[Lanjutan dari Part 3 - Deploy Visualizer dan Whoami](https://ipang.my.id/post/2021-10-24-bagian-3-install-visualizer-dan-whois/
Part 4, Deploy di Lightsail AWS
Untuk part ini saya hanya akan menggunakan 1 server sebagai manajer merangkap worker (tolong jangan tanya kenapa kecuali kalian mau bayarin).
1 Server for All
Deploy Traefik
-
Kita setup dulu DNS nya, arahkan domain ke IP server anda
Setup DNS
-
Inisialiasi docker swarm
docker swarm init
docker swarm init Using Private IP
- Buat file docker-compose-traefik.yml untuk deploy traefik
version: "3.4"
services:
traefik:
image: traefik:v2.5
ports:
- 80:80
#allow traefik to access docker socket
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
deploy:
placement:
constraints:
#only run traefik at manager
- node.role == manager
labels:
#enable traefik
- traefik.enable=true
#enable traefik only on "traefik" network
- traefik.docker.network=traefik
#give traefik domain, to access it via browser
- traefik.http.routers.traefik-http.rule=Host(`traefik.ipang.my.id`)
- traefik.http.middlewares.admin-auth.basicauth.users=sahamaneh:$$2y$$05$$i8WQb772W13f0jP.1tTDteaivolUBDjf1YTbjzk0JD33ktIQjsDXe
- traefik.http.routers.traefik-http.middlewares=admin-auth
#use "web" entrypoint
- traefik.http.routers.traefik-http.entrypoints=web
- traefik.http.routers.traefik-http.service=api@internal
#source port from traefik web UI
- traefik.http.services.traefik-http.loadbalancer.server.port=8080
command:
- --log.level=DEBUG
# Enabling docker provider
- --providers.docker=true
# Enable Docker Swarm mode
- --providers.docker.swarmmode
# Do not expose containers unless explicitly told so
- --providers.docker.exposedbydefault=false
# Traefik will listen on port 8080 by default for API request.
- --api.insecure=true
# Traefik will listen to incoming request on the port 80 (HTTP)
- --entrypoints.web.address=:80
networks:
- traefik
networks:
traefik:
external: true
- Deploy traefik
docker stack deploy -c docker-compose-traefik.yml traefik
Deploy Traefik
- Cek di browser, ketikan domain yang anda daftarkan tadi di awal
Basic Auth Sebelum ke Dashboard
Traefik Dashboard
Let’s Encrypt di Traefik
Sebenarnya mudah untuk memasang dan menggunakan sertifikat dari let’s encrypt di traefik, kendala yang sering saya dapatkan adalah salah ketik.
Seperti perintah traefik yang seharusnya traefik.http kadang di tulis traefik.https, https-redirect jadi http-redirect, dsb.
Hal itu bisa diatasi dengan mengecek berulang atau coba deploy berulang, jangan sampai bosan saja ya
Berikut script docker-compose.yml untuk deploy traefik dengan let’s encrypt:
version: "3.4"
services:
traefik:
environment:
- TZ=Asia/Jakarta
image: traefik:v2.5.3
ports:
- 80:80
- 443:443
#allow traefik to access docker socket
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- traefik-public-certificates:/certificates
deploy:
placement:
constraints:
#only run traefik at manager
- node.role == manager
labels:
- traefik.enable=true
- traefik.docker.network=traefik
- traefik.http.routers.traefik-http.rule=Host(`traefik.ipang.my.id`)
- traefik.http.routers.traefik-http.entrypoints=web
- traefik.http.middlewares.admin-auth.basicauth.users=sahamaneh:$$2y$$05$$i8WQb772W13f0jP.1tTDteaivolUBDjf1YTbjzk0JD33ktIQjsDXe
- traefik.http.middlewares.https-redirect.redirectscheme.scheme=https
- traefik.http.middlewares.https-redirect.redirectscheme.permanent=true
- traefik.http.routers.traefik-http.middlewares=https-redirect
- traefik.http.routers.traefik-https.rule=Host(`traefik.ipang.my.id`)
- traefik.http.routers.traefik-https.entrypoints=https
- traefik.http.routers.traefik-https.tls=true
- traefik.http.routers.traefik-https.tls.certresolver=le
- traefik.http.routers.traefik-http.service=api@internal
- traefik.http.routers.traefik-https.middlewares=admin-auth
- traefik.http.services.traefik-http.loadbalancer.server.port=8080
command:
- --log.level=DEBUG
# Enabling docker provider
- --providers.docker=true
# Enable Docker Swarm mode
- --providers.docker.swarmmode=true
# Do not expose containers unless explicitly told so
- --providers.docker.exposedbydefault=false
# Traefik will listen on port 8080 by default for API request.
- --api.insecure=true
# Traefik will listen to incoming request on the port 80 (HTTP)
- --entrypoints.web.address=:80
- --entrypoints.https.address=:443
- --certificatesresolvers.le.acme.email=mycool@mail.com
- --certificatesresolvers.le.acme.storage=/certificates/acme.json
- --certificatesresolvers.le.acme.tlschallenge=true
networks:
- traefik
volumes:
# the HTTPS certificates
traefik-public-certificates:
networks:
traefik:
external: true
Let’s Encrypt di Traefik
Whoami dengan Let’s Encrypt
version: "3.4"
services:
whoami:
image: containous/whoami
deploy:
labels:
- traefik.enable=true
- traefik.docker.network=traefik
- traefik.http.routers.whoami-http.rule=Host(`whoami.ipang.my.id`)
- traefik.http.routers.whoami-http.entrypoints=web
- traefik.http.routers.whoami-http.middlewares=https-redirect
- traefik.http.routers.whoami-https.rule=Host(`whoami.ipang.my.id`)
- traefik.http.routers.whoami-https.entrypoints=https
- traefik.http.routers.whoami-https.tls=true
- traefik.http.routers.whoami-https.tls.certresolver=le
- traefik.http.middlewares.https-redirect.redirectscheme.scheme=https
- traefik.http.middlewares.https-redirect.redirectscheme.permanent=true
- traefik.http.services.whoami.loadbalancer.server.port=80
networks:
- traefik
networks:
traefik:
external: true
Whoami HTTPS