Lanjutan dari Part 1 - Deploy Service Pertama di Swarm
Part 2, Traefik sebagai Reverse Proxy
Alasan saya simpel, di sini saya pake traefik karena paling banyak tutorialnya.
Untuk di awal kita akan mencoba setup reverse proxy (setup domain, basic-auth, dll) menggunakan traefik.
Deploy Traefik
-
Pertama cek IP swarm manager
Cek IP Swarm
-
Tambahkan di /etc/hosts
Tambahkan traefik.local di /etc/hosts
-
Buat docker-compose-traefik.yml
version: "3.4"
services:
traefik:
image: traefik:v2.4
ports:
- 80:80
#allow traefik to access docker socket
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
deploy:
placement:
constraints:
#only run traefik at manager
- node.role == manager
labels:
#enable traefik
- traefik.enable=true
#enable traefik only on "traefik" network
- traefik.docker.network=traefik
#use "web" entrypoint
- traefik.http.routers.traefik-http.entrypoints=web
- traefik.http.routers.traefik-http.service=api@internal
#source port from traefik web UI
- traefik.http.services.traefik-http.loadbalancer.server.port=8080
command:
- --log.level=DEBUG
# Enabling docker provider
- --providers.docker=true
# Enable Docker Swarm mode
- --providers.docker.swarmmode
# Do not expose containers unless explicitly told so
- --providers.docker.exposedbydefault=false
# Traefik will listen on port 8080 by default for API request.
- --api.insecure=true
# Traefik will listen to incoming request on the port 80 (HTTP)
- --entrypoints.web.address=:80
networks:
- traefik
networks:
traefik:
external: true
- Deploy traefik,
docker stack deploy -c docker-compose-traefik.yml traefik
- Kita cek di browser, ketikan traefik.local di address bar
Traefik Home Dashboard
Traefik Routers Dashboard
Basic Auth di Traefik
Harusnya setelah melakukan langkah-langkah di atas, kita akan bisa langsung membuka dashboard traefik tanpa harus memasukan otentikasi. Biar lebih aman, kita akan setup traefik dengan basic-auth login, berikut caranya:
- Kita buat dulu otentikasi untuk basic-auth
echo $(htpasswd -nbB sahamaneh "aingmacan") | sed -e s/\\$/\\$\\$/g
- Buka lagi docker-compose-traefik.yml
version: "3.4"
services:
traefik:
image: traefik:v2.4
ports:
- 80:80
#allow traefik to access docker socket
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
deploy:
placement:
constraints:
#only run traefik at manager
- node.role == manager
labels:
#enable traefik
- traefik.enable=true
#enable traefik only on "traefik" network
- traefik.docker.network=traefik
#give traefik domain, to access it via browser
- traefik.http.routers.traefik-http.rule=Host(`traefik.local`)
- traefik.http.middlewares.admin-auth.basicauth.users=sahamaneh:$$2y$$05$$i8WQb772W13f0jP.1tTDteaivolUBDjf1YTbjzk0JD33ktIQjsDXe
- traefik.http.routers.traefik-http.middlewares=admin-auth
#use "web" entrypoint
- traefik.http.routers.traefik-http.entrypoints=web
- traefik.http.routers.traefik-http.service=api@internal
#source port from traefik web UI
- traefik.http.services.traefik-http.loadbalancer.server.port=8080
command:
- --log.level=DEBUG
# Enabling docker provider
- --providers.docker=true
# Enable Docker Swarm mode
- --providers.docker.swarmmode
# Do not expose containers unless explicitly told so
- --providers.docker.exposedbydefault=false
# Traefik will listen on port 8080 by default for API request.
- --api.insecure=true
# Traefik will listen to incoming request on the port 80 (HTTP)
- --entrypoints.web.address=:80
networks:
- traefik
networks:
traefik:
external: true
- Update stack traefik
docker stack deploy -c docker-compose-traefik.yml traefik
Update Stack Traefik
- Tunggu beberapa saat, lalu cek kembali “traefik.local” di browser, harusnya sudah muncul pop up otentikasi
Basic Auth Traefik