Ubuntu_docs/Traefik_install.md

Открываю нужный сервер
```sh
wsl
```
Или такой:
```sh
ssh igor@192.168.200.85 -p 22
```

# Установка Traefik на Linux Mint / Ubuntu

## 📥 Шаг 1. Установка зависимостей
Убедитесь, что установлены `wget` и `systemd`:
```sh
sudo apt update &&
sudo apt install wget
```

---

## 📥 Шаг 2. Скачать последнюю версию Traefik
Проверь актуальную версию на: [Traefik Releases](https://github.com/traefik/traefik/releases)

Пример для версии `v3.0.0`:
```bash
cd ~ &&
wget https://github.com/traefik/traefik/releases/download/v3.3.4/traefik_v3.3.4_linux_amd64.tar.gz
```

---

## 📥 Шаг 3. Распаковка и установка
```bash
  cd ~ &&
  tar -xvzf traefik_v3.3.4_linux_amd64.tar.gz &&
  sudo mv traefik /usr/local/bin/
```

Проверь версию:
```bash
  traefik version
```

---

## 📁 Шаг 4. Создание директории и базового конфига
```sh
  sudo mkdir -p /etc/traefik &&
  cd /etc/traefik
```

### Пример `traefik.yml`
```sh
cd /etc/traefik &&
sudo tee /etc/traefik/traefik.yml > /dev/null <<'EOF'
entryPoints:
  web:
    address: ":80"
    http:
      redirections:
        entryPoint:
          to: websecure
          scheme: https
          permanent: true
  websecure:
    address: ":443"
  traefik:
    address: ":8080"

api:
  dashboard: true
  insecure: true

providers:
  file:
    filename: "/etc/traefik/dynamic.yml"

# Настройка сертификатов (пример с Let's Encrypt)
certificatesResolvers:
  myresolver:
    acme:
      email: "your-email@example.com"
      storage: "/etc/traefik/acme.json"
      httpChallenge:
        entryPoint: web

log:
  level: DEBUG
EOF
```

### Пример `dynamic.yml`
```sh
cd /etc/traefik &&
sudo tee /etc/traefik/dynamic.yml > /dev/null <<'EOF'
http:
  routers:
    dashboard:
      entryPoints:
        - traefik
      rule: "Host(`localhost`)"
      service: api@internal

    ccalm-api-auth:
      rule: "Host(`ccalm.test`) && PathPrefix(`/api/authorization/v02/`)"
      service: org_ccalm_api_authorization_v02
      entryPoints:
        - websecure
      tls:
        certresolver: myresolver
      middlewares:
        - strip-auth-prefix

    ccalm-dbms:
      rule: "Host(`ccalm.test`) && PathPrefix(`/api/dbms/v09/`)"
      service: org_ccalm_dbms_v09
      entryPoints:
        - websecure
      tls:
        certresolver: myresolver
      middlewares:
        - strip-dbms-prefix

    ccalm-login:
      rule: "Host(`ccalm.test`) && PathPrefix(`/login/`)"
      service: org_ccalm_login_v01
      entryPoints:
        - websecure
      tls:
        certresolver: myresolver

    ccalm-default:
      rule: "Host(`ccalm.test`)"
      service: org_ccalm
      entryPoints:
        - websecure
      tls:
        certresolver: myresolver

    powerdns:
      rule: "Host(`powerdns.local`)"
      service: local_powerdns
      entryPoints:
        - websecure
      tls: {}

  middlewares:
    strip-auth-prefix:
      stripPrefix:
        prefixes:
          - "/api/authorization/v02"
    strip-dbms-prefix:
      stripPrefix:
        prefixes:
          - "/api/dbms/v09"

  services:

    # Бэкенд для local_powerdns
    local_powerdns:
      loadBalancer:
        servers:
          - url: "http://192.168.200.85:9191"
        healthCheck:
          path: "/"
          interval: "5s"
  
    # Бэкенд для org_ccalm_api_authorization_v02 (HTTPS с отключенной проверкой SSL)
    org_ccalm_api_authorization_v02:
      loadBalancer:
        servers:
          - url: "https://192.168.200.184:8082"
        serversTransport: insecureTransport  # Ссылка на транспорт с отключенной проверкой
        healthCheck:
          path: "/"
          interval: "5s"

    # Бэкенд для org_ccalm_dbms_v09 (HTTPS с отключенной проверкой SSL)
    org_ccalm_dbms_v09:
      loadBalancer:
        servers:
          - url: "https://192.168.200.184:8084"
        serversTransport: insecureTransport
        healthCheck:
          path: "/"
          interval: "5s"

    # Бэкенд для org_ccalm_login_v01 (HTTP, без SSL)
    org_ccalm_login_v01:
      loadBalancer:
        servers:
          - url: "http://192.168.200.184:3000"
        healthCheck:
          path: "/"
          interval: "5s"

    # Бэкенд по умолчанию org_ccalm (HTTPS с отключенной проверкой SSL)
    org_ccalm:
      loadBalancer:
        servers:
          - url: "https://192.168.200.184:8083"
        serversTransport: insecureTransport
        healthCheck:
          path: "/"
          interval: "5s"

  # Определяем транспорт для отключения проверки SSL
  serversTransports:
    insecureTransport:
      insecureSkipVerify: true

# Добавляем сертификаты
tls:
  certificates:
    - certFile: "/etc/traefik/certs/ccalm.test.crt"
      keyFile: "/etc/traefik/certs/ccalm.test.key"
    - certFile: "/etc/traefik/certs/powerdns.local.crt"
      keyFile: "/etc/traefik/certs/powerdns.local.key"
    - certFile: "/etc/traefik/certs/wildcard.local.crt"
      keyFile: "/etc/traefik/certs/wildcard.local.key"
    - certFile: "/etc/traefik/certs/wildcard.test.crt"
      keyFile: "/etc/traefik/certs/wildcard.test.key"

EOF
```

Для хранения сертификатов файл:
```sh
  sudo touch /etc/traefik/acme.json &&
  sudo chmod 600 /etc/traefik/acme.json
```



---
## ⚙️ Шаг 5. Настройка systemd для автозапуска
Создайте файл сервиса:
```sh
cd /etc/systemd/system &&
sudo tee /etc/systemd/system/traefik.service > /dev/null <<'EOF'
[Unit]
Description=Traefik
After=network.target

[Service]
ExecStart=/usr/local/bin/traefik --configFile=/etc/traefik/traefik.yml
Restart=always

[Install]
WantedBy=multi-user.target
EOF
```


Примените:
```sh
  sudo systemctl daemon-reload &&
  sudo systemctl enable traefik &&
  sudo systemctl start traefik &&
  sudo systemctl status traefik
```

```sh
  sudo systemctl restart traefik
```

---

## 🔎 Шаг 6. Проверка работы
Откройте в браузере:
```sh
open http://localhost:8080/dashboard/
```

> ⚠️ Доступ к дашборду открыт только с localhost. Для удалённого доступа настройте правила.

---

## ✅ Готово!
Traefik установлен, запущен как сервис и готов к работе.

Проверяем какие порты слушает:
```sh
    sudo lsof -i -P -n | grep traefik
```

```sh
sudo journalctl -u traefik -f
```

---



## 🐳 Как вариант можно установить через Docker


Если Docker не установлен, установим его:
```sh
    sudo apt update && sudo apt upgrade -y
    sudo apt install -y docker.io docker-compose
    sudo systemctl enable --now docker
```
Проверим версию:
```sh
  docker --version
  docker-compose --version
```

```sh
  sudo mkdir -p /opt/traefik
  cd /opt/traefik
```

```sh
cd /opt/traefik &&
sudo tee docker-compose.yml > /dev/null <<'EOF'
services:
  traefik:
    image: traefik:latest
    container_name: traefik
    restart: unless-stopped
    ports:
      - "80:80"      # HTTP
      - "443:443"    # HTTPS
      - "8080:8080"  # Dashboard
    volumes:
      - /etc/traefik:/etc/traefik
      - /var/run/docker.sock:/var/run/docker.sock:ro
    command:
      - "--configFile=/etc/traefik/traefik.yml"
    networks:
      - traefik-net
networks:
  traefik-net:
    driver: bridge
EOF
```

## Запуск контейнера
```sh
  cd /opt/traefik &&
  sudo docker-compose up -d
```
```sh
  cd /opt/traefik &&
  sudo docker-compose down
```

Откройте в браузере:
```sh
open http://192.168.200.85:8080/dashboard/
```

```sh
  sudo docker logs traefik
```