feat: CoreDNS IPv4 上游、03-03 Tomcat 修复、HAProxy 与验证脚本

- Ansible: 部署时自动配置 CoreDNS forward 为 IPv4，避免 ACME 解析失败 - 01-01/01-07: 文档增加 CoreDNS 设置说明 - 03-03: Tomcat webapps.dist 复制、HTTP/HTTPS 双 Ingress、显式 Dashboard IngressRoute - traefik-dashboard-acme: tomcat-acme.yaml、404 排查说明 - HAProxy: 健康检查与 PROXY 配置拆分，18080/18443 部署与验证脚本 Made-with: Cursor
2026-03-22 19:02:46 +08:00
parent de1be1dbe5
commit 8a54cac61f
25 changed files with 924 additions and 113 deletions
--- a/docs/06-02-运维小结.md
+++ b/docs/06-02-运维小结.md
@@ -15,7 +15,6 @@
  - `kubectl -n kube-system logs deploy/traefik --tail=100`
  - `kubectl -n kube-system get helmchart,helmchartconfig`
  - `kubectl -n kube-system describe pod <pod-name>`
-
 - **节点与网络**
  - `kubectl get node -o wide`
  - `watch -n 1 'ip addr; ip route'`
@@ -23,12 +22,10 @@
  - `sudo netstat -tulpn | grep ':80\|:443\|:6443'`
  - `sudo lsof -iTCP -sTCP:LISTEN -P -n | grep -E ':80|:443|:6443'`
  - `curl -vk https://<域名>/ --resolve "<域名>:443:<入口IP>" -o /dev/null`
-
 - **Traefik / ACME 相关**
  - `kubectl -n kube-system logs deploy/traefik --tail=200 | grep -i acme || true`
  - `kubectl -n kube-system get ingress -A`
  - `openssl s_client -connect <IP>:443 -servername <域名> </dev/null 2>/dev/null | openssl x509 -noout -text | grep -E "Subject:|DNS:"`
-
 - **SSH 与 Ansible**
  - `bash scripts/ssh/test-ssh.sh`
  - `ssh -i ~/.ssh/id_ed25519_k3s_*.61 root@192.168.2.61`