Skip to main content
  1. Posts/

Install Traefik di Docker

·3 mins·
traefik docker traefik
Table of Contents

Traefik adalah reverse proxy dan load balancer modern yang dirancang untuk aplikasi berbasis mikroservis (seperti Docker, Kubernetes). Fitur utamanya termasuk:

  • Konfigurasi Otomatis – Secara dinamis mendeteksi service baru dan memperbarui aturan routing tanpa perlu restart.
  • Sertifikat TLS Otomatis – Mendukung otomatisasi sertifikat SSL/TLS dengan Let’s Encrypt.
  • Dashboard Monitoring – Menyediakan antarmuka visual untuk memantau lalu lintas dan konfigurasi.

Traefik sering digunakan sebagai pintu masuk (ingress) yang efisien pada aplikasi berbasis cloud maupun container.

Setup dengan Docker CLI
#

Pastikan Docker sudah terinstall dan service Docker sedang berjalan.

1. Buat Konfigurasi Traefik
#

Buat file konfigurasi di /opt/traefik/traefik.yml

providers:
  docker:
    # Aturan host default.
    # Default: "Host(`{{ normalize .Name }}`)"
    defaultRule: Host(`{{ normalize .Name }}.example.io`)

    # Jangan expose container secara otomatis.
    # Default: true
    exposedByDefault: false

api:
  insecure: true
Konfigurasi defaultRule akan membuat setiap container yang dijalankan dapat diakses dengan subdomain: .example.io

2. Jalankan Traefik
# 

docker run -dit --name traefik \
  -p 8080:8080 -p 80:80 \
  -v /opt/traefik/traefik.yml:/etc/traefik/traefik.yml \
  -v /var/run/docker.sock:/var/run/docker.sock \
  traefik \
  --api=true --api.debug=true --api.dashboard=true --api.insecure=true

3. Jalankan Backend (Contoh Whoami)
# 

docker run -dit --name test traefik/whoami

4. Tes Akses dengan curl
# 

curl http://test.example.io

Output (contoh):

Hostname: 939bfc511e21
IP: 127.0.0.1
IP: 172.18.0.3
RemoteAddr: 172.18.0.2:53478
GET / HTTP/1.1
Host: test.example.io
User-Agent: curl/7.81.0
Accept: */*
Accept-Encoding: gzip
X-Forwarded-For: 192.168.100.100
X-Forwarded-Host: test.example.io
X-Forwarded-Port: 80
X-Forwarded-Proto: http
X-Forwarded-Server: 6dd6581a3243
X-Real-Ip: 192.168.100.100

5. Akses Dashboard
#

Dashboard Traefik dapat diakses melalui:

http://<IP_SERVER>:8080

Traefik Dashboard

Docker Compose
#

1. Buat File docker-compose.yml
#

Di dalam folder project, buat file docker-compose.yml seperti berikut:

services:
  traefik:
    image: traefik:latest
    container_name: traefik
    environment:
      - CF_API_EMAIL=${CLOUDFLARE_EMAIL}
      - CF_DNS_API_TOKEN=${CLOUDFLARE_API_KEY}
    command:
      - "--configFile=/etc/traefik/traefik.yml"
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - ./traefik/traefik.yml:/etc/traefik/traefik.yml
      - ./traefik/custom:/etc/traefik/custom
      - ./letsencrypt:/letsencrypt
      - /var/run/docker.sock:/var/run/docker.sock:ro
    restart: unless-stopped
    networks:
      - external
    security_opt:
      - no-new-privileges:true
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.traefik.rule=Host(`${DOMAIN_TRAEFIK}`)"
      - "traefik.http.routers.traefik.service=api@internal"
      - "traefik.http.routers.traefik.entrypoints=websecure"
      - "traefik.http.routers.traefik.tls.certresolver=${CERTRESOLVER}"
      - "traefik.http.routers.traefik.middlewares=traefik-auth"
      - "traefik.http.middlewares.traefik-auth.basicauth.users=${TRAEFIK_PASSWORD}"

  whoami:
    image: traefik/whoami
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.${APP_NAME}-console.rule=Host(`${DOMAIN_APP}`)"
      - "traefik.http.routers.${APP_NAME}-console.entrypoints=websecure"
      - "traefik.http.routers.${APP_NAME}-console.service=${APP_NAME}"
      - "traefik.http.routers.${APP_NAME}-console.tls.certresolver=${CERTRESOLVER}"
      - "traefik.http.services.${APP_NAME}-console.loadbalancer.server.port=80"
      - "traefik.docker.network=${NETWORK}"

networks:
  internal:
    name: ${APP_NAME}
  external:
    external: true
    name: ${NETWORK}

2. Buat File .env
#

Isi variabel environment sesuai kebutuhan Anda.

# APP
DOMAIN_APP=whoami.yourdomain.com

# Traefik
CLOUDFLARE_EMAIL=[email protected]
CLOUDFLARE_API_KEY=your_secret
DOMAIN_TRAEFIK=traefik.yourdomain.com
CERTRESOLVER=letsencrypt

## Htpasswd untuk proteksi dashboard
## Gunakan perintah berikut untuk membuat user:pass terenkripsi
## htpasswd -nb admin secure_password | sed -e s/\\$/\\$\\$/g
TRAEFIK_PASSWORD=admin:$$apr1$$KNBNzB4i$$HYhKfWmaHrFTAtcR4eJmX.

APP_NAME=whoami
NETWORK=traefik

3. Buat File traefik.yml
#

Di dalam folder traefik, buat file traefik.yml seperti berikut

# traefik.yml
api:
  dashboard: true

providers:
  docker:
    exposedByDefault: false
  file:
    directory: "/etc/traefik/custom"
    watch: true

entryPoints:
  web:
    address: ":80"
    http:
      redirections:
        entryPoint:
          to: websecure
          scheme: https

  websecure:
    address: ":443"

certificatesResolvers:
  letsencrypt:
    acme:
      email: [email protected]
      storage: /letsencrypt/acme.json
      tlsChallenge: true
  cloudflare:
    acme:
      # caServer: "https://acme-staging-v02.api.letsencrypt.org/directory"  # TESTING ONLY
      email: [email protected]
      storage: /letsencrypt/acme.json  # Simpan di volume persisten
      keyType: EC_P256               # Gunakan ECC untuk performa & keamanan
      dnsChallenge:
        provider: cloudflare
        resolvers:
          - "1.1.1.1:53"
          - "8.8.8.8:53"
        delayBeforeCheck: 30

log:
  level: debug  # for error level logging
  filepath: "/logs/error.log"

accesslog:
  filepath: "/logs/access.log"

Untuk konfigurasi custom traefik dalam Anda lihat di repo GitHub

4. Jalankan Traefik
# 

docker compose up -d

Setelah berjalan, Anda bisa:

Related

Install Docker
·3 mins
docker linux docker
Install MinIO di Docker
·4 mins
minio docker minio
Install Consul dengan Docker
·2 mins
consul docker consul
Configure Network Aliases Docker
·2 mins
docker docker
Using IPvlan network in Docker
·5 mins
docker docker
Using Host Network in Docker
·1 min
docker docker