Congif to first level proxy Connecting to infrascructure ```sh ssh igor@192.168.200.81 ``` ```sh sudo apt update && sudo apt install wget ``` ```sh cd /etc/traefik && sudo tee /etc/traefik/traefik.yml > /dev/null <<'EOF' entryPoints: web: address: ":80" websecure: address: ":443" http8080: address: ":8080" https8443: address: ":8443" traefik: address: ":8989" api: dashboard: true insecure: true log: level: DEBUG filePath: "/var/log/traefik/traefik.log" accessLog: filePath: "/var/log/traefik/access.log" providers: file: filename: "/etc/traefik/dynamic.yml" watch: true EOF ``` ```sh cd /etc/traefik && sudo tee /etc/traefik/dynamic.yml > /dev/null <<'EOF' --- http: routers: dashboard: rule: "Host(`192.168.200.81`) && Host(`localhost`)" # или другой домен entryPoints: - traefik service: api@internal middlewares: - auth redirect-to-https: entryPoints: - web rule: "HostRegexp(`{any:.+}`)" service: noop middlewares: - redirect-to-https-middleware gotify: entryPoints: - websecure - https8443 rule: "Host(`gotify.geovizor.top`)" service: gotify tls: true webdav: entryPoints: - websecure - https8443 rule: "Host(`webdav.geovizor.top`)" service: webdav tls: true ccalm-auth: entryPoints: - websecure rule: "Host(`ccalm.test`) && PathPrefix(`/api/authorization/v02`)" service: ccalm-auth middlewares: - strip-api-authorization tls: true ccalm-dbms: entryPoints: - websecure rule: "Host(`ccalm.test`) && PathPrefix(`/api/dbms/v09`)" service: ccalm-dbms middlewares: - strip-api-dbms tls: true ccalm-login: entryPoints: - websecure rule: "Host(`ccalm.test`) && PathPrefix(`/login`)" service: ccalm-login tls: true ccalm-default: entryPoints: - websecure rule: "Host(`ccalm.test`)" service: ccalm-default tls: true certbot: entryPoints: - websecure rule: "PathPrefix(`/.well-known/acme-challenge/`)" service: certbot tls: true middlewares: auth: basicAuth: users: - "admin:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/" # admin/admin redirect-to-https-middleware: redirectScheme: scheme: https permanent: true strip-api-authorization: replacePathRegex: regex: ^/api/authorization/v02/(.*) replacement: /$1 strip-api-dbms: replacePathRegex: regex: ^/api/dbms/v09/(.*) replacement: /$1 services: gotify: loadBalancer: servers: - url: "https://192.168.200.84:8080" passHostHeader: true healthCheck: path: "/" interval: "5s" serversTransport: insecureTransport webdav: loadBalancer: servers: - url: "http://127.0.0.1:8085" ccalm-auth: loadBalancer: servers: - url: "https://192.168.200.184:8082" ccalm-dbms: loadBalancer: servers: - url: "https://192.168.200.184:8084" ccalm-login: loadBalancer: servers: - url: "http://192.168.200.184:3000" ccalm-default: loadBalancer: servers: - url: "https://192.168.200.184:8083" certbot: loadBalancer: servers: - url: "http://127.0.0.1:9080" noop: loadBalancer: servers: - url: "http://0.0.0.0" # placeholder # Определяем транспорт для отключения проверки SSL serversTransports: insecureTransport: insecureSkipVerify: true EOF ``` ```sh sudo systemctl daemon-reload && sudo systemctl enable traefik && sudo systemctl start traefik && sudo systemctl status traefik ```