleting record please run command:
```sh
pdnsutil delete-rrset locust.ge locust.ge.locust.ge NS
```

14
PowerDNS_install_SQIite3.md
View File

@ -127,3 +127,17 @@ sudo chmod 640 /etc/powerdns/pdns.d/pdns.local.sqlite.conf
```
In PowerDNS configured to auto read config from dir /etc/powerdns/pdns.d/
For delete record from SQLite run:
```sh
cp /var/lib/powerdns/pdns.sqlite3 /var/lib/powerdns/pdns.sqlite3.bak
sqlite3 /var/lib/powerdns/pdns.sqlite3
SELECT id, name FROM domains WHERE name = 'locust.ge';
SELECT id, name, type, content FROM records WHERE name = 'locust.ge.locust.ge' AND type = 'NS';
DELETE FROM records WHERE id IN (25, 26, 27, 28);
.exit
pdns_control notify locust.ge
```

26
Traefik_install.md
View File

@ -80,7 +80,7 @@ providers:
certificatesResolvers:
myresolver:
acme:
email: "your-email@example.com"
email: "irigm@mail.ru"
storage: "/etc/traefik/acme.json"
httpChallenge:
entryPoint: web
@ -103,56 +103,56 @@ http:
service: api@internal
ccalm-api-auth:
rule: "Host(`ccalm.test`) && PathPrefix(`/api/authorization/v02/`)"
service: org_ccalm_api_authorization_v02
entryPoints:
- websecure
rule: "Host(`ccalm.test`) && PathPrefix(`/api/authorization/v02/`)"
service: org_ccalm_api_authorization_v02
tls:
certresolver: myresolver
middlewares:
- strip-auth-prefix
ccalm-dbms:
rule: "Host(`ccalm.test`) && PathPrefix(`/api/dbms/v09/`)"
service: org_ccalm_dbms_v09
entryPoints:
- websecure
rule: "Host(`ccalm.test`) && PathPrefix(`/api/dbms/v09/`)"
service: org_ccalm_dbms_v09
tls:
certresolver: myresolver
middlewares:
- strip-dbms-prefix
ccalm-translation:
rule: "Host(`ccalm.test`) && PathPrefix(`/api/translation/v01/`)"
service: org_ccalm_translation_v01
entryPoints:
- websecure
rule: "Host(`ccalm.test`) && PathPrefix(`/api/translation/v01/`)"
service: org_ccalm_translation_v01
tls:
certresolver: myresolver
#middlewares:
# - strip-translation-prefix
ccalm-login:
rule: "Host(`ccalm.test`) && PathPrefix(`/login/`)"
service: org_ccalm_login_v01
entryPoints:
- websecure
rule: "Host(`ccalm.test`) && PathPrefix(`/login/`)"
service: org_ccalm_login_v01
tls:
certresolver: myresolver
ccalm-default:
rule: "Host(`ccalm.test`)"
service: org_ccalm
entryPoints:
- websecure
rule: "Host(`ccalm.test`)"
service: org_ccalm
tls:
certresolver: myresolver
powerdns:
rule: "Host(`powerdns.local`)"
service: local_powerdns
entryPoints:
- websecure
rule: "Host(`powerdns.local`)"
service: local_powerdns
tls: {}
middlewares:

172
Traefik_install_CCALM.md
View File

@ -1,7 +1,7 @@
# Устанавливаю Traefik на турецский сервер
# Устанавливаю Traefik cервер в Астане
```sh
ssh igor@156.244.31.209 -p 2200
ssh igor@5.180.46.11 -p 2200
```
# Установка Traefik на Linux Mint / Ubuntu
@ -24,6 +24,18 @@ cd ~ &&
wget https://github.com/traefik/traefik/releases/download/v3.3.4/traefik_v3.3.4_linux_amd64.tar.gz
```
## 📥 Создаём группу и пользователя под которым будет запускаться traefik
Создаём домашнюю директорию, группу и пользователя:
```sh
sudo mkdir -p /etc/traefik &&
cd /etc/traefik &&
sudo groupadd traefik &&
sudo useradd -s /bin/false -g traefik -d /etc/traefik traefik
```
---
## 📥 Шаг 3. Распаковка и установка
@ -38,6 +50,12 @@ wget https://github.com/traefik/traefik/releases/download/v3.3.4/traefik_v3.3.4_
traefik version
```
Разрешаем занимать порты с номером меньше 1024
```sh
sudo setcap 'cap_net_bind_service=+ep' /usr/local/bin/traefik
```
```conf
Version: 3.3.4
Codename: saintnectaire
@ -48,12 +66,6 @@ OS/Arch: linux/amd64
---
## 📁 Шаг 4. Создание директории и базового конфига
```sh
sudo mkdir -p /etc/traefik &&
cd /etc/traefik
```
### Пример `traefik.yml`
```sh
cd /etc/traefik &&
@ -76,10 +88,6 @@ api:
dashboard: true
insecure: true
providers:
file:
filename: "/etc/traefik/dynamic.yml"
# Настройка сертификатов (пример с Let's Encrypt)
certificatesResolvers:
myresolver:
@ -89,6 +97,11 @@ certificatesResolvers:
httpChallenge:
entryPoint: web
providers:
file:
filename: "/etc/traefik/dynamic.yml"
watch: true
log:
level: DEBUG
EOF
@ -98,61 +111,155 @@ EOF
```sh
cd /etc/traefik &&
sudo tee /etc/traefik/dynamic.yml > /dev/null <<'EOF'
---
http:
