Traefik Learning Curriculum

Reverse Proxy and Load Balancer

3 Weeks - 15 Days - Complete Guide

Traefik adalah reverse proxy dan load balancer yang modern dan powerful

Overview

Tujuan Pembelajaran

Goals

Memahami apa itu Traefik dan keunggulannya
Mampu install dan konfigurasi Traefik
Membuat routing berdasarkan path, host, dan header
Setup multiple services dan microservices
Konfigurasi SSL/TLS dengan Lets Encrypt
Load balancing dan high availability

Keunggulan Traefik

Automatic Discovery - Otomatis detect layanan baru
Dynamic Configuration - Tanpa restart
Built-in Lets Encrypt - SSL otomatis
Multi Backend - Docker, Kubernetes, Consul

Minggu 1

Dasar-Dasar Traefik

Jadwal Minggu 1

Hari	Topik	Praktik
1	Pengenalan Traefik	Apa itu Traefik?
2	Instalasi	Install Traefik di Docker
3	Konfigurasi Dasar	Static dan Dynamic config
4	Docker Provider	Auto-discovery services
5	Basic Routing	Path dan Host routing

Minggu 1 - Hari 1

Apa itu Traefik?

Definisi: Traefik adalah reverse proxy HTTP modern yang secara otomatis menemukan layanan Anda.

Sejarah

Dirilis tahun 2015 oleh Emile Vauge
Written in Go
Open source (MIT license)

Kapan Pakai Traefik?

Multiple Docker containers
Microservices architecture
Need automatic SSL
Dynamic service discovery
Load balancing

Minggu 1 - Hari 2

Instalasi Traefik

Install dengan Docker

docker network create traefik

docker run -d \
  --name traefik \
  --network traefik \
  -p 80:80 -p 443:443 -p 8080:8080 \
  -v /var/run/docker.sock:/var/run/docker.sock:ro \
  traefik:v3.0 \
  --api.insecure=true \
  --providers.docker

Docker Compose

services:
  traefik:
    image: traefik:v3.0
    ports:
      - "80:80"
      - "443:443"
      - "8080:8080"
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - ./traefik.yml:/traefik.yml:ro
    networks:
      - traefik

networks:
  traefik:
    name: traefik

Minggu 1 - Hari 3

Konfigurasi Traefik

Traefik v3 menggunakan file konfigurasi traefik.yml

traefik.yml

api:
  dashboard: true
  insecure: true

entryPoints:
  web:
    address: ":80"
  websecure:
    address: ":443"

providers:
  docker:
    endpoint: "unix:///var/run/docker.sock"
    exposedByDefault: false

log:
  level: INFO

Run dengan Config

docker run -v ./traefik.yml:/traefik.yml:ro \
  traefik:v3.0 --configFile=/traefik.yml

Minggu 1 - Hari 4

Docker Provider

Docker Provider memungkinkan Traefik otomatis mendeteksi container baru.

Label di Docker Compose

services:
  myapp:
    image: nginx
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.myapp.rule=Host(`example.com`)"
      - "traefik.http.routers.myapp.entrypoints=web"
      - "traefik.http.services.myapp.loadbalancer.server.port=80"

Common Labels

traefik.enable=true
traefik.http.routers.myrouter.rule=Host(`domain.com`)
traefik.http.routers.myrouter.rule=PathPrefix(`/api`)
traefik.http.services.myservice.loadbalancer.server.port=3000

Minggu 1 - Hari 5

Basic Routing

Host-based Routing

labels:
  - "traefik.http.routers.app1.rule=Host(`app1.example.com`)"
  - "traefik.http.routers.app2.rule=Host(`app2.example.com`)"

Path-based Routing

labels:
  - "traefik.http.routers.api.rule=PathPrefix(`/api`)"
  - "traefik.http.routers.web.rule=Path(`/admin`)"

Path + Host

labels:
  - "traefik.http.routers.app.rule=Host(`app.example.com`) && PathPrefix(`/api`)"

Minggu 2

SSL and Middlewares

Jadwal Minggu 2

Hari	Topik	Praktik
1	Lets Encrypt	Automatic SSL
2	SSL Options	TLS configuration
3	Basic Auth	Password protection
4	Rate Limiting	Prevent abuse
5	Redirects	HTTP to HTTPS

Minggu 2 - Hari 1

Lets Encrypt SSL

Traefik memiliki built-in support untuk Lets Encrypt - SSL otomatis!

Konfigurasi ACME

certificatesResolvers:
  letsencrypt:
    acme:
      email: [email protected]
      storage: /letsencrypt/acme.json
      httpChallenge:
        entryPoint: web

Enable SSL di Router

labels:
  - "traefik.http.routers.myapp.rule=Host(`example.com`)"
  - "traefik.http.routers.myapp.tls=true"
  - "traefik.http.routers.myapp.tls.certresolver=letsencrypt"

Minggu 2 - Hari 2

TLS Options

Custom TLS Config

labels:
  - "traefik.http.routers.myapp.tls=true"
  - "traefik.http.routers.myapp.tls.options.mytls.minVersion=VersionTLS12"

Global TLS Options

tls:
  options:
    default:
      minVersion: VersionTLS12
      sniStrict: true

Self-Signed

labels:
  - "traefik.http.routers.myapp.tls=true"
  - "traefik.http.routers.myapp.tls.domains[0].main=example.com"

Minggu 2 - Hari 3

Basic Auth Middleware

Buat Password Hash

htpasswd -nb admin password | cut -d: -f2

Daftarkan Middleware

http:
  middlewares:
    basic-auth:
      basicAuth:
        users:
          - "admin:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/"

Gunakan Middleware

labels:
  - "traefik.http.routers.myapp.middlewares=basic-auth"

Minggu 2 - Hari 4

Rate Limiting

Configure Middleware

http:
  middlewares:
    rate-limit:
      rateLimit:
        average: 100
        burst: 50
        period: 1s

Per IP

http:
  middlewares:
    rate-limit-per-ip:
      rateLimit:
        average: 10
        burst: 20
        period: 1s
        sourceCriterion:
          ipStrategy:
            depth: 1

Minggu 2 - Hari 5

Redirects

HTTP to HTTPS

labels:
  - "traefik.http.routers.http-catchall.rule=Host(`example.com`)"
  - "traefik.http.routers.http-catchall.entrypoints=web"
  - "traefik.http.routers.http-catchall.middlewares=redirect-to-https"

http:
  middlewares:
    redirect-to-https:
      redirectScheme:
        scheme: https
        permanent: true

Path Redirect

http:
  middlewares:
    redirect-old-to-new:
      redirectRegex:
        regex: "^/old/(.*)$"
        replacement: "/new/$1"
        permanent: true

Minggu 3

Advanced Features

Jadwal Minggu 3

Hari	Topik	Praktik
1	Load Balancing	Multiple backends
2	Service Health	Health checks
3	File Provider	YAML config
4	Dashboard	Monitoring
5	Full Setup	Real example

Minggu 3 - Hari 1

Load Balancing

Traefik menggunakan round-robin untuk load balancing.

Multiple Instances

services:
  app:
    deploy:
      replicas: 3
    labels:
      - "traefik.http.services.app.loadbalancer.server.port=8080"

Sticky Sessions

labels:
  - "traefik.http.services.app.loadbalancer.sticky.cookie=true"
  - "traefik.http.services.app.loadbalancer.sticky.cookie.name=session"

Minggu 3 - Hari 2

Health Checks

Configure Health Check

labels:
  - "traefik.http.services.app.loadbalancer.healthcheck.path=/health"
  - "traefik.http.services.app.loadbalancer.healthcheck.interval=30s"
  - "traefik.http.services.app.loadbalancer.healthcheck.timeout=5s"
  - "traefik.http.services.app.loadbalancer.healthcheck.port=8080"

Options

labels:
  - "traefik.http.services.app.loadbalancer.healthcheck.hostname=myapp.local"
  - "traefik.http.services.app.loadbalancer.healthcheck.scheme=http"

Minggu 3 - Hari 3

File Provider

File Provider memungkinkan konfigurasi via file YAML.

traefik.yml

http:
  routers:
    my-router:
      rule: "Host(`example.com`)"
      service: my-service
      tls: {}
  
  services:
    my-service:
      loadBalancer:
        servers:
          - url: "http://localhost:8081"
          - url: "http://localhost:8082"

Enable

providers:
  docker: {}
  file:
    filename: /config/routes.yml
    watch: true

Minggu 3 - Hari 4

Dashboard and Monitoring

Enable Dashboard

api:
  dashboard: true
  insecure: true

Access Dashboard

labels:
  - "traefik.http.routers.dashboard.rule=Host(`traefik.example.com`)"
  - "traefik.http.routers.dashboard.service=api@internal"

Prometheus Metrics

metrics:
  prometheus:
    addEntryPointsLabels: true
    addServicesLabels: true

Important: Selalu lindungi akses dashboard!

Final

Full Example

docker-compose.yml

services:
  traefik:
    image: traefik:v3.0
    ports:
      - "80:80"
      - "443:443"
      - "8080:8080"
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - ./traefik.yml:/traefik.yml:ro
      - ./letsencrypt:/letsencrypt

  app1:
    image: nginx
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.app1.rule=Host(`app1.local`)"
      - "traefik.http.routers.app1.entrypoints=websecure"
      - "traefik.http.routers.app1.tls.certresolver=letsencrypt"

  app2:
    image: whoami
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.app2.rule=PathPrefix(`/whoami`)"

Selamat! Anda telah menyelesaikan Traefik Learning Curriculum.