Traefik v3: Reverse Proxy Modern untuk Docker Container

Traefik adalah reverse proxy modern yang dirancang khusus untuk containerized environments. Fitur unggulannya: auto-discovery — Traefik otomatis mendeteksi container baru dan membuat route tanpa konfigurasi manual. Combined dengan auto-HTTPS via Let's Encrypt, Traefik menghilangkan semua manual work dari reverse proxy management. ## Mengapa Traefik? **Auto-Discovery.** Ketika kamu start一个新的Docker container dengan label yang benar, Traefik otomatis membuat route untuk container tersebut. Tidak perlu reload config atau restart service. **Auto-HTTPS.** Traefik terintegrasi langsung dengan Let's Encrypt. Certificate dikeluarkan dan diperbarui otomatis untuk semua domain yang terkonfigurasi. **Docker Provider.** Traefik berbicara langsung dengan Docker API. Label di container menjadi konfigurasi Traefik — satu sumber kebenaran. **Dashboard Real-time.** Web dashboard yang menampilkan semua routes, services, middlewares, dan certificates secara real-time. ## Arsitektur ``` [Internet] --> [Traefik :80/:443] --> [container-app :3000] --> [container-api :8080] --> [container-admin :8081] ``` Traefik menangani semua traffic masuk dan routing berdasarkan rules. ## Install Traefik dengan Docker ### 1. Buat Docker Network ```bash docker network create traefik ``` ### 2. Buat docker-compose.yml ```yaml version: "3.8" services: traefik: image: traefik:v3.0 container_name: traefik restart: unless-stopped ports: - "80:80" - "443:443" - "8080:8080" volumes: - /var/run/docker.sock:/var/run/docker.sock:ro - ./traefik.yml:/etc/traefik/traefik.yml:ro - traefik-certs:/certs networks: - traefik labels: - "traefik.enable=true" # Dashboard - "traefik.http.routers.traefik-dashboard.rule=Host(`traefik.yourdomain.com`)" - "traefik.http.routers.traefik-dashboard.service=api@internal" - "traefik.http.routers.traefik-dashboard.tls.certresolver=letsencrypt" environment: - TZ=Asia/Jakarta networks: traefik: external: true volumes: traefik-certs: ``` ### 3. Static Config (traefik.yml) ```yaml # traefik.yml api: dashboard: true entryPoints: web: address: ":80" http: redirections: entryPoint: to: websecure scheme: https websecure: address: ":443" providers: docker: endpoint: "unix:///var/run/docker.sock" exposedByDefault: false network: traefik certificatesResolvers: letsencrypt: acme: email: [email protected] storage: /certs/acme.json httpChallenge: entryPoint: web ``` ### 4. Jalankan ```bash docker compose up -d ``` ## Deploy App dengan Traefik ### Contoh: Deploy Web App ```yaml # app/docker-compose.yml version: "3.8" services: webapp: image: nginx:alpine restart: unless-stopped networks: - traefik labels: - "traefik.enable=true" - "traefik.http.routers.webapp.rule=Host(`app.yourdomain.com`)" - "traefik.http.routers.webapp.tls.certresolver=letsencrypt" - "traefik.http.services.webapp.loadbalancer.server.port=80" # Rate limiting - "traefik.http.middlewares.rate-limit.ratelimit.average=100" - "traefik.http.middlewares.rate-limit.ratelimit.burst=50" - "traefik.http.routers.webapp.middlewares=rate-limit" networks: traefik: external: true ``` Cukup jalankan `docker compose up -d` dan Traefik otomatis: 1. Mendeteksi container baru 2. Membuat route untuk `app.yourdomain.com` 3. Mengeluarkan SSL certificate dari Let's Encrypt 4. Mulai menerima traffic ### Contoh: Deploy API ```yaml api: build: ./api restart: unless-stopped networks: - traefik labels: - "traefik.enable=true" - "traefik.http.routers.api.rule=Host(`api.yourdomain.com`)" - "traefik.http.routers.api.tls.certresolver=letsencrypt" - "traefik.http.services.api.loadbalancer.server.port=3000" # Basic Auth - "traefik.http.middlewares.api-auth.basicauth.users=user:password" - "traefik.http.routers.api.middlewares=api-auth" ``` ## Middlewares Traefik mendukung berbagai middleware untuk memodifikasi traffic: ### Rate Limiting ```yaml labels: - "traefik.http.middlewares.my-ratelimit.ratelimit.average=100" - "traefik.http.middlewares.my-ratelimit.ratelimit.burst=50" - "traefik.http.middlewares.my-ratelimit.ratelimit.period=1s" ``` ### Headers ```yaml labels: - "traefik.http.middlewares.my-headers.headers.stsSeconds=31536000" - "traefik.http.middlewares.my-headers.headers.stsIncludeSubdomains=true" - "traefik.http.middlewares.my-headers.headers.forceSTSHeader=true" - "traefik.http.middlewares.my-headers.headers.browserXssFilter=true" - "traefik.http.middlewares.my-headers.headers.contentTypeNosniff=true" ``` ### IP Whitelist ```yaml labels: - "traefik.http.middlewares.admin-ip.ipwhitelist.sourcerange=192.168.1.0/24" - "traefik.http.routers.admin.middlewares=admin-ip" ``` ### Redirect ```yaml labels: - "traefik.http.middlewares.redirect-www.redirectRegex.regex=^https://www\.(.*)" - "traefik.http.middlewares.redirect-www.redirectRegex.replacement=https://$$1" - "traefik.http.middlewares.redirect-www.redirectRegex.permanent=true" ``` ## Traefik vs Caddy vs Nginx | Fitur | Traefik | Caddy | Nginx | |-------|---------|-------|-------| | Auto-Discovery | ✅ Native | ❌ Manual | ❌ Manual | | Auto-HTTPS | ✅ | ✅ | ❌ (certbot) | | Docker Integration | ✅ Native | ❌ | ❌ (swag/nginx-proxy) | | Dashboard | ✅ | ❌ | ❌ (3rd party) | | Config Style | Labels | Caddyfile | nginx.conf | | Performance | Excellent | Excellent | Excellent | | Learning Curve | Medium | Low | High | ## Monitoring Traefik menyediakan metrics untuk Prometheus: ```yaml # traefik.yml metrics: prometheus: addEntryPointsLabels: true addRoutersLabels: true addServicesLabels: true buckets: - 0.1 - 0.3 - 1.2 - 5.0 ``` ## Troubleshooting **Container tidak ter-deteksi?** - Cek label: `traefik.enable=true` - Cek network: container harus di network yang sama dengan Traefik - Cek logs: `docker logs traefik` **HTTPS tidak jalan?** - Pastikan port 80 dan 443 terbuka - Pastikan DNS sudah pointing ke IP server - Cek Let's Encrypt logs di dashboard **502 Bad Gateway?** - Cek port container yang benar di label - Cek apakah container running: `docker ps` - Cek Traefik logs untuk detail error Traefik adalah pilihan terbaik untuk Docker-based infrastructure. Auto-discovery dan auto-HTTPS menghilangkan semua manual work dari reverse proxy management.