routers:
dashboard:
entryPoints:
- traefik
rule: "Host(`localhost`)"
service: api@internal
geovizor-api-zones:
rule: "Host(`geovizor.top`) && PathPrefix(`/api/v1/servers/localhost/zones/`)"
service: top_geovizor_api_zones_v01
ccalm-api-auth:
entryPoints:
- websecure
rule: "(Host(`locust.ge`) || Host(`test.ccalm.org`)) && PathPrefix(`/api/authorization/v02/`)"
service: org_ccalm_api_authorization_v02
tls:
certresolver: myresolver
middlewares:
- strip-auth-prefix
ccalm-dbms:
entryPoints:
- websecure
rule: "(Host(`locust.ge`) || Host(`test.ccalm.org`)) && PathPrefix(`/api/dbms/v09/`)"
service: org_ccalm_dbms_v09
tls:
certresolver: myresolver
middlewares:
- strip-dbms-prefix
ccalm-translation:
entryPoints:
- websecure
rule: "(Host(`locust.ge`) || Host(`test.ccalm.org`)) && PathPrefix(`/api/translation/v01/`)"
service: org_ccalm_translation_v01
tls:
certresolver: myresolver
geovizor-default:
rule: "Host(`geovizor.top`)"
service: top_geovizor_default
ccalm-login:
entryPoints:
- websecure
rule: "(Host(`locust.ge`) || Host(`test.ccalm.org`)) && PathPrefix(`/login/`)"
service: org_ccalm_login_v01
tls:
certresolver: myresolver
org-ccalm-main:
entryPoints:
- websecure
rule: "Host(`locust.ge`) || Host(`test.ccalm.org`)"
service: org_ccalm_main
tls:
certresolver: myresolver
acme-http:
rule: "PathPrefix(`/.well-known/acme-challenge/`)"
entryPoints:
- web
middlewares: []
service: noop
priority: 1000
services:
top_geovizor_api_zones_v01:
# backend org_ccalm_api_authorization_v02
org_ccalm_api_authorization_v02:
loadBalancer:
servers:
- url: "http://156.244.31.209:8081"
- url: "https://127.0.0.1:8082"
serversTransport: insecureTransport
healthCheck:
path: "/"
interval: "5s"
# Бэкенд по умолчанию top_geovizor
top_geovizor_default:
# org_ccalm_dbms_v09 backend
org_ccalm_dbms_v09:
loadBalancer:
servers:
- url: "http://127.0.0.1:8082"
- url: "https://127.0.0.1:8084"
serversTransport: insecureTransport
healthCheck:
path: "/"
interval: "5s"
# Translation backend
org_ccalm_translation_v01:
loadBalancer:
servers:
- url: "https://ccalm.org"
passHostHeader: false
serversTransport: insecureTransport
healthCheck:
path: ""
interval: "5s"
# Backend for org_ccalm_login_v01 (HTTP, without SSL)
org_ccalm_login_v01:
loadBalancer:
servers:
- url: "https://127.0.0.1:8081"
healthCheck:
path: "/"
interval: "5s"
serversTransport: insecureTransport
# Default backend for ccalm.org
org_ccalm_main:
loadBalancer:
servers:
- url: "https://127.0.0.1:8083"
healthCheck:
path: "/"
interval: "5s"
serversTransport: insecureTransport
# Fake noop secvices
noop:
loadBalancer:
servers:
- url: "http://127.0.0.1"
# Определяем транспорт для отключения проверки SSL
serversTransports:
insecureTransport:
insecureSkipVerify: true
# Добавляем сертификаты
tls:
certificates:
middlewares:
strip-dbms-prefix:
stripPrefix:
prefixes:
- "/api/dbms/v09"
strip-auth-prefix:
stripPrefix:
prefixes:
- "/api/authorization/v02"
dashboard-auth:
basicAuth:
users:
- "admin:$apr1$NUoqcU3I$O6VxeuGhsA6RSIyh6rNbo." # Пароль хешируется так: htpasswd -nb admin t745632746573t
EOF
```
For checking syntactic:
```sh
yamllint -d "{extends: default, rules: {line-length: disable}}" /etc/traefik/dynamic.yml
```
Для хранения сертификатов файл:
```sh
sudo touch /etc/traefik/acme.json &&
@ -167,10 +274,12 @@ EOF
cd /etc/systemd/system &&
sudo tee /etc/systemd/system/traefik.service > /dev/null <<'EOF'
[Unit]
Description=Traefik
Description=Reverse proxy Traefik
After=network.target
[Service]
User=traefik
Group=traefik
ExecStart=/usr/local/bin/traefik --configFile=/etc/traefik/traefik.yml
Restart=always
@ -179,7 +288,6 @@ WantedBy=multi-user.target
EOF
```
Примените:
```sh
sudo systemctl daemon-reload &&
@ -195,12 +303,11 @@ EOF
---
## 🔎 Шаг 6. Проверка работы
Откройте в браузере:
Откройте в браузере cпаролем что быше "":
```sh
open http://localhost:8080/dashboard/
open https://5.180.46.11:8080/dashboard
```
> ⚠️ Доступ к дашборду открыт только с localhost. Для удалённого доступа настройте правила.
---
@ -220,6 +327,9 @@ sudo journalctl -u traefik -f
## 🐳 Как вариант можно установить через Docker