susana/BeyondCXAnalytics-Demo
2
0
Fork 0
Code Issues 2 Pull Requests 1 Actions Packages Projects Releases 6 Wiki Activity

WIP proxy #3

Open
garbelo wants to merge 65 commits from proxy into main
pull from: proxy
merge into: susana:main
Conversation 0 Commits 65 Files Changed 10 +144
1 changed files with 144 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Showing only changes of commit 02d25ea19f - Show all commits

144
prepare_server.sh Normal file
View File

@@ -0,0 +1,144 @@
#!/usr/bin/env bash
set -euo pipefail
require_root() {
if [ "$(id -u)" -ne 0 ]; then
echo "Este script debe ejecutarse como root (o con sudo)."
exit 1
fi
}
require_root
step "Instalando Docker, docker compose plugin y certbot"
apt-get update -y
# Dependencias para repositorio Docker
apt-get install -y \
ca-certificates \
curl \
gnupg \
lsb-release
# Clave GPG de Docker
if [ ! -f /etc/apt/keyrings/docker.gpg ]; then
install -m 0755 -d /etc/apt/keyrings
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | \
gpg --dearmor -o /etc/apt/keyrings/docker.gpg
fi
# Repo Docker estable
if [ ! -f /etc/apt/sources.list.d/docker.list ]; then
echo \
"deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu \
$(. /etc/os-release && echo "$VERSION_CODENAME") stable" | \
tee /etc/apt/sources.list.d/docker.list > /dev/null
fi
apt-get update -y
apt-get install -y \
docker-ce \
docker-ce-cli \
containerd.io \
docker-buildx-plugin \
docker-compose-plugin \
git \
certbot
systemctl enable docker
systemctl start docker
# Abrimos puertos en ufw si está activo
if command -v ufw >/dev/null 2>&1; then
if ufw status | grep -q "Status: active"; then
step "Configurando firewall (ufw) para permitir 80 y 443"
ufw allow 80/tcp || true
ufw allow 443/tcp || true
fi
fi
# Creamos carpeta del proxy con docker compose.
mkdir -p /opt/beyonxcx/traefik
cat > /opt/beyondcx/traefik/docker-compose.yaml <<EOF
services:
traefik:
image: traefik:v3.2
container_name: traefik-prod-1
ports:
- "80:80"
- "443:443"
- "8080:8080"
environment:
- DO_AUTH_TOKEN=${DO_AUTH_TOKEN}
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- ./config/traefik.yml:/etc/traefik/traefik.yaml:ro
- ./data/certs:/var/traefik/certs/:rw
networks:
- frontend
restart: unless-stopped
networks:
frontend:
external: true
EOF
mkdir -p /opt/beyondcx/traefik/config
mkdir -p /opt/beyondcx/traefik/config/conf
cat > /opt/beyondcx/traefik/config/traefik.yml <<EOF
global:
checkNewVersion: false
sendAnonymousUsage: false
log:
level: DEBUG
api:
dashboard: true
insecure: true
entryPoints:
web:
address: :80
websecure:
address: :443
certificatesResolvers:
doresolv:
acme:
email: "garbelo@gmail.com"
storage: /var/traefik/certs/doresolv-acme.json
caServer: 'https://acme-v02.api.letsencrypt.org/directory'
keyType: EC256
dnsChallenge:
provider: digitalocean
resolvers:
- "8.8.8.8:53"
- "1.1.1.1:53"
providers:
docker:
endpoint: "unix:///var/run/docker.sock"
exposedByDefault: false
network: frontend
file:
directory: /etc/traefik/conf/
watch: true
EOF
cd /opt/beyondcx/traefik
docker network create frontend
docker network ls
docker compose up -d
step "Levantado traefik "
docker compose ps
docker compose logs
step "Recuerda, tienes que crear el DO_AUTH_TOKEN en el .env"