8.4 KiB
8.4 KiB
Устанавливаю Traefik cервер в Астане
ssh igor@5.180.46.11 -p 2200
Установка Traefik на Linux Mint / Ubuntu
📥 Шаг 1. Установка зависимостей
Убедитесь, что установлены wget и systemd:
sudo apt update &&
sudo apt install wget
📥 Шаг 2. Скачать последнюю версию Traefik
Проверь актуальную версию на: Traefik Releases
Пример для версии v3.0.0:sudo mc
cd ~ &&
wget https://github.com/traefik/traefik/releases/download/v3.3.4/traefik_v3.3.4_linux_amd64.tar.gz
📥 Создаём группу и пользователя под которым будет запускаться traefik
Создаём домашнюю директорию, группу и пользователя:
sudo mkdir -p /etc/traefik &&
cd /etc/traefik &&
sudo groupadd traefik &&
sudo useradd -s /bin/false -g traefik -d /etc/traefik traefik
📥 Шаг 3. Распаковка и установка
cd ~ &&
tar -xvzf traefik_v3.3.4_linux_amd64.tar.gz &&
sudo mv traefik /usr/local/bin/
Проверь версию:
traefik version
Разрешаем занимать порты с номером меньше 1024
sudo setcap 'cap_net_bind_service=+ep' /usr/local/bin/traefik
Version: 3.3.4
Codename: saintnectaire
Go version: go1.23.6
Built: 2025-02-25T10:11:01Z
OS/Arch: linux/amd64
Пример traefik.yml
cd /etc/traefik &&
sudo tee /etc/traefik/traefik.yml > /dev/null <<'EOF'
entryPoints:
web:
address: ":80"
http:
redirections:
entryPoint:
to: websecure
scheme: https
permanent: true
websecure:
address: ":443"
traefik:
address: ":8080"
api:
dashboard: true
insecure: true
# Настройка сертификатов (пример с Let's Encrypt)
certificatesResolvers:
myresolver:
acme:
email: "irigm@mail.ru"
storage: "/etc/traefik/acme.json"
httpChallenge:
entryPoint: web
providers:
file:
filename: "/etc/traefik/dynamic.yml"
watch: true
log:
level: DEBUG
EOF
Пример dynamic.yml
cd /etc/traefik &&
sudo tee /etc/traefik/dynamic.yml > /dev/null <<'EOF'
---
http:
routers:
dashboard:
entryPoints:
- traefik
rule: "Host(`localhost`)"
service: api@internal
ccalm-api-auth:
entryPoints:
- websecure
rule: "(Host(`locust.ge`) || Host(`test.ccalm.org`)) && PathPrefix(`/api/authorization/v02/`)"
service: org_ccalm_api_authorization_v02
tls:
certresolver: myresolver
middlewares:
- strip-auth-prefix
ccalm-dbms:
entryPoints:
- websecure
rule: "(Host(`locust.ge`) || Host(`test.ccalm.org`)) && PathPrefix(`/api/dbms/v09/`)"
service: org_ccalm_dbms_v09
tls:
certresolver: myresolver
middlewares:
- strip-dbms-prefix
ccalm-translation:
entryPoints:
- websecure
rule: "(Host(`locust.ge`) || Host(`test.ccalm.org`)) && PathPrefix(`/api/translation/v01/`)"
service: org_ccalm_translation_v01
tls:
certresolver: myresolver
ccalm-login:
entryPoints:
- websecure
rule: "(Host(`locust.ge`) || Host(`test.ccalm.org`)) && PathPrefix(`/login/`)"
service: org_ccalm_login_v01
tls:
certresolver: myresolver
org-ccalm-main:
entryPoints:
- websecure
rule: "Host(`locust.ge`) || Host(`test.ccalm.org`)"
service: org_ccalm_main
tls:
certresolver: myresolver
acme-http:
rule: "PathPrefix(`/.well-known/acme-challenge/`)"
entryPoints:
- web
middlewares: []
service: noop
priority: 1000
services:
# backend org_ccalm_api_authorization_v02
org_ccalm_api_authorization_v02:
loadBalancer:
servers:
- url: "https://127.0.0.1:8082"
serversTransport: insecureTransport
healthCheck:
path: "/"
interval: "5s"
# org_ccalm_dbms_v09 backend
org_ccalm_dbms_v09:
loadBalancer:
servers:
- url: "https://127.0.0.1:8084"
serversTransport: insecureTransport
healthCheck:
path: "/"
interval: "5s"
# Translation backend
org_ccalm_translation_v01:
loadBalancer:
servers:
- url: "https://ccalm.org"
passHostHeader: false
serversTransport: insecureTransport
healthCheck:
path: ""
interval: "5s"
# Backend for org_ccalm_login_v01 (HTTP, without SSL)
org_ccalm_login_v01:
loadBalancer:
servers:
- url: "https://127.0.0.1:8081"
healthCheck:
path: "/"
interval: "5s"
serversTransport: insecureTransport
# Default backend for ccalm.org
org_ccalm_main:
loadBalancer:
servers:
- url: "https://127.0.0.1:8083"
healthCheck:
path: "/"
interval: "5s"
serversTransport: insecureTransport
# Fake noop secvices
noop:
loadBalancer:
servers:
- url: "http://127.0.0.1"
# Определяем транспорт для отключения проверки SSL
serversTransports:
insecureTransport:
insecureSkipVerify: true
middlewares:
strip-dbms-prefix:
stripPrefix:
prefixes:
- "/api/dbms/v09"
strip-auth-prefix:
stripPrefix:
prefixes:
- "/api/authorization/v02"
dashboard-auth:
basicAuth:
users:
- "admin:$apr1$NUoqcU3I$O6VxeuGhsA6RSIyh6rNbo." # Пароль хешируется так: htpasswd -nb admin t745632746573t
EOF
For checking syntactic:
yamllint -d "{extends: default, rules: {line-length: disable}}" /etc/traefik/dynamic.yml
Для хранения сертификатов файл:
sudo touch /etc/traefik/acme.json &&
sudo chmod 600 /etc/traefik/acme.json
⚙️ Шаг 5. Настройка systemd для автозапуска
Создайте файл сервиса:
cd /etc/systemd/system &&
sudo tee /etc/systemd/system/traefik.service > /dev/null <<'EOF'
[Unit]
Description=Reverse proxy Traefik
After=network.target
[Service]
User=traefik
Group=traefik
ExecStart=/usr/local/bin/traefik --configFile=/etc/traefik/traefik.yml
Restart=always
[Install]
WantedBy=multi-user.target
EOF
Примените:
sudo systemctl daemon-reload &&
sudo systemctl enable traefik &&
sudo systemctl start traefik &&
sudo systemctl status traefik
sudo systemctl restart traefik
🔎 Шаг 6. Проверка работы
Откройте в браузере cпаролем что быше "":
open https://5.180.46.11:8080/dashboard
✅ Готово!
Traefik установлен, запущен как сервис и готов к работе.
Проверяем какие порты слушает:
sudo lsof -i -P -n | grep traefik
sudo journalctl -u traefik -f
🐳 Как вариант можно установить через Docker
Если Docker не установлен, установим его:
sudo apt update && sudo apt upgrade -y
sudo apt install -y docker.io docker-compose
sudo systemctl enable --now docker
Проверим версию:
docker --version
docker-compose --version
sudo mkdir -p /opt/traefik
cd /opt/traefik
cd /opt/traefik &&
sudo tee docker-compose.yml > /dev/null <<'EOF'
services:
traefik:
image: traefik:latest
container_name: traefik
restart: unless-stopped
ports:
- "80:80" # HTTP
- "443:443" # HTTPS
- "8080:8080" # Dashboard
volumes:
- /etc/traefik:/etc/traefik
- /var/run/docker.sock:/var/run/docker.sock:ro
command:
- "--configFile=/etc/traefik/traefik.yml"
networks:
- traefik-net
networks:
traefik-net:
driver: bridge
EOF
Запуск контейнера
cd /opt/traefik &&
sudo docker-compose up -d
cd /opt/traefik &&
sudo docker-compose down
Откройте в браузере:
open http://192.168.200.85:8080/dashboard/
sudo docker logs traefik