+

2025-04-07 07:46:21 +05:00
parent 04b8e941d1
commit 584960dd14
36 changed files with 8203 additions and 6871 deletions
--- a/Traefik_install.md
+++ b/Traefik_install.md
@ -0,0 +1,357 @@
+Открываю нужный сервер
+```sh
+wsl
+```
+Или такой:
+```sh
+ssh igor@192.168.200.85 -p 22
+```
+
+# Установка Traefik на Linux Mint / Ubuntu
+
+## 📥 Шаг 1. Установка зависимостей
+Убедитесь, что установлены `wget` и `systemd`:
+```sh
+sudo apt update &&
+sudo apt install wget
+```
+
+---
+
+## 📥 Шаг 2. Скачать последнюю версию Traefik
+Проверь актуальную версию на: [Traefik Releases](https://github.com/traefik/traefik/releases)
+
+Пример для версии `v3.0.0`:
+```bash
+cd ~ &&
+wget https://github.com/traefik/traefik/releases/download/v3.3.4/traefik_v3.3.4_linux_amd64.tar.gz
+```
+
+---
+
+## 📥 Шаг 3. Распаковка и установка
+```bash
+  cd ~ &&
+  tar -xvzf traefik_v3.3.4_linux_amd64.tar.gz &&
+  sudo mv traefik /usr/local/bin/
+```
+
+Проверь версию:
+```bash
+  traefik version
+```
+
+---
+
+## 📁 Шаг 4. Создание директории и базового конфига
+```sh
+  sudo mkdir -p /etc/traefik &&
+  cd /etc/traefik
+```
+
+### Пример `traefik.yml`
+```sh
+cd /etc/traefik &&
+sudo tee /etc/traefik/traefik.yml > /dev/null <<'EOF'
+entryPoints:
+  web:
+    address: ":80"
+    http:
+      redirections:
+        entryPoint:
+          to: websecure
+          scheme: https
+          permanent: true
+  websecure:
+    address: ":443"
+  traefik:
+    address: ":8080"
+
+api:
+  dashboard: true
+  insecure: true
+
+providers:
+  file:
+    filename: "/etc/traefik/dynamic.yml"
+
+# Настройка сертификатов (пример с Let's Encrypt)
+certificatesResolvers:
+  myresolver:
+    acme:
+      email: "your-email@example.com"
+      storage: "/etc/traefik/acme.json"
+      httpChallenge:
+        entryPoint: web
+
+log:
+  level: DEBUG
+EOF
+```
+
+### Пример `dynamic.yml`
+```sh
+cd /etc/traefik &&
+sudo tee /etc/traefik/dynamic.yml > /dev/null <<'EOF'
+http:
+  routers:
+    dashboard:
+      entryPoints:
+        - traefik
+      rule: "Host(`localhost`)"
+      service: api@internal
+
+    ccalm-api-auth:
+      rule: "Host(`ccalm.test`) && PathPrefix(`/api/authorization/v02/`)"
+      service: org_ccalm_api_authorization_v02
+      entryPoints:
+        - websecure
+      tls:
+        certresolver: myresolver
+      middlewares:
+        - strip-auth-prefix
+
+    ccalm-dbms:
+      rule: "Host(`ccalm.test`) && PathPrefix(`/api/dbms/v09/`)"
+      service: org_ccalm_dbms_v09
+      entryPoints:
+        - websecure
+      tls:
+        certresolver: myresolver
+      middlewares:
+        - strip-dbms-prefix
+
+    ccalm-login:
+      rule: "Host(`ccalm.test`) && PathPrefix(`/login/`)"
+      service: org_ccalm_login_v01
+      entryPoints:
+        - websecure
+      tls:
+        certresolver: myresolver
+
+    ccalm-default:
+      rule: "Host(`ccalm.test`)"
+      service: org_ccalm
+      entryPoints:
+        - websecure
+      tls:
+        certresolver: myresolver
+
+    powerdns:
+      rule: "Host(`powerdns.local`)"
+      service: local_powerdns
+      entryPoints:
+        - websecure
+      tls: {}
+
+  middlewares:
+    strip-auth-prefix:
+      stripPrefix:
+        prefixes:
+          - "/api/authorization/v02"
+    strip-dbms-prefix:
+      stripPrefix:
+        prefixes:
+          - "/api/dbms/v09"
+
+  services:
+
+    # Бэкенд для local_powerdns
+    local_powerdns:
+      loadBalancer:
+        servers:
+          - url: "http://192.168.200.85:9191"
+        healthCheck:
+          path: "/"
+          interval: "5s"
+  
+    # Бэкенд для org_ccalm_api_authorization_v02 (HTTPS с отключенной проверкой SSL)
+    org_ccalm_api_authorization_v02:
+      loadBalancer:
+        servers:
+          - url: "https://192.168.200.184:8082"
+        serversTransport: insecureTransport  # Ссылка на транспорт с отключенной проверкой
+        healthCheck:
+          path: "/"
+          interval: "5s"
+
+    # Бэкенд для org_ccalm_dbms_v09 (HTTPS с отключенной проверкой SSL)
+    org_ccalm_dbms_v09:
+      loadBalancer:
+        servers:
+          - url: "https://192.168.200.184:8084"
+        serversTransport: insecureTransport
+        healthCheck:
+          path: "/"
+          interval: "5s"
+
+    # Бэкенд для org_ccalm_login_v01 (HTTP, без SSL)
+    org_ccalm_login_v01:
+      loadBalancer:
+        servers:
+          - url: "http://192.168.200.184:3000"
+        healthCheck:
+          path: "/"
+          interval: "5s"
+
+    # Бэкенд по умолчанию org_ccalm (HTTPS с отключенной проверкой SSL)
+    org_ccalm:
+      loadBalancer:
+        servers:
+          - url: "https://192.168.200.184:8083"
+        serversTransport: insecureTransport
+        healthCheck:
+          path: "/"
+          interval: "5s"
+
+  # Определяем транспорт для отключения проверки SSL
+  serversTransports:
+    insecureTransport:
+      insecureSkipVerify: true
+
+# Добавляем сертификаты
+tls:
+  certificates:
+    - certFile: "/etc/traefik/certs/ccalm.test.crt"
+      keyFile: "/etc/traefik/certs/ccalm.test.key"
+    - certFile: "/etc/traefik/certs/powerdns.local.crt"
+      keyFile: "/etc/traefik/certs/powerdns.local.key"
+    - certFile: "/etc/traefik/certs/wildcard.local.crt"
+      keyFile: "/etc/traefik/certs/wildcard.local.key"
+    - certFile: "/etc/traefik/certs/wildcard.test.crt"
+      keyFile: "/etc/traefik/certs/wildcard.test.key"
+
+EOF
+```
+
+Для хранения сертификатов файл:
+```sh
+  sudo touch /etc/traefik/acme.json &&
+  sudo chmod 600 /etc/traefik/acme.json
+```
+
+
+
+---
+## ⚙️ Шаг 5. Настройка systemd для автозапуска
+Создайте файл сервиса:
+```sh
+cd /etc/systemd/system &&
+sudo tee /etc/systemd/system/traefik.service > /dev/null <<'EOF'
+[Unit]
+Description=Traefik
+After=network.target
+
+[Service]
+ExecStart=/usr/local/bin/traefik --configFile=/etc/traefik/traefik.yml
+Restart=always
+
+[Install]
+WantedBy=multi-user.target
+EOF
+```
+
+
+Примените:
+```sh
+  sudo systemctl daemon-reload &&
+  sudo systemctl enable traefik &&
+  sudo systemctl start traefik &&
+  sudo systemctl status traefik
+```
+
+```sh
+  sudo systemctl restart traefik
+```
+
+---
+
+## 🔎 Шаг 6. Проверка работы
+Откройте в браузере:
+```sh
+open http://localhost:8080/dashboard/
+```
+
+> ⚠️ Доступ к дашборду открыт только с localhost. Для удалённого доступа настройте правила.
+
+---
+
+## ✅ Готово!
+Traefik установлен, запущен как сервис и готов к работе.
+
+Проверяем какие порты слушает:
+```sh
+    sudo lsof -i -P -n | grep traefik
+```
+
+```sh
+sudo journalctl -u traefik -f
+```
+
+---
+
+
+
+## 🐳 Как вариант можно установить через Docker
+
+
+Если Docker не установлен, установим его:
+```sh
+    sudo apt update && sudo apt upgrade -y
+    sudo apt install -y docker.io docker-compose
+    sudo systemctl enable --now docker
+```
+Проверим версию:
+```sh
+  docker --version
+  docker-compose --version
+```
+
+```sh
+  sudo mkdir -p /opt/traefik
+  cd /opt/traefik
+```
+
+```sh
+cd /opt/traefik &&
+sudo tee docker-compose.yml > /dev/null <<'EOF'
+services:
+  traefik:
+    image: traefik:latest
+    container_name: traefik
+    restart: unless-stopped
+    ports:
+      - "80:80"      # HTTP
+      - "443:443"    # HTTPS
+      - "8080:8080"  # Dashboard
+    volumes:
+      - /etc/traefik:/etc/traefik
+      - /var/run/docker.sock:/var/run/docker.sock:ro
+    command:
+      - "--configFile=/etc/traefik/traefik.yml"
+    networks:
+      - traefik-net
+networks:
+  traefik-net:
+    driver: bridge
+EOF
+```
+
+## Запуск контейнера
+```sh
+  cd /opt/traefik &&
+  sudo docker-compose up -d
+```
+```sh
+  cd /opt/traefik &&
+  sudo docker-compose down
+```
+
+Откройте в браузере:
+```sh
+open http://192.168.200.85:8080/dashboard/
+```
+
+```sh
+  sudo docker logs traefik
+```