DTTerastar · September 16, 2024 13:51
diff --git a/install-traefik-https-cloudflare.sh b/install-traefik-https-cloudflare.sh
 #!/bin/bash

 set -e

 # Set variables
 TRAEFIK_VERSION="v3.1.2"
 TRAEFIK_PACKAGE_URL="https://github.com/traefik/traefik/releases/download/${TRAEFIK_VERSION}/traefik_${TRAEFIK_VERSION}_linux_amd64.tar.gz"
 TRAEFIK_INSTALL_DIR="/usr/local/bin"
 TRAEFIK_CONFIG_DIR="/etc/traefik"
 TRAEFIK_DYNAMIC_DIR="/etc/traefik/dyn"
 ACME_FILE="${TRAEFIK_CONFIG_DIR}/acme.json"

 # Check if script is run as root
 if [[ $EUID -ne 0 ]]; then
   echo "This script must be run as root" 
   exit 1
 fi

 # Function to get Cloudflare credentials
 get_cloudflare_credentials() {
    # Check for environment variables first
    if [ -n "$CF_API_EMAIL" ] && [ -n "$CF_API_KEY" ]; then
        echo "Using Cloudflare credentials from environment variables."
    else
        # If environment variables are not set, prompt for input
        echo "Cloudflare credentials not found in environment variables. Please enter them manually."
        read -p "Enter your Cloudflare API email: " CF_API_EMAIL
        read -sp "Enter your Cloudflare API key: " CF_API_KEY
        echo
    fi

    # Validate that we have both values
    if [ -z "$CF_API_EMAIL" ] || [ -z "$CF_API_KEY" ]; then
        echo "Error: Cloudflare API email and key are required."
        exit 1
    fi
 }

 # Get Cloudflare credentials
 get_cloudflare_credentials

 # Download and extract Traefik package
 echo "Downloading Traefik ${TRAEFIK_VERSION}..."
 curl -L ${TRAEFIK_PACKAGE_URL} -o /tmp/traefik.tar.gz
 tar -xzf /tmp/traefik.tar.gz -C /tmp
 mv /tmp/traefik ${TRAEFIK_INSTALL_DIR}/traefik
 rm /tmp/traefik.tar.gz

 # Make Traefik executable
 chmod +x ${TRAEFIK_INSTALL_DIR}/traefik

 # Create Traefik configuration directories
 mkdir -p ${TRAEFIK_CONFIG_DIR}
 mkdir -p ${TRAEFIK_DYNAMIC_DIR}

 # Create a Traefik configuration file with HTTPS and Let's Encrypt
 cat << EOF > ${TRAEFIK_CONFIG_DIR}/traefik.yml
 entryPoints:
  web:
    address: ":80"
  websecure:
    address: ":443"

 providers:
  file:
    directory: ${TRAEFIK_DYNAMIC_DIR}
    watch: true

 api:
  dashboard: true

 certificatesResolvers:
  cloudflare:
    acme:
      email: ${CF_API_EMAIL}
      storage: ${ACME_FILE}
      dnsChallenge:
        provider: cloudflare
        resolvers:
          - "1.1.1.1:53"
          - "8.8.8.8:53"

 tls:
  options:
    default:
      minVersion: VersionTLS12
      cipherSuites:
        - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
        - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
        - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
        - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384

 http:
  routers:
    http_catchall:
      rule: "HostRegexp(\`{any:.+}\`)"
      entrypoints:
        - web
      middlewares:
        - https_redirect
      service: noop@internal
  middlewares:
    https_redirect:
      redirectScheme:
        scheme: https
        permanent: true
 EOF

 # Create systemd service file
 cat << EOF > /etc/systemd/system/traefik.service
 [Unit]
 Description=Traefik
 Documentation=https://doc.traefik.io/traefik/
 After=network-online.target
 Wants=network-online.target

 [Service]
 Type=simple
 ExecStart=${TRAEFIK_INSTALL_DIR}/traefik --configfile=${TRAEFIK_CONFIG_DIR}/traefik.yml
 Restart=on-failure
 RestartSec=5
 User=root
 Group=root
 Environment="CF_API_EMAIL=${CF_API_EMAIL}"
 Environment="CF_API_KEY=${CF_API_KEY}"

 [Install]
 WantedBy=multi-user.target
 EOF

 # Reload systemd, enable and start Traefik service
 systemctl daemon-reload
 systemctl enable traefik
 systemctl start traefik

 echo "Traefik ${TRAEFIK_VERSION} has been installed and started as a systemd service with HTTPS support."
 echo "You can check its status with: systemctl status traefik"
 echo "The main configuration file is located at: ${TRAEFIK_CONFIG_DIR}/traefik.yml"
 echo "Dynamic configurations should be placed in: ${TRAEFIK_DYNAMIC_DIR}"
 echo "Add your domain-specific configurations to files in ${TRAEFIK_DYNAMIC_DIR}"
 echo "Remember to configure your DNS records to point to this server for each domain you want to use."
 echo "All HTTP traffic will be automatically redirected to HTTPS."
	#!/bin/bash

	set -e

	# Set variables
	TRAEFIK_VERSION="v3.1.2"
	TRAEFIK_PACKAGE_URL="https://github.com/traefik/traefik/releases/download/${TRAEFIK_VERSION}/traefik_${TRAEFIK_VERSION}_linux_amd64.tar.gz"
	TRAEFIK_INSTALL_DIR="/usr/local/bin"
	TRAEFIK_CONFIG_DIR="/etc/traefik"
	TRAEFIK_DYNAMIC_DIR="/etc/traefik/dyn"
	ACME_FILE="${TRAEFIK_CONFIG_DIR}/acme.json"

	# Check if script is run as root
	if [[ $EUID -ne 0 ]]; then
	echo "This script must be run as root"
	exit 1
	fi

	# Function to get Cloudflare credentials
	get_cloudflare_credentials() {
	# Check for environment variables first
	if [ -n "$CF_API_EMAIL" ] && [ -n "$CF_API_KEY" ]; then
	echo "Using Cloudflare credentials from environment variables."
	else
	# If environment variables are not set, prompt for input
	echo "Cloudflare credentials not found in environment variables. Please enter them manually."
	read -p "Enter your Cloudflare API email: " CF_API_EMAIL
	read -sp "Enter your Cloudflare API key: " CF_API_KEY
	echo
	fi

	# Validate that we have both values
	if [ -z "$CF_API_EMAIL" ] \|\| [ -z "$CF_API_KEY" ]; then
	echo "Error: Cloudflare API email and key are required."
	exit 1
	fi
	}

	# Get Cloudflare credentials
	get_cloudflare_credentials

	# Download and extract Traefik package
	echo "Downloading Traefik ${TRAEFIK_VERSION}..."
	curl -L ${TRAEFIK_PACKAGE_URL} -o /tmp/traefik.tar.gz
	tar -xzf /tmp/traefik.tar.gz -C /tmp
	mv /tmp/traefik ${TRAEFIK_INSTALL_DIR}/traefik
	rm /tmp/traefik.tar.gz

	# Make Traefik executable
	chmod +x ${TRAEFIK_INSTALL_DIR}/traefik

	# Create Traefik configuration directories
	mkdir -p ${TRAEFIK_CONFIG_DIR}
	mkdir -p ${TRAEFIK_DYNAMIC_DIR}

	# Create a Traefik configuration file with HTTPS and Let's Encrypt
	cat << EOF > ${TRAEFIK_CONFIG_DIR}/traefik.yml
	entryPoints:
	web:
	address: ":80"
	websecure:
	address: ":443"

	providers:
	file:
	directory: ${TRAEFIK_DYNAMIC_DIR}
	watch: true

	api:
	dashboard: true

	certificatesResolvers:
	cloudflare:
	acme:
	email: ${CF_API_EMAIL}
	storage: ${ACME_FILE}
	dnsChallenge:
	provider: cloudflare
	resolvers:
	- "1.1.1.1:53"
	- "8.8.8.8:53"

	tls:
	options:
	default:
	minVersion: VersionTLS12
	cipherSuites:
	- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
	- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	- TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
	- TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384

	http:
	routers:
	http_catchall:
	rule: "HostRegexp(\`{any:.+}\`)"
	entrypoints:
	- web
	middlewares:
	- https_redirect
	service: noop@internal
	middlewares:
	https_redirect:
	redirectScheme:
	scheme: https
	permanent: true
	EOF

	# Create systemd service file
	cat << EOF > /etc/systemd/system/traefik.service
	[Unit]
	Description=Traefik
	Documentation=https://doc.traefik.io/traefik/
	After=network-online.target
	Wants=network-online.target

	[Service]
	Type=simple
	ExecStart=${TRAEFIK_INSTALL_DIR}/traefik --configfile=${TRAEFIK_CONFIG_DIR}/traefik.yml
	Restart=on-failure
	RestartSec=5
	User=root
	Group=root
	Environment="CF_API_EMAIL=${CF_API_EMAIL}"
	Environment="CF_API_KEY=${CF_API_KEY}"

	[Install]
	WantedBy=multi-user.target
	EOF

	# Reload systemd, enable and start Traefik service
	systemctl daemon-reload
	systemctl enable traefik
	systemctl start traefik

	echo "Traefik ${TRAEFIK_VERSION} has been installed and started as a systemd service with HTTPS support."
	echo "You can check its status with: systemctl status traefik"
	echo "The main configuration file is located at: ${TRAEFIK_CONFIG_DIR}/traefik.yml"
	echo "Dynamic configurations should be placed in: ${TRAEFIK_DYNAMIC_DIR}"
	echo "Add your domain-specific configurations to files in ${TRAEFIK_DYNAMIC_DIR}"
	echo "Remember to configure your DNS records to point to this server for each domain you want to use."
	echo "All HTTP traffic will be automatically redirected to HTTPS."