Quick links
| Centos 7.9
Ok, let’s start with linux. I’m using a bin file, so I want to check using traefik’s options in yaml files. Get a binary and run it:
1
2
3
4
5
6
7
8
|
curl -LO https://github.com/traefik/traefik/releases/download/v2.9.8/traefik_v2.9.8_linux_amd64.tar.gz
tar -zxf traefik_v2.9.8_linux_amd64.tar.gz traefik
./traefik version
Version: 2.9.8
Codename: banon
Go version: go1.19.6
Built: 2023-02-15T15:23:25Z
OS/Arch: linux/amd64
|
Traefik releases
Disable selinux:
1
2
3
4
5
|
getenforce
Enforcing
sudo setenforce 0
grep SELINUX= /etc/sysconfig/selinux | grep -v "^#"
SELINUX=disabled
|
Install nginx and apache. They will be services behind traefik.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
|
sudo yum install epel-release -y
# Nginx
sudo yum install nginx -y
# change nginx port to 8080
grep "server" -A3 -m1 /etc/nginx/nginx.conf
server {
listen 8080;
listen [::]:8080;
...
}
sudo systemctl enable --now nginx
curl -D - "http://localhost:8080"
# Apache
sudo yum install httpd -y
# change nginx port to 8080
grep Listen /etc/httpd/conf/httpd.conf | grep -v "^#"
Listen 8181
sudo systemctl enable --now httpd
curl -D - "http://localhost:8181"
|
Traefik configs
Make directories for traefik:
Put the traefik.yml file:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
|
cat <<EOF > traefik.yml
entrypoints:
web:
address: ":80"
http:
redirections:
entryPoint:
to: websecure
scheme: https
permanent: false
websecure:
address: ":443"
log:
level: DEBUG
providers:
file:
directory: ./custom
watch: true
certificatesResolvers:
letsEncrypt:
acme:
email: myemail@awesome.com
storage: ./ssl/acme.json
# comment the line 'caServer:' if everything is ok, this line for letsencrypt staging, test aims
# caServer: "https://acme-staging-v02.api.letsencrypt.org/directory"
httpChallenge:
entryPoint: web
EOF
|
Create redirect to our services:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
|
cat <<EOF > custom/my-nginx-ssl.yml
http:
routers:
my-nginx-ssl:
entryPoints:
- websecure
service: nginx-service
rule: Host(\`nginx.aaaj.site\`)
tls:
certResolver: letsEncrypt
services:
nginx-service:
loadBalancer:
servers:
- url: http://localhost:8080/
passHostHeader: true
EOF
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
|
cat <<EOF > custom/my-apache.yml
http:
routers:
my-apache-ssl:
entryPoints:
- websecure
service: apache-service
rule: Host(\`apache.aaaj.site\`)
tls:
certResolver: letsEncrypt
services:
apache-service:
loadBalancer:
servers:
- url: http://localhost:8181/
passHostHeader: true
EOF
|
1
2
3
4
5
6
7
8
|
tree
.
├── custom
│ ├── my-apache.yml
│ └── my-nginx-ssl.yml
├── ssl
├── traefik
└── traefik.yml
|
Create A and CNAME records for our traefik. For example, my ip address is 213.158.x.x:
1
2
3
|
traefik A 213.158.x.x
apache CNAME traefik.aaaj.site
nginx CNAME traefik.aaaj.site
|
Open ports (firewalld):
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
|
sudo firewall-cmd --get-services
# firewall-cmd --permanent --add-service=ssh
# firewall-cmd --permanent --add-port=4444/tcp
# firewall-cmd --permanent --remove-service=ssh
cat << EOF | sudo tee --append /etc/firewalld/services/traefik.xml
<?xml version="1.0" encoding="utf-8"?>
<service>
<short>Traefik</short>
<description>Traefik ports 80 and 443</description>
<port protocol="tcp" port="80"/>
<port protocol="tcp" port="443"/>
</service>
EOF
sudo firewall-cmd --permanent --add-service=traefik
sudo firewall-cmd --reload
sudo firewall-cmd --permanent --list-all
|
Run traefik and check:
1
2
3
4
5
|
sudo ./traefik
curl -D - "http://nginx.aaaj.site"
curl -D - "https://nginx.aaaj.site" -k
curl -D - "http://apache.aaaj.site"
curl -D - "https://apache.aaaj.site" -k
|