Traefik adalah reverse proxy dan load balancer modern yang dirancang untuk aplikasi berbasis mikroservis (seperti Docker, Kubernetes). Fitur utamanya termasuk:
- Konfigurasi Otomatis β Secara dinamis mendeteksi service baru dan memperbarui aturan routing tanpa perlu restart.
- Sertifikat TLS Otomatis β Mendukung otomatisasi sertifikat SSL/TLS dengan Let’s Encrypt.
- Dashboard Monitoring β Menyediakan antarmuka visual untuk memantau lalu lintas dan konfigurasi.
Traefik sering digunakan sebagai pintu masuk (ingress) yang efisien pada aplikasi berbasis cloud maupun container.
Setup dengan Docker CLI #
Pastikan Docker sudah terinstall dan service Docker sedang berjalan.
1. Buat Konfigurasi Traefik #
Buat file konfigurasi di /opt/traefik/traefik.yml
providers:
docker:
# Aturan host default.
# Default: "Host(`{{ normalize .Name }}`)"
defaultRule: Host(`{{ normalize .Name }}.example.io`)
# Jangan expose container secara otomatis.
# Default: true
exposedByDefault: false
api:
insecure: true
Konfigurasi .example.io
defaultRule akan membuat setiap container yang dijalankan dapat diakses dengan subdomain:
2. Jalankan Traefik #
docker run -dit --name traefik \
-p 8080:8080 -p 80:80 \
-v /opt/traefik/traefik.yml:/etc/traefik/traefik.yml \
-v /var/run/docker.sock:/var/run/docker.sock \
traefik \
--api=true --api.debug=true --api.dashboard=true --api.insecure=true3. Jalankan Backend (Contoh Whoami) #
docker run -dit --name test traefik/whoami4. Tes Akses dengan curl
#
curl http://test.example.ioOutput (contoh):
Hostname: 939bfc511e21
IP: 127.0.0.1
IP: 172.18.0.3
RemoteAddr: 172.18.0.2:53478
GET / HTTP/1.1
Host: test.example.io
User-Agent: curl/7.81.0
Accept: */*
Accept-Encoding: gzip
X-Forwarded-For: 192.168.100.100
X-Forwarded-Host: test.example.io
X-Forwarded-Port: 80
X-Forwarded-Proto: http
X-Forwarded-Server: 6dd6581a3243
X-Real-Ip: 192.168.100.1005. Akses Dashboard #
Dashboard Traefik dapat diakses melalui:
http://<IP_SERVER>:8080
Docker Compose #
1. Buat File docker-compose.yml
#
Di dalam folder project, buat file docker-compose.yml seperti berikut:
services:
traefik:
image: traefik:latest
container_name: traefik
environment:
- CF_API_EMAIL=${CLOUDFLARE_EMAIL}
- CF_DNS_API_TOKEN=${CLOUDFLARE_API_KEY}
command:
- "--configFile=/etc/traefik/traefik.yml"
ports:
- "80:80"
- "443:443"
volumes:
- ./traefik/traefik.yml:/etc/traefik/traefik.yml
- ./traefik/custom:/etc/traefik/custom
- ./letsencrypt:/letsencrypt
- /var/run/docker.sock:/var/run/docker.sock:ro
restart: unless-stopped
networks:
- external
security_opt:
- no-new-privileges:true
labels:
- "traefik.enable=true"
- "traefik.http.routers.traefik.rule=Host(`${DOMAIN_TRAEFIK}`)"
- "traefik.http.routers.traefik.service=api@internal"
- "traefik.http.routers.traefik.entrypoints=websecure"
- "traefik.http.routers.traefik.tls.certresolver=${CERTRESOLVER}"
- "traefik.http.routers.traefik.middlewares=traefik-auth"
- "traefik.http.middlewares.traefik-auth.basicauth.users=${TRAEFIK_PASSWORD}"
whoami:
image: traefik/whoami
labels:
- "traefik.enable=true"
- "traefik.http.routers.${APP_NAME}-console.rule=Host(`${DOMAIN_APP}`)"
- "traefik.http.routers.${APP_NAME}-console.entrypoints=websecure"
- "traefik.http.routers.${APP_NAME}-console.service=${APP_NAME}"
- "traefik.http.routers.${APP_NAME}-console.tls.certresolver=${CERTRESOLVER}"
- "traefik.http.services.${APP_NAME}-console.loadbalancer.server.port=80"
- "traefik.docker.network=${NETWORK}"
networks:
internal:
name: ${APP_NAME}
external:
external: true
name: ${NETWORK}2. Buat File .env
#
Isi variabel environment sesuai kebutuhan Anda.
# APP
DOMAIN_APP=whoami.yourdomain.com
# Traefik
CLOUDFLARE_EMAIL=[email protected]
CLOUDFLARE_API_KEY=your_secret
DOMAIN_TRAEFIK=traefik.yourdomain.com
CERTRESOLVER=letsencrypt
## Htpasswd untuk proteksi dashboard
## Gunakan perintah berikut untuk membuat user:pass terenkripsi
## htpasswd -nb admin secure_password | sed -e s/\\$/\\$\\$/g
TRAEFIK_PASSWORD=admin:$$apr1$$KNBNzB4i$$HYhKfWmaHrFTAtcR4eJmX.
APP_NAME=whoami
NETWORK=traefik3. Buat File traefik.yml
#
Di dalam folder traefik, buat file traefik.yml seperti berikut
# traefik.yml
api:
dashboard: true
providers:
docker:
exposedByDefault: false
file:
directory: "/etc/traefik/custom"
watch: true
entryPoints:
web:
address: ":80"
http:
redirections:
entryPoint:
to: websecure
scheme: https
websecure:
address: ":443"
certificatesResolvers:
letsencrypt:
acme:
email: [email protected]
storage: /letsencrypt/acme.json
tlsChallenge: true
cloudflare:
acme:
# caServer: "https://acme-staging-v02.api.letsencrypt.org/directory" # TESTING ONLY
email: [email protected]
storage: /letsencrypt/acme.json # Simpan di volume persisten
keyType: EC_P256 # Gunakan ECC untuk performa & keamanan
dnsChallenge:
provider: cloudflare
resolvers:
- "1.1.1.1:53"
- "8.8.8.8:53"
delayBeforeCheck: 30
log:
level: debug # for error level logging
filepath: "/logs/error.log"
accesslog:
filepath: "/logs/access.log"Untuk konfigurasi custom traefik dalam Anda lihat di repo GitHub
4. Jalankan Traefik #
docker compose up -dSetelah berjalan, Anda bisa:
- Akses aplikasi demo (whoami) melalui https://whoami.yourdomain.com
- Akses dashboard Traefik melalui https://traefik.yourdomain.com